Sync from SUSE:ALP:Source:Standard:1.0 ghostscript revision f82b36c31d020d2ecbd3e59ecb1c2b30

ghostscript.changes

@@ -1,3 +1,77 @@
+-------------------------------------------------------------------
+Mon Jul  1 11:56:34 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.03.1:
+  Highlights in this release include:
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
+  * Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
+    CVE-2024-33871 and CVE-2024-29510
+- Regarding CVE-2024-33869 see bsc#1226946 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
+  https://bugs.ghostscript.com/show_bug.cgi?id=707691
+- Regarding CVE-2023-52722 see bsc#1223852 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
+- Regarding CVE-2024-33870 see bsc#1226944 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
+  https://bugs.ghostscript.com/show_bug.cgi?id=707686
+- Regarding CVE-2024-33871 see bsc#1225491 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
+- Regarding CVE-2024-29510 see bsc#1226945 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
+
+-------------------------------------------------------------------
+Tue Mar 26 08:21:08 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.03.0:
+  For openSUSE and SUSE Ghostscript is built '--without-tesseract'
+  (see the entry below dated 'Mon Jul 18 07:28:54 UTC 2022').
+  Highlights in this release include:
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.03.0/News.html
+  * As of this release (10.03.0) pdfwrite creates PDF files
+    with XRef streams and ObjStm streams. This can result in
+    considerably smaller PDF output files. See Vector Devices
+    https://ghostscript.readthedocs.io/en/latest/VectorDevices.html
+    for more details.
+  * Ghostscript/pdfwrite now supports passing through
+    PDF "Optional Content".
+  * Our efforts in code hygiene and maintainability continue.
+  * The usual round of bug fixes, compatibility changes,
+    and incremental improvements.
+  Incompatible changes (the release is listed in parentheses):
+  * (10.03.0) Almost all the "internal" PostScript procedures
+    defined during the interpreter startup are now "executeonly",
+    further reducing the attack surface of the interpreter.
+    The nature of these procedures means there should be no impact
+    for legitimate usage, but it is possible it will impact uses
+    which abuse the previous accessibility (even for legitimate
+    reasons). Such cases may now require "DELAYBIND", See DELAYBIND
+    https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind
+  * (10.03.0) The "makeimagedevice" non-standard operator has been
+    removed. It allowed low level access to the graphics library
+    in a way that was, essentially impossible to secure.
+  * (10.03.0) The "putdeviceprops", "getdeviceprops",
+    "finddevice", "copydevice", "findprotodevice" non-standard
+    operators have all been removed. They provided functionality
+    that is either accessible through standard operators,
+    or should not be used by user PostScript.
+  * (10.03.0) The process of "tidying" the PostScript namespace
+    should have removed only non-standard and undocumented
+    operators. Nevertheless, it is possible that any integrations
+    or utilities that rely on those non-standard and undocumented
+    operators may stop working or may change behaviour.
+  If you encounter such a case, please contact us
+  (Discord https://discord.gg/H9GXKwyPvY
+   #ghostscript IRC channel https://web.libera.chat/#ghostscript
+   or the gs-devel mailing list
+   https://www.ghostscript.com/mailman/index.html would be best),
+  but remember that free versions of Ghostscript
+  come with with NO WARRANTY and NO SUPPORT.
+- Ghostscript 10.03.0 contains the fix to build with GCC 14
+  (boo#1221687)
+
 -------------------------------------------------------------------
 Tue Feb 27 10:59:43 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 

ghostscript.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package ghostscript
+# spec file
 #
 # Copyright (c) 2024 SUSE LLC
 #
@@ -24,13 +24,19 @@
 %bcond_without  apparmor
 %endif
 Name:           ghostscript%{psuffix}
-Version:        10.02.1
+Version:        10.03.1
 Release:        0
 Summary:        The Ghostscript interpreter for PostScript and PDF
 License:        AGPL-3.0-only
 Group:          Productivity/Office/Other
 URL:            https://www.ghostscript.com/
-Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10021/ghostscript-%{version}.tar.xz
+# How to manually get Source0:
+# Go to https://www.ghostscript.com
+# -> "The current Ghostscript release 10.03.1 can be downloaded here" https://www.ghostscript.com/releases/index.html
+# -> "Ghostscript" https://www.ghostscript.com/releases/gsdnld.html
+# -> "Ghostscript 10.03.1 Source for all platforms / GNU Affero General Public License" = "Ghostscript AGPL Release"
+# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
 Source10:       apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
 # Source10...Source99 is for sources from SUSE which are intended for upstream: