Update changelog... again

1 files changed, 130 insertions, 0 deletions

diff --git a/doc/History9.htm b/doc/History9.htm
index 21e330cee..60037144b 100644
--- a/doc/History9.htm
+++ b/doc/History9.htm
@@ -166,6 +166,136 @@ please visit <a href="http://bugs.ghostscript.com/">bugs.ghostscript.com</a>.
 </li>
 </ul>
 <h3><a name="9.24_changelog"></a>Changelog</h3>
+<p><strong>2018-09-01 17:50:05 +0100
+</strong>
+<br>Chris Liddell &lt;chris.liddell@artifex.com&gt;<br>
+<a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=07da47959687c1e6a112ad746929ef66e82b5aa9">07da47959687c1e6a112ad746929ef66e82b5aa9</a>
+<blockquote>
+<p>
+    Bug 699658(related): Move recording of temp file names into C<br>
+<br>
+    When we successfully create a temporary file from Postscript, either doing so<br>
+    when SAFER is not in force, or when SAFER is in force, and creating it in<br>
+    a write permitted directory, we record the file name so we can later delete<br>
+    the file, even is SAFER has been engaged, or if the PermitWriting list has<br>
+    changed to no longer the directory in question.<br>
+<br>
+    Previously the recording of the name was done in Postscript, even though the<br>
+    checking was done in C.<br>
+<br>
+    This moves the recording of the names to C, meaning we can remove the Postscript<br>
+    redefinitions of .tempfile and deletfile, and make the dictionary in question<br>
+    noaccess.<br>
+<br>
+    Also, tidy up the adding of the temporary file directory to the list of<br>
+    permitted directories, and include the list in all of the categories<br>
+    (PermitFileWriting, PermitFileReading and PermitFileControl) - it was only<br>
+    previously adding to writing.<br>
+<br>
+Resource/Init/gs_init.ps<br>
+psi/int.mak<br>
+psi/zfile.c<br>
+<p>
+</blockquote>
+<hr>
+<p><strong>2018-08-31 15:57:55 +0100
+</strong>
+<br>Chris Liddell &lt;chris.liddell@artifex.com&gt;<br>
+<a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d8cfd2e7e1000f644afcaca2f196cb6d494049b8">d8cfd2e7e1000f644afcaca2f196cb6d494049b8</a>
+<blockquote>
+<p>
+    Bug 699693: Fix FAPI handling of multibyte Unicode code point<br>
+<br>
+    The original code worked for one byte code points, and for the case there the<br>
+    original character code and Unicode value both had the same number of bytes,<br>
+    but was totally wrong if the the two were different.<br>
+<br>
+psi/zfapi.c<br>
+<p>
+</blockquote>
+<hr>
+<p><strong>2018-09-01 11:28:06 +0100
+</strong>
+<br>Ken Sharp &lt;ken.sharp@artifex.com&gt;<br>
+<a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5993c537ae035b2396da5189fd985006627a478">a5993c537ae035b2396da5189fd985006627a478</a>
+<blockquote>
+<p>
+    Bug #699687 &quot;grestore can bypass SAFER&quot;<br>
+<br>
+    The code in z2grestore (part of the level 2 restore machinery) in<br>
+    ghostpdl/psi/zdevice2.c sets the device's LockSafetyParams to false, and<br>
+    according to the comments there relies on putdeviceparams setting<br>
+    the flag back when the old device is re-instated.<br>
+<br>
+    However, if we have corrupted any part of the device's content, then<br>
+    its possible to exit putdeviceparams, in one place only, without<br>
+    setting LockSafetyParams. Here we simply add an explicit reset of the<br>
+    value even in the case of an error setting the new device.<br>
+<br>
+base/gsdparam.c<br>
+<p>
+</blockquote>
+<hr>
+<p><strong>2018-09-01 09:28:08 +0100
+</strong>
+<br>Ken Sharp &lt;ken.sharp@artifex.com&gt;<br>
+<a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=21b27dc55b493564006c91326a5ddc636cf88563">21b27dc55b493564006c91326a5ddc636cf88563</a>
+<blockquote>
+<p>
+    Bug 699677 &quot;.bindnow still causing side effects&quot;<br>
+<br>
+    In fact, its nothing to do with .bindnow. That simply modifies the exec<br>
+    stack in a way which makes the problem exhibit.<br>
+<br>
+    setcustomcolor should really check its operands. because it doens't, it<br>
+    creates a tint transform function which tries to mulitply a number by<br>
+    (in this case) a name. This throws an error of course.<br>
+<br>
+    The problem is that the code to sample the tint transform function<br>
+    didn't deal properly with the case where the PostScript function throws<br>
+    an error. In that case it properly exits the code which executes the<br>
+    function, but it fails to unwind the exec stack.<br>
+<br>
+    This leads to use trying to complete the function, using the enumerator,<br>
+    which has been stored on the exec stack. Because we didn't clean up the<br>
+    exec stack, what we retrieve isn't an enumerator. This causes us to try<br>
+    to access invalid memory and can result in a crash.<br>
+<br>
+    So, several steps. Firstly have the sampling code properly handle the<br>
+    error and restore the exec stack. Secondly, have the setcolorspace code<br>
+    be prepared to accept a NULL returned from the sampling code and treat<br>
+    that as an error (and also fix a similar exec stack problem in the<br>
+    setcolorspace code). Finally; have setcustomcolor validate its operands.<br>
+<br>
+Resource/Init/gs_lev2.ps<br>
+psi/zcolor.c<br>
+psi/zfsample.c<br>
+<p>
+</blockquote>
+<hr>
+<p><strong>2018-08-29 09:30:19 -0700
+</strong>
+<br>Ray Johnston &lt;ray.johnston@artifex.com&gt;<br>
+<a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=91d6bc4d3e3865388ede3bcd4e84bbb8787b78e4">91d6bc4d3e3865388ede3bcd4e84bbb8787b78e4</a>
+<blockquote>
+<p>
+    Fix for security issues found during internal security audit<br>
+<br>
+    While most of the invocations of .forceput and related operators were<br>
+    &quot;protected&quot; by being within &quot;executeonly&quot; procedures, several had crept<br>
+    in that did not make sure that the operator was hidden in a procedure<br>
+    that could not be read.<br>
+<br>
+Resource/Init/gs_dps.ps<br>
+Resource/Init/gs_fntem.ps<br>
+Resource/Init/gs_init.ps<br>
+Resource/Init/gs_lev2.ps<br>
+Resource/Init/gs_pdfwr.ps<br>
+Resource/Init/gs_setpd.ps<br>
+Resource/Init/gs_typ32.ps<br>
+<p>
+</blockquote>
+<hr>
 <p><strong>2018-08-30 15:07:33 +0100
 </strong>
 <br>Chris Liddell &lt;chris.liddell@artifex.com&gt;<br>