Your message dated Fri, 23 Nov 2018 21:32:27 +0000 with message-id <E1gQJ3r-000IIU-Ti@fasolo.debian.org> and subject line Bug#909076: fixed in ghostscript 9.25~dfsg-0+deb9u1 has caused the Debian Bug report #909076, regarding ghostscript: ps2ascii crashes: Error: /typecheck in --.bind-- to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 909076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909076 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
- From: Mattia Rizzolo <mattia@debian.org>
- Date: Tue, 18 Sep 2018 09:58:10 +0200
- Message-id: <20180918075807.GB16571@mapreri.org>
Package: ghostscript Version: 9.20~dfsg-3.2+deb9u5 Severity: serious X-Debbugs-CC: team@security.debian.org, Moritz Mühlenhoff <jmm@debian.org>, reproducible-builds@lists.alioth.debian.org Control: affects -1 diffoscope Dear maintainer, after the latest ghostscript security update, ps2ascii started to crash: |% ps2ascii /build/diffoscope-101~bpo9+1/.pybuild/pythonX.Y_3.5/build/tests/data/test1.ps |Error: /typecheck in --.bind-- |Operand stack: | --nostringval-- false setshared true --dict:30/32(L)-- typecheck --nostringval-- currentglobal .currentglobal |Execution stack: | %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1998 2 3 %oparray_pop 1997 2 3 %oparray_pop 1981 2 3 %oparray_pop 1868 2 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- 2009 3 3 %oparray_pop --nostringval-- --nostringval-- --dict:1267/1684(G)-- --nostringval-- 1936 %dict_continue --nostringval-- 1974 9 4 %oparray_pop --nostringval-- |Dictionary stack: | --dict:1267/1684(G)-- --dict:0/20(G)-- --dict:81/200(L)-- --dict:1267/1684(G)-- |Current allocation mode is global |Current file position is 44643 |GPL Ghostscript 9.20: Unrecoverable error, exit code 1 Downgrading to 9.20~dfsg-3.2+deb9u4 shows the problem is limited to the latest update: |% ps2ascii /build/diffoscope-101~bpo9+1/.pybuild/pythonX.Y_3.5/build/tests/data/test1.ps | | |Today's date: February 28, 2016 | |1 This also causes diffoscope (both 78 in stretch and whatever is in stretch-backports at the moment) to FTBFS. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 909076-close@bugs.debian.org
- Subject: Bug#909076: fixed in ghostscript 9.25~dfsg-0+deb9u1
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 23 Nov 2018 21:32:27 +0000
- Message-id: <E1gQJ3r-000IIU-Ti@fasolo.debian.org>
Source: ghostscript Source-Version: 9.25~dfsg-0+deb9u1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 909076@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 08 Nov 2018 16:06:47 +0100 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source Version: 9.25~dfsg-0+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 909076 909929 910758 911175 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.25~dfsg-0+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * New upstream version 9.25~dfsg + Fixes regression using ps2ascii after fix for CVE-2018-17183 (Closes: #909076) + status operator honour SAFER option (CVE-2018-11645) * Drop patches applied upstream * Rebase 2001_docdir_fix_for_debian.patch for 9.25 * Rebase 2010_add_build_timestamp_setting.patch for 9.25 * Add patches cherry-picked upstream to fix execution issues. + Implement .currentoutputdevice operator + Change "executeonly" to throw typecheck on gstatetype and devicetype objects + Undefine some additional internal operators. + Fix handling of .needinput if used from interpreter + Ensure all errors are included from initialization + setundercolorremoval memory corruption + copydevice fails after stack device copies invalidated + add operand checking to .setnativefontmapbuilt + add object type check for AES key + Add parameter type checking on .bigstring + zparse_dsc_comments can crash with invalid dsc_state + Catch errors in setpagesize, .setpagesize and setpagedevice and cleanup + Catch errors and cleanup stack on statusdict page size definitions + Add parameter checking in setresolution + device subclass open_device call must return child code + fix DSC comment parsing in pdfwrite + Check all uses of dict_find* to ensure 0 return properly handled + permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite + Avoid overrunning non terminated string buffer. + Prevent SEGV in gs_setdevice_no_erase. + Fix uninitialised value for render_cond. + Hide the .needinput operator + filenameforall calls bad iodev with insufficent scratch + Improve hiding of security critical custom operators (CVE-2018-17961) (Closes: #911175) + Prevent SEGV after calling gs_image_class_1_simple. + don't push userdict in preparation for Type 1 fonts + add control over hiding error handlers. (Closes: #909929) + For hidden operators, pass a name object to error handler. (CVE-2018-17961) (Closes: #911175) + Explicitly exclude /unknownerror from the SAFERERRORLIST + don't include operator arrays in execstack output (CVE-2018-18073) (Closes: #910758) + Make .forceput unavailable from '.policyprocs' helper dictionary (CVE-2018-18284) (Closes: #911175) + .loadfontloop must be an operator (CVE-2018-17961) (Closes: #911175) + font parsing - prevent SEGV in .cffparse * openjpeg allocator must return NULL if size too large * debian/copyright: Refresh with version from 9.25~dfsg-5 * debian/libgs9.symbols: Update (and sync from 9.25~dfsg-5) for new version. Adjust version for errorexec_find@Base. * Fix cups get/put_params LeadingEdge logic (cf. #912664) * Avoid privacy breach linking documentation to jquery: + Add patch 2009 to use local jquery. + Add symlink from relative link to system-shared jquery library. + Have ghostscript-doc depend on libjs-jquery. * Avoid privacy breach linking documentation to font: + Avoid linking to remote fonts in documentation. * Avoid privacy breach linking documentation with Google: + Strip googletagmanager code from documentation. Checksums-Sha1: a910badd9afac7e88fe65995e792484b464e36c2 3045 ghostscript_9.25~dfsg-0+deb9u1.dsc 6801ed2321af28a60cad6b39da07813b9d4c8840 17577772 ghostscript_9.25~dfsg.orig.tar.xz cb221bbac610e0e8ca5341a645ebfdc32471c03b 133696 ghostscript_9.25~dfsg-0+deb9u1.debian.tar.xz Checksums-Sha256: 49fb3b6417caf26e4c8a5388fece0282c1b55b9e87a7b870ae1e5aaa750cae9d 3045 ghostscript_9.25~dfsg-0+deb9u1.dsc d35949fe5c4e827d9468f29d395dd05c273d2482c703259084c8aff0a0ca6d82 17577772 ghostscript_9.25~dfsg.orig.tar.xz 63fae22e1a4d94674f00fd6fad9dc18b349fd45c82c26466ee327ea089436e39 133696 ghostscript_9.25~dfsg-0+deb9u1.debian.tar.xz Files: 6aa5e0f4b8120b49bde3589a728bf2f5 3045 text optional ghostscript_9.25~dfsg-0+deb9u1.dsc f9b9532d6bf70b615824293e7557a623 17577772 text optional ghostscript_9.25~dfsg.orig.tar.xz 4a88adaa015a040acb87908693e5eb39 133696 text optional ghostscript_9.25~dfsg-0+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlvkUudfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQ0IP/2LPB0HQdlZSqNaZWOoG+SnMmPATFuqd pFU5w9rAC1vKV2EPfW1BHd0F6qPAJX00Af9IOpD69BDVGoqh53ogbnTCoV93LsHO d+7bbP979WaBK19VJvp7H7Jyu97Z1JXjymb8QokVJHXpnfJAHeg1EJKsv0w/11kg DUeKwusDLOl2AHgav+aP2R+WNpj9bIoNAuymwHBMBeAmUjFi8a6hHZ/e0uqRi7+r JHu7FYCmaEN7GQlSBOL6fLL/UVGDjYEdX+cfk6WgJ7i5c4bYNWVAhtQXsWddlV19 e+qnia0ju922Ph2elu8m6nSexZGkVt3pVRkaspPjPZlZBtzkLSP79P9CXrpnVCNI IB/BgbPyNFFdVGSx4xtEekn72PDKHrbegiGHhO95sVE0GSHujycPG21QQHygbrr+ tg6fJS51Z2m/4R2su/xe8kdrlCEXYOYneubT5zDKnwO+X4tss/KmJAnjF6BKBVZk lT3Hnjdi/uNMBNOh+RJAsdS58Rx8X//mablvkbi0K4AR26ZnJpjyg111OYcx1RiO oQxsbZ6V+QhNEiSP+GzSnmVIrGSB8EeBfqR9hlvtD8SjmzwLE6t22i3KEPs6uIbd e4OCJN6oO9jOdbcGyGkb/tt1Sc2bY1P9IZ6OllRAp6HVPsyszJb2YhBPvQlqPN1N gcrlUrbrNvBR =AedW -----END PGP SIGNATURE-----
--- End Message ---