gs-2.6.1pl4-5 (ghostscript) released w/security patch
-----BEGIN PGP SIGNED MESSAGE-----
I just uploaded package revision five of ghostscript 2.61pl4. It fixes a
security hole when "-DSAFER" is used to prevent file manipulation;
therefore users should upgrade as soon as possible.
I'd like another of the package developers to review the patch for
effectiveness. The patch was applied to a postscript file, so you should
have at least some knowledge of postscript.
The package now complies with the "REQUIRES: xlibraries" scheme for
programs with X11 interfaces. Furthermore, I've replaced "gs_x",
"gs_svga" and "gs_both" with a single binary package, "gs", which
requires both svgalib and xlibraries. Let me know if this poses a
problem.
Here are the changelog entry and vital statistics:
gs-2.6.1pl4-4 to gs-2.6.1pl4-5 priority=URGENT 29 August 1995
* gs_init.ps: Added security patch to fix holes in -DSAFER mode.
* debian.control: Added extended description. Package now depends
on xlibraries and svgalib. Package (gs) now conflicts with older
incarnations (gs_x, gs_svga, gs_both).
* Due to new policy on programs with x11/non-x11 interfaces
depending on x11 shared libraries, which comprise a separate
package, I decided to merge the three ghostscript binary packages
(gs_svga, gs_both, gs_x) into a single package, gs. After all,
the svgalib files don't take up that much disk space (~480K)
compared to that consumed by ghostscript and its associated
fonts. This will greatly simplify things for users.
94eca12f05ecaa0a308b1aee37e67268 ghostscript-2.6.1pl4-5.diff.gz
a785077e8b8b75e69648d0e35d09db8e gs-2.6.1pl4-5.deb
4b0da3b07037b99f302dae0303e972c5 ghostscript-2.6.1pl4-5.tar.gz
34184 Aug 29 08:36 ghostscript-2.6.1pl4-5.diff.gz
1014520 Aug 28 23:41 ghostscript-2.6.1pl4-5.tar.gz
493575 Aug 28 23:41 gs-2.6.1pl4-5.deb
Please let me know if you find any problems.
- -- Ted Hajek --
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp, a Pine/PGP interface.
iQCVAwUBMEMh72ER8wPxPPqxAQGx5wQAg+Urv7+baGuHb7wcFiZ2yL+vkjJIn9n+
OH/uRSUFJRMxT1sZLx++mB5iKZLMHGM2zA/qGQPoTJX9jPegeH6XBVwAi4p9+H1a
Yj7BVqU8WF3mx5YvxhL47kh2gy1YOvscK9KHffWlH3ZzCrdeSZl7oo8MuzfwsHXu
a3OCbxMl0Gk=
=v7Jw
-----END PGP SIGNATURE-----
Reply to: