2024-11-12 15:40:34 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Oct 30 12:27:04 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024"
|
|
|
|
by adding the individual "bsc" numbers for each CVE, see
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4
|
|
|
|
and by adding the "IMPORTANT" change in Ghostscript 10.04.0
|
|
|
|
- spec file cleanup: removed the special cases for SLE12
|
|
|
|
i.e. rely on "suse_version >= 1500" as given precondition
|
|
|
|
(recent Ghostscript versions fail to build in SLE12 anyway)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Oct 23 08:54:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- Version upgrade to 10.04.0 (bsc#1232173):
|
|
|
|
Highlights in this release include:
|
|
|
|
See 'Recent Changes in Ghostscript' at Ghostscript upstream
|
|
|
|
https://ghostscript.readthedocs.io/en/gs10.04.0/News.html
|
|
|
|
* This release addresses:
|
|
|
|
+ CVE-2024-46951 (bsc#1232265)
|
|
|
|
+ CVE-2024-46952 (bsc#1232266)
|
|
|
|
+ CVE-2024-46953 (bsc#1232267)
|
|
|
|
+ CVE-2024-46954 (bsc#1232268)
|
|
|
|
+ CVE-2024-46955 (bsc#1232269)
|
|
|
|
+ CVE-2024-46956 (bsc#1232270)
|
|
|
|
* IMPORTANT: In this release (10.04.0)
|
|
|
|
we (i.e. Ghostscript upstream) have be added
|
|
|
|
protection for device selection from PostScript input.
|
|
|
|
This will mean that, by default, only the device specified
|
|
|
|
on the command line will be permitted. Similar to the file
|
|
|
|
permissions, there will be a "--permit-devices=" allowing
|
|
|
|
a comma separation list of allowed devices. This will also
|
|
|
|
take a single wildcard "*" allowing any device.
|
|
|
|
Any application which relies on allowing PostScript
|
|
|
|
to change devices during a job will have to be aware,
|
|
|
|
and take action to deal with this change.
|
|
|
|
The exception is "nulldevice", switching to that requires
|
|
|
|
no special action.
|
|
|
|
|
2024-07-22 17:01:24 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jul 1 11:56:34 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- Version upgrade to 10.03.1:
|
|
|
|
Highlights in this release include:
|
|
|
|
See 'Recent Changes in Ghostscript' at Ghostscript upstream
|
|
|
|
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
|
|
|
|
* Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
|
|
|
|
CVE-2024-33871 and CVE-2024-29510
|
|
|
|
- Regarding CVE-2024-33869 see bsc#1226946 and
|
|
|
|
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
|
|
|
|
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=707691
|
|
|
|
- Regarding CVE-2023-52722 see bsc#1223852 and
|
|
|
|
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
|
|
|
|
- Regarding CVE-2024-33870 see bsc#1226944 and
|
|
|
|
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=707686
|
|
|
|
- Regarding CVE-2024-33871 see bsc#1225491 and
|
|
|
|
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
|
|
|
|
- Regarding CVE-2024-29510 see bsc#1226945 and
|
|
|
|
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Mar 26 08:21:08 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- Version upgrade to 10.03.0:
|
|
|
|
For openSUSE and SUSE Ghostscript is built '--without-tesseract'
|
|
|
|
(see the entry below dated 'Mon Jul 18 07:28:54 UTC 2022').
|
|
|
|
Highlights in this release include:
|
|
|
|
See 'Recent Changes in Ghostscript' at Ghostscript upstream
|
|
|
|
https://ghostscript.readthedocs.io/en/gs10.03.0/News.html
|
|
|
|
* As of this release (10.03.0) pdfwrite creates PDF files
|
|
|
|
with XRef streams and ObjStm streams. This can result in
|
|
|
|
considerably smaller PDF output files. See Vector Devices
|
|
|
|
https://ghostscript.readthedocs.io/en/latest/VectorDevices.html
|
|
|
|
for more details.
|
|
|
|
* Ghostscript/pdfwrite now supports passing through
|
|
|
|
PDF "Optional Content".
|
|
|
|
* Our efforts in code hygiene and maintainability continue.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
Incompatible changes (the release is listed in parentheses):
|
|
|
|
* (10.03.0) Almost all the "internal" PostScript procedures
|
|
|
|
defined during the interpreter startup are now "executeonly",
|
|
|
|
further reducing the attack surface of the interpreter.
|
|
|
|
The nature of these procedures means there should be no impact
|
|
|
|
for legitimate usage, but it is possible it will impact uses
|
|
|
|
which abuse the previous accessibility (even for legitimate
|
|
|
|
reasons). Such cases may now require "DELAYBIND", See DELAYBIND
|
|
|
|
https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind
|
|
|
|
* (10.03.0) The "makeimagedevice" non-standard operator has been
|
|
|
|
removed. It allowed low level access to the graphics library
|
|
|
|
in a way that was, essentially impossible to secure.
|
|
|
|
* (10.03.0) The "putdeviceprops", "getdeviceprops",
|
|
|
|
"finddevice", "copydevice", "findprotodevice" non-standard
|
|
|
|
operators have all been removed. They provided functionality
|
|
|
|
that is either accessible through standard operators,
|
|
|
|
or should not be used by user PostScript.
|
|
|
|
* (10.03.0) The process of "tidying" the PostScript namespace
|
|
|
|
should have removed only non-standard and undocumented
|
|
|
|
operators. Nevertheless, it is possible that any integrations
|
|
|
|
or utilities that rely on those non-standard and undocumented
|
|
|
|
operators may stop working or may change behaviour.
|
|
|
|
If you encounter such a case, please contact us
|
|
|
|
(Discord https://discord.gg/H9GXKwyPvY
|
|
|
|
#ghostscript IRC channel https://web.libera.chat/#ghostscript
|
|
|
|
or the gs-devel mailing list
|
|
|
|
https://www.ghostscript.com/mailman/index.html would be best),
|
|
|
|
but remember that free versions of Ghostscript
|
|
|
|
come with with NO WARRANTY and NO SUPPORT.
|
|
|
|
- Ghostscript 10.03.0 contains the fix to build with GCC 14
|
|
|
|
(boo#1221687)
|
|
|
|
|
2024-05-03 12:50:12 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Feb 27 10:59:43 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
|
|
|
|
- Use %patch -P N instead of deprecated %patchN.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Feb 22 09:07:33 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
|
|
|
|
- Allow to disable apparmor support (ALP supports only SELinux)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Jan 28 10:39:57 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- update to 10.02.1:
|
|
|
|
* Patch release to address some security bugs
|
|
|
|
* This release (10.02.0) marks the final demise of the
|
|
|
|
PostScript based PDF interpreter.
|
|
|
|
* This 10.01.1 release removes the "-dNEWPDF=false" command
|
|
|
|
line option to fall back to the deprecated, old PDF
|
|
|
|
interpreter.
|
|
|
|
* This 10.01.0 release removes the "-dNEWPDF=false" command
|
|
|
|
line option to fall back to the deprecated, old PDF
|
|
|
|
interpreter.
|
|
|
|
* This release officially deprecates the old Postscript
|
|
|
|
implementation of PDF, we will not be updating or maintaining
|
|
|
|
that code moving forward. The option to use the old PDF
|
|
|
|
implementation _**will**_ be removed in the next full release
|
|
|
|
(10.01.0)
|
|
|
|
* Important: This release includes the new PDF interpreter
|
|
|
|
(implemented in C rather than PostScript). It is both
|
|
|
|
integrated into Ghostscript (now ENABLED by default), and
|
|
|
|
available as a standalone, PDF only, binary. See
|
|
|
|
https://ghostscript.com/pdfi.html for more details.
|
|
|
|
* This also bundles the latest zlib (1.2.12) which addresses a
|
|
|
|
security issue (CVE-2018-25032)
|
|
|
|
* **Important**: This release includes the new PDF interpreter
|
|
|
|
(implemented in C rather than PostScript). It is both
|
|
|
|
integrated into Ghostscript (now **ENABLED** by default), and
|
|
|
|
available as a standalone, PDF only, binary. See
|
|
|
|
https://ghostscript.com/pdfi.html for more details.
|
|
|
|
- drop CVE-2023-28879.patch, CVE-2023-36664.patch,
|
|
|
|
CVE-2023-38559.patch, CVE-2023-43115.patch,
|
|
|
|
CVE-2023-46751.patch: upstream
|
|
|
|
- drop remove-zlib-h-dependency.patch: unused
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Jan 3 12:15:46 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- CVE-2023-46751.patch is
|
|
|
|
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
|
|
|
|
adapted for Ghostscript-9.56.1 that fixes
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=707264
|
|
|
|
which includes a fix for CVE-2023-46751
|
|
|
|
"dangling pointer in gdev_prn_open_printer_seekable()"
|
|
|
|
(bsc#1217871)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Dec 18 12:50:20 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
|
|
|
|
- Recommend cups-filters only when cups is present.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Sep 20 06:23:44 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- CVE-2023-43115.patch is
|
|
|
|
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
|
|
|
|
that fixes CVE-2023-43115 "remote code execution
|
|
|
|
via crafted PostScript documents in gdevijs.c"
|
|
|
|
see https://bugs.ghostscript.com/show_bug.cgi?id=707051
|
|
|
|
(bsc#1215466)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Jul 26 09:35:33 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- CVE-2023-38559.patch fixes CVE-2023-38559
|
|
|
|
"out of bounds read devn_pcx_write_rle() could result in DoS"
|
|
|
|
see bsc#1213637
|
|
|
|
and https://bugs.ghostscript.com/show_bug.cgi?id=706897
|
|
|
|
which is in base/gdevdevn.c the same issue
|
|
|
|
"ordering in if expression to avoid out-of-bounds access"
|
|
|
|
as the already fixed CVE-2020-16305 in devices/gdevpcx.c
|
|
|
|
see https://bugs.ghostscript.com/show_bug.cgi?id=701819
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jul 4 06:16:33 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- CVE-2023-36664.patch fixes CVE-2023-36664
|
|
|
|
see https://bugs.ghostscript.com/show_bug.cgi?id=706761
|
|
|
|
"OS command injection in %pipe% access"
|
|
|
|
and https://bugs.ghostscript.com/show_bug.cgi?id=706778
|
|
|
|
"%pipe% allowed_path bypass"
|
|
|
|
and bsc#1212711
|
|
|
|
"permission validation mishandling for pipe devices
|
|
|
|
(with the %pipe% prefix or the | pipe character prefix)"
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 26 19:08:09 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
- Replace BuildRequire on xorg-x11-devel by pkgconfig(...)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Apr 11 09:09:56 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
|
|
|
|
|
|
|
|
- CVE-2023-28879.patch fixes CVE-2023-28879
|
|
|
|
Buffer Overflow in s_xBCPE_process
|
|
|
|
cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
|
|
|
|
(bsc#1210062)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jul 18 07:28:54 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- update to 9.56.1:
|
|
|
|
Highlights in this release include
|
|
|
|
(excerpts from the Ghostscript upstream release summary
|
|
|
|
in https://ghostscript.com/docs/9.56.1/News.htm):
|
|
|
|
* New PDF Interpreter: This is an entirely new implementation
|
|
|
|
written in C (rather than PostScript, as before)
|
|
|
|
* Calling Ghostscript via the GS API is now thread safe. The one
|
|
|
|
limitation is that the X11 devices for Unix-like systems (x11,
|
|
|
|
x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2,
|
|
|
|
x11gray4 and x11mono) cannot be made thread safe, due to their
|
|
|
|
interaction with the X11 server, those devices have been
|
|
|
|
modified to only allow one instance in an executable.
|
|
|
|
* The PSD output device now writes ICC profiles to their output
|
|
|
|
files, for improved color fidelity.
|
|
|
|
* Our efforts in code hygiene and maintainability continue.
|
|
|
|
* The usual round of bug fixes, compatibility changes, and
|
|
|
|
incremental improvements.
|
|
|
|
* We have added the capability to build with the Tesseract OCR
|
|
|
|
engine. In such a build, new devices are available
|
|
|
|
(pdfocr8/pdfocr24/pdfocr32) which render the output file to an
|
|
|
|
image, OCR that image, and output the image "wrapped" up as a
|
|
|
|
PDF file, with the OCR generated text information included
|
|
|
|
as "invisible" text (in PDF terms, text rendering mode 3).
|
|
|
|
Mainly due to time constraints, we only support including
|
|
|
|
Tesseract from source included in our release packages,
|
|
|
|
and not linking to Tesseract/Leptonica shared libraries.
|
|
|
|
Whether we add this capability will be largely dependent
|
|
|
|
on community demand for the feature. See Enabling OCR
|
|
|
|
at https://www.ghostscript.com/ocr.html for more details.
|
|
|
|
For a release summary see:
|
|
|
|
https://www.ghostscript.com/doc/9.54.0/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- Configure --without-tesseract because this requires C++ (it
|
|
|
|
might be added if Tesseract support in Ghostscript is needed).
|
|
|
|
- Drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jul 18 06:38:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- Use _multibuild
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 13 11:12:39 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- Use system zlib (bsc#1198449)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Apr 7 08:14:51 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
|
|
|
|
|
|
|
|
- Do no longer require apparmor-abstractions, it is not mandatory
|
|
|
|
to use Ghostscript (bsc#1134289).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jan 11 13:40:10 CET 2022 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2021-45949.patch fixes CVE-2021-45949
|
|
|
|
heap-based buffer overflow in sampled_data_finish
|
|
|
|
cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
|
|
|
|
(bsc#1194304)
|
|
|
|
- CVE-2021-45944 use-after-free in sampled_data_sample
|
|
|
|
is already fixed in the Ghostscript 9.54.0 upstream sources
|
|
|
|
(bsc#1194303)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Sep 10 09:37:46 CEST 2021 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2021-3781.patch fixes CVE-2021-3781
|
|
|
|
Trivial -dSAFER bypass
|
|
|
|
cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
|
|
|
|
(bsc#1190381)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri May 21 13:40:56 CEST 2021 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.54.0
|
|
|
|
Highlights in this release include
|
|
|
|
(excerpts from the Ghostscript upstream release summary
|
|
|
|
in https://www.ghostscript.com/doc/9.54.0/News.htm):
|
|
|
|
* The 9.54.0 release is a maintenance release,
|
|
|
|
and also adds new functionality.
|
|
|
|
* Overprint simulation is now available to all output devices,
|
|
|
|
allowing quality previewing/proofing of PostScript and
|
|
|
|
PDF jobs that rely on overprint. See the -dOverprint option
|
|
|
|
documentation in: doc/9.54.0/Use.htm#Overprint
|
|
|
|
* The "docxwrite" device adds the ability to output
|
|
|
|
to Microsoft Word "docx" format.
|
|
|
|
See: doc/9.54.0/VectorDevices.htm#DOCX
|
|
|
|
* The pdfwrite device is now capable of using the Tesseract OCR
|
|
|
|
engine when it is built into Ghostscript to improve
|
|
|
|
searchability and copy and paste functionality when the input
|
|
|
|
lacks the metadata for that purpose.
|
|
|
|
See: doc/9.54.0/VectorDevices.htm#UseOCR
|
|
|
|
* Ghostscript/GhostPDL now includes a "map text to black"
|
|
|
|
function, where text drawn by an input job (except when drawn
|
|
|
|
using a Type 3 font) can be forced to draw in solid black.
|
|
|
|
See: doc/9.54.0/Use.htm#BlackText
|
|
|
|
* Ghostscript/GhostPDL now supports simple N-up imposition
|
|
|
|
"internally". See: doc/9.54.0/Use.htm#NupControl
|
|
|
|
* Our efforts in code hygiene and maintainability continue.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
* For a list of open issues, or to report problems, please visit
|
|
|
|
bugs.ghostscript.com
|
|
|
|
For a release summary see:
|
|
|
|
https://www.ghostscript.com/doc/9.54.0/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer
|
|
|
|
needed because it is fixed in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 14 11:56:22 UTC 2021 - Wolfgang Frisch <wolfgang.frisch@suse.com>
|
|
|
|
|
|
|
|
- Hardening: compile with PIC, link as PIE
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
|
|
|
|
- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
|
|
|
|
fixes compilation with FreeType 2.10.3+
|
|
|
|
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
|
|
|
|
c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 20 16:03:48 CEST 2020 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.53.3
|
|
|
|
Highlights in this release include
|
|
|
|
(excerpts from the Ghostscript upstream release summary
|
|
|
|
in https://www.ghostscript.com/doc/9.53.3/News.htm):
|
|
|
|
* The 9.53.3 release is primarily maintenance.
|
|
|
|
* Issues arose with 9.53.0/1/2 that prompted the release
|
|
|
|
of a .3 patch:
|
|
|
|
A crash related to management of ICC profile objects.
|
|
|
|
A parameter type mismatch that would cause Ghostscript
|
|
|
|
to error out during initialisation, which
|
|
|
|
affected 64 big, big endian architectures.
|
|
|
|
An unexpected side effect of another change that prevented
|
|
|
|
multithreaded rendering and background rendering
|
|
|
|
from working correctly.
|
|
|
|
* The most obvious change is the (re-)introduction of the
|
|
|
|
patch level to the version number, this helps facilitate
|
|
|
|
a revised policy on handling security related issues.
|
|
|
|
To clarify: in the event we decide to release a patch revision,
|
|
|
|
it will replace the release with the previous patch number.
|
|
|
|
Release notes, highlights and warnings will remain the same,
|
|
|
|
except for the addition of whatever fix(es) prompted the patch.
|
|
|
|
* Our efforts in code hygiene and maintainability continue.
|
|
|
|
* We have added Python bindings for the gsapi interface, can be
|
|
|
|
found in demos/python. These are experimental, and we welcome
|
|
|
|
feedback from interested developers.
|
|
|
|
* For those integrating Ghostscript/GhostPDL via the gsapi
|
|
|
|
interface, we have added new capabilities to that, specifically
|
|
|
|
in terms of setting and interrogating device parameters. These,
|
|
|
|
along with the existing interface calls, are documented in:
|
|
|
|
Ghostscript Interpreter API at
|
|
|
|
https://www.ghostscript.com/doc/9.53.3/API.htm
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
* For a list of open issues, or to report problems, please visit
|
|
|
|
bugs.ghostscript.com
|
|
|
|
Incompatible changes:
|
|
|
|
* As of 9.53.0, we have (re-)introduced the patch level to the
|
|
|
|
version number, this helps facilitate a revised policy
|
|
|
|
on handling security related issues.
|
|
|
|
Note for GSView Users: The patch level addition breaks
|
|
|
|
GSView 5 (it is hardcoded to check for versions 704-999).
|
|
|
|
It is possible, but not guaranteed that a GSView update might
|
|
|
|
be forthcoming to resolve this.
|
|
|
|
For a release summary see:
|
|
|
|
https://www.ghostscript.com/doc/9.53.3/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- CVE-2020-15900.patch is no longer needed
|
|
|
|
because it is fixed in the upstream sources.
|
|
|
|
- Ghostscript 9.53.3 fixes in particular txtwrite memory issues
|
|
|
|
(boo#1177922).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption
|
|
|
|
cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
|
|
|
|
(bsc#1174415)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- The version upgrade to 9.52 fixes in particular
|
|
|
|
CVE-2020-12268: jbic2dec: heap-based buffer overflow
|
|
|
|
in jbig2_image_compose (bsc#1170603)
|
|
|
|
- Version upgrade to 9.52
|
|
|
|
Highlights in this release include:
|
|
|
|
* The 9.52 release replaces the 9.51 release after a problem
|
|
|
|
was reported with 9.51 which warranted the quick turnaround.
|
|
|
|
Thus, like 9.51, 9.52 is primarily a maintenance release,
|
|
|
|
consolidating the changes we introduced in 9.50.
|
|
|
|
* IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt
|
|
|
|
(the "mt" indicating "multi-thread").
|
|
|
|
LCMS2 is not thread-safe, and cannot be made thread-safe
|
|
|
|
without breaking the ABI. Our fork will be thread-safe and
|
|
|
|
include performance enhancements (these changes have all
|
|
|
|
been offered and rejected upstream). We will maintain
|
|
|
|
compatibility between Ghostscript and LCMS2 for a time,
|
|
|
|
but not in perpetuity. If there is sufficient interest,
|
|
|
|
our fork will be available as its own package separately
|
|
|
|
from Ghostscript (and MuPDF).
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
Incompatible changes:
|
|
|
|
* New option -dALLOWPSTRANSPARENCY: The transparency compositor
|
|
|
|
(and related features), whilst we are improving it, remains
|
|
|
|
sensitive to being driven correctly, and incorrect use
|
|
|
|
can have unexpected/undefined results. Hence, as part of
|
|
|
|
improving security, we limited access to these operators,
|
|
|
|
originally using the -dSAFER feature. As we made "SAFER"
|
|
|
|
the default mode, that became unacceptable, hence the
|
|
|
|
new option -dALLOWPSTRANSPARENCY which enables access
|
|
|
|
to the operators, cf.
|
|
|
|
https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY
|
|
|
|
For a release summary see:
|
|
|
|
https://www.ghostscript.com/doc/9.52/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- Version upgrade to 9.51
|
|
|
|
Highlights in this release include:
|
|
|
|
* 9.51 is primarily a maintainance release, consolidating
|
|
|
|
the changes we introduced in 9.50.
|
|
|
|
* We have continued our work on code hygiene for this release,
|
|
|
|
with a focus on the static analysis tool Coverity
|
|
|
|
(from Synopsys, Inc) and we are now maintaining a policy of
|
|
|
|
zero Coverity issues in the Ghostscript/GhostPDL source base.
|
|
|
|
* IMPORTANT: In consultation with a representative of
|
|
|
|
OpenPrinting (http://www.openprinting.org/) it is our
|
|
|
|
intention to deprecate and, in the not distant future,
|
|
|
|
remove the OpenPrinting Vector/Raster Printer Drivers
|
|
|
|
(that is, the opvp and oprp devices).
|
|
|
|
If you rely on either of these devices, please get in touch
|
|
|
|
with us (i.e. Ghostscript upstream), so we can discuss your
|
|
|
|
use case, and revise our plans accordingly.
|
|
|
|
* We (i.e. Ghostscript upstream) are in the process of forking
|
|
|
|
LittleCMS, cf. the other release notes entries below.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
For a release summary see:
|
|
|
|
https://www.ghostscript.com/doc/9.51/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- Version upgrade to 9.50
|
|
|
|
Highlights in this release include:
|
|
|
|
* The change to version 9.50 follows recognition
|
|
|
|
of the extent and importance of the file access control
|
|
|
|
redesign/reimplementation outlined below.
|
|
|
|
* The file access control capability (enable with -dSAFER)
|
|
|
|
has been completely rewritten, with a ground-up rethink
|
|
|
|
of the design. For more details, see: "SAFER" at
|
|
|
|
https://www.ghostscript.com/doc/9.50/Use.htm#Safer
|
|
|
|
* It is important to note that -dSAFER now only enables the
|
|
|
|
file access controls, and no longer applies restrictions
|
|
|
|
to standard Postscript functionality (specifically,
|
|
|
|
restrictions on setpagedevice). If your application relies
|
|
|
|
on these Postscript restrictions, see "OLDSAFER" at
|
|
|
|
https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer
|
|
|
|
and please get in touch, as we do plan to remove those
|
|
|
|
Postscript restrictions unless we have reason not to.
|
|
|
|
IMPORTANT: File access controls are now enabled by default.
|
|
|
|
In order to run Ghostscript without these controls,
|
|
|
|
see "NOSAFER" at
|
|
|
|
https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer
|
|
|
|
* We (i.e. Ghostscript upstream) are in the process of forking
|
|
|
|
LittleCMS, cf. the other release notes entries below.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
Incompatible changes:
|
|
|
|
* There are a couple of subtle incompatibilities between the old
|
|
|
|
and new SAFER implementations. Firstly, as mentioned above,
|
|
|
|
SAFER now leaves standard Postcript functionality unchanged
|
|
|
|
(except for the file access limitations). Secondly, the
|
|
|
|
interaction with save/restore operations, see "SAFER" at
|
|
|
|
https://www.ghostscript.com/doc/9.50/Use.htm#Safer
|
|
|
|
* The following is not strictly speaking new to 9.50,
|
|
|
|
as not much has changed since 9.27 in this area,
|
|
|
|
but for those who don't upgrade with every release:
|
|
|
|
The process of "tidying" the Postscript name space should have
|
|
|
|
removed only non-standard and undocumented operators.
|
|
|
|
Nevertheless, it is possible that any integrations or utilities
|
|
|
|
that rely on those non-standard and undocumented operators
|
|
|
|
may stop working, or may change behaviour.
|
|
|
|
If you encounter such a case, please contact us
|
|
|
|
(i.e. Ghostscript upstream, either the #ghostscript IRC channel
|
|
|
|
or the gs-devel mailing list would be best), and we'll work
|
|
|
|
with you to either find an alternative solution or return the
|
|
|
|
previous functionality, if there is genuinely no other option.
|
|
|
|
One case we know this has occurred is GSView 5 (and earlier).
|
|
|
|
GSView 5 support for PDF files relied upon internal use only
|
|
|
|
features which are no longer available. GSView 5 will still
|
|
|
|
work as previously for Postscript files. For PDF files,
|
|
|
|
users are encouraged to look at MuPDF https://www.mupdf.com/
|
|
|
|
For a release summary see:
|
|
|
|
https://www.ghostscript.com/doc/9.50/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- CVE-2019-10216.patch
|
|
|
|
gs-CVE-2019-14811-885444fc.patch
|
|
|
|
gs-CVE-2019-14817-cd1b1cac.patch
|
|
|
|
openjpeg4gs-CVE-2018-6616-8ee33522.patch
|
|
|
|
are fixed in the version 9.52 upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
|
|
|
|
|
|
|
- Use system openjpeg2 on Tumbleweed/Factory.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Sep 23 08:24:49 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
|
|
|
|
|
|
|
|
- Made ghostscript profile enforcing and limit it to the ghostscript
|
|
|
|
binaries (bsc#1150338)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink <werner@suse.de>
|
|
|
|
|
|
|
|
- Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882
|
|
|
|
for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813
|
|
|
|
- Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884
|
|
|
|
for CVE-2019-14817
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Sep 13 14:15:10 UTC 2019 - Dr. Werner Fink <werner@suse.de>
|
|
|
|
|
|
|
|
- Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359
|
|
|
|
for CVE-2019-12973
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Aug 22 06:20:43 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
- Update RPM groups.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink <werner@suse.de>
|
|
|
|
|
|
|
|
- Use update-alternatives to get the real ghostscript binary from
|
|
|
|
/usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to
|
|
|
|
use this with its wrapper script
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink <werner@suse.de>
|
|
|
|
|
|
|
|
- CVE-2019-10216.patch fixes CVE-2019-10216
|
|
|
|
forceput/superexec in .buildfont1 is still accessible
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=701394
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com
|
|
|
|
|
|
|
|
- Set AA profile to complain and added fixes for ps2epsi (boo#1134327)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.27
|
|
|
|
Highlights in this release include:
|
|
|
|
* We (i.e. Ghostscript upstream) have extensively cleaned up
|
|
|
|
the Postscript name space: removing access to internal and/or
|
|
|
|
undocumented Postscript operators, procedures and data.
|
|
|
|
This has benefits for security and maintainability.
|
|
|
|
Incompatible changes:
|
|
|
|
The process of "tidying" the Postscript name space should
|
|
|
|
have removed only non-standard and undocumented operators.
|
|
|
|
Nevertheless, it is possible that any integrations or
|
|
|
|
utilities that rely on those non-standard and undocumented
|
|
|
|
operators may stop working, or may change behaviour.
|
|
|
|
If you encounter such a case, please contact us (i.e.
|
|
|
|
Ghostscript upstream) - (either the #ghostscript IRC channel,
|
|
|
|
or the gs-devel mailing list would be best), and we'll work
|
|
|
|
with you to either find an alternative solution.
|
|
|
|
* Fontmap can now reference invidual fonts in a TrueType
|
|
|
|
Collection for font subsitution. Previously, a Fontmap entry
|
|
|
|
could only reference a TrueType collection and use the default
|
|
|
|
(first) font.
|
|
|
|
Now, the Fontmap syntax allows for specifying a specific index
|
|
|
|
in a TTC. See the comments at the top of (the default)
|
|
|
|
Fontmap.GS for details.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
IMPORTANT: It is our intention, within the next 12 months
|
|
|
|
(ideally sooner, in time for the next release) to make SAFER
|
|
|
|
the default mode of operation. For many users this will have
|
|
|
|
no effect, since they use SAFER explicitly, but some niche
|
|
|
|
uses which rely on SAFER being disabled may need to start
|
|
|
|
explicitly adding the "-dNOSAFER" option.
|
|
|
|
IMPORTANT: We (i.e. Ghostscript upstream) are in the process of
|
|
|
|
forking LittleCMS. LCMS2 is not thread safe, and cannot be made
|
|
|
|
thread safe without breaking the ABI. Our fork will be thread
|
|
|
|
safe, and include performance enhancements (these changes have
|
|
|
|
all be been offered and rejected upstream). We will maintain
|
|
|
|
compatibility between Ghostscript and LCMS2 for a time, but not
|
|
|
|
in perpetuity. Our fork will be available as its own package
|
|
|
|
separately from Ghostscript (and MuPDF).
|
|
|
|
For a release summary see:
|
|
|
|
http://www.ghostscript.com/doc/9.27/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
The Ghostscript 9.27 release should fix (cf. the entry below
|
|
|
|
dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
|
|
|
|
in particular those security issues:
|
|
|
|
* CVE-2019-3838 forceput in DefineResource is still accessible
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700576
|
|
|
|
* CVE-2019-3835: superexec operator is available
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700585
|
|
|
|
- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
|
|
|
|
is no longer needed because it is fixed in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com
|
|
|
|
|
|
|
|
- Added AA rules for dvips (bsc#1127934)
|
|
|
|
- Allow execution of dirname (bsc#1128697)
|
|
|
|
- Allow execution of hpijs (bsc#1128467). For now this is in
|
|
|
|
complain mode
|
|
|
|
- Sane profile name "ghostscript", moved profile from
|
|
|
|
/etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript
|
|
|
|
(bsc#1128607)
|
|
|
|
- Improved AA packaging (bsc#1128608)
|
|
|
|
Thanks to Christian Boltz for his help
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 8 10:49:18 UTC 2019 - Martin Wilck <mwilck@suse.com>
|
|
|
|
|
|
|
|
- Fix IJS printing problem (bsc#1128467)
|
|
|
|
* added ijs_exec_server_dont_use_sh.patch
|
|
|
|
* allow exec'ing hpijs in apparmor profile
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Feb 7 09:27:44 UTC 2019 - jsegitz@suse.com
|
|
|
|
|
|
|
|
- Added apparmor_usr.bin.gs. This profile prevents execution of
|
|
|
|
executables to serve as hardening for the binaries that process
|
|
|
|
ghostscript. This is of limited use but prevents simple exploits.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Jan 23 16:52:00 CET 2019 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.26a
|
|
|
|
The version 9.26a is a special security bugfix version to fix
|
|
|
|
* CVE-2019-6116: subroutines within pseudo-operators
|
|
|
|
must themselves be pseudo-operators
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700317
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1122319 bsc#1122319
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jan 10 17:09:16 UTC 2019 - jweberhofer@weberhofer.at
|
|
|
|
|
|
|
|
- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
|
|
|
|
fixes Ghostscript issue #700315 and bsc#1121490
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700315
|
|
|
|
Segfault in GS 9.26 with certain PDFs with -dLastPage=1
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Nov 30 09:01:17 CET 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.26
|
|
|
|
Highlights in this release include:
|
|
|
|
* Security issues have been the primary focus of this release,
|
|
|
|
including solving several (well publicised) real and potential
|
|
|
|
exploits.
|
|
|
|
Thanks to Man Yue Mo of Semmle Security Research Team,
|
|
|
|
Jens Mueller of Ruhr-Universitaet Bochum and
|
|
|
|
Tavis Ormandy of Google's Project Zero
|
|
|
|
for their help to identify specific security issues.
|
|
|
|
PLEASE NOTE:
|
|
|
|
We (i.e. Ghostscript upstream) strongly urge users to upgrade
|
|
|
|
to this latest release to avoid these issues.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
For a release summary see:
|
|
|
|
http://www.ghostscript.com/doc/9.26/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
The Ghostscript 9.26 release should fix (cf. the entry below
|
|
|
|
dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
|
|
|
|
in particular those security issues (bsc#1117331)
|
|
|
|
* CVE-2018-19475: psi/zdevice2.c allows attackers to bypass
|
|
|
|
intended access restrictions
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700153
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1117327 bsc#1117327
|
|
|
|
* CVE-2018-19476: psi/zicc.c allows attackers to bypass
|
|
|
|
intended access restrictions because of a setcolorspace
|
|
|
|
type confusion
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700169
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1117313 bsc#1117313
|
|
|
|
* CVE-2018-19477: psi/zfjbig2.c allows attackers to bypass
|
|
|
|
intended access restrictions because of a JBIG2Decode
|
|
|
|
type confusion
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700168
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1117274 bsc#1117274
|
|
|
|
* CVE-2018-19409: LockSafetyParams is not checked correctly
|
|
|
|
if another device is used
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=700176
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1117022 bsc#1117022
|
|
|
|
and those security issues
|
|
|
|
* CVE-2018-18284: 1Policy operator gives access to .forceput
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=69963
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1112229 bsc#1112229
|
|
|
|
* CVE-2018-18073: saved execution stacks can leak operator arrays
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699927
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1111480 bsc#1111480
|
|
|
|
* CVE-2018-17961: bypassing executeonly to escape -dSAFER sandbox
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699816
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1111479 bsc#1111479
|
|
|
|
* CVE-2018-17183: remote attackers could be able to supply
|
|
|
|
crafted PostScript to potentially overwrite or replace
|
|
|
|
error handlers to inject code
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699708
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1109105 bsc#1109105
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Nov 9 11:25:19 CET 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.26rc1 (first release candidate for 9.26).
|
|
|
|
Highlights in this release include:
|
|
|
|
* Purely security and a few bug fixes, there are no new features,
|
|
|
|
and no API changes to report.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.25
|
|
|
|
For the highlights in this release see the highlights in the
|
|
|
|
9.25rc1 first release candidate for 9.25 entry below.
|
|
|
|
PLEASE NOTE:
|
|
|
|
We (i.e. Ghostscript upstream) strongly urge users to upgrade
|
|
|
|
to this latest release to avoid these issues.
|
|
|
|
For a release summary see:
|
|
|
|
http://www.ghostscript.com/doc/9.25/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
The Ghostscript 9.25 release should fix (see below)
|
|
|
|
in particular those security issues:
|
|
|
|
* CVE-2018-15909: shading_param incomplete type checking
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699660
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172
|
|
|
|
* CVE-2018-15908: .tempfile file permission issues
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699657
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171
|
|
|
|
* CVE-2018-15910: LockDistillerParams type confusion
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699656
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173
|
|
|
|
* CVE-2018-15911: uninitialized memory access in the aesdecode
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699665
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195
|
|
|
|
* CVE-2018-16513: setcolor missing type check
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699655
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412
|
|
|
|
* CVE-2018-16509: /invalidaccess bypass after failed restore
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699654
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410
|
|
|
|
* CVE-2018-16510: Incorrect exec stack handling in the "CS"
|
|
|
|
and "SC" PDF primitives
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699671
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411
|
|
|
|
* CVE-2018-16542: .definemodifiedfont memory corruption
|
|
|
|
if /typecheck is handled
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699668
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413
|
|
|
|
* CVE-2018-16541 incorrect free logic in pagedevice replacement
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699664
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421
|
|
|
|
* CVE-2018-16540 use-after-free in copydevice handling
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699661
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420
|
|
|
|
* CVE-2018-16539: incorrect access checking in temp file
|
|
|
|
handling to disclose contents of files
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699658
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422
|
|
|
|
* CVE-2018-16543: gssetresolution and gsgetresolution allow
|
|
|
|
for unspecified impact
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699670
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423
|
|
|
|
* CVE-2018-16511: type confusion in "ztype" could be used by
|
|
|
|
remote attackers able to supply crafted PostScript to crash
|
|
|
|
the interpreter or possibly have unspecified other impact
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699659
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426
|
|
|
|
* CVE-2018-16585 .setdistillerkeys PostScript command is
|
|
|
|
accepted even though it is not intended for use
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581
|
|
|
|
* CVE-2018-16802: Incorrect"restoration of privilege" checking
|
|
|
|
when running out of stack during exceptionhandling could be
|
|
|
|
used by attackers able to supply crafted PostScript to execute
|
|
|
|
code using the "pipe" instruction. This is due to an incomplete
|
|
|
|
fix for CVE-2018-16509
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699714
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699718
|
|
|
|
https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027
|
|
|
|
Regarding what the above "should fix" means:
|
|
|
|
PostScript is a general purpose Turing-complete programming
|
|
|
|
language (cf. https://en.wikipedia.org/wiki/PostScript)
|
|
|
|
that supports in particular file access on the system disk.
|
|
|
|
When Ghostscript processes PostScript it runs a PostScript
|
|
|
|
program as the user who runs Ghostscript.
|
|
|
|
When Ghostscript processes an arbitrary PostScript file,
|
|
|
|
the user who runs Ghostscript runs an arbitrary program
|
|
|
|
which can do anything on the system where Ghostscript runs
|
|
|
|
that this user is allowed to do on that system.
|
|
|
|
To make it safer when Ghostscript runs a PostScript program
|
|
|
|
the Ghostscript command line option '-dSAFER' disables
|
|
|
|
certain file access functionality, for details see
|
|
|
|
/usr/share/doc/ghostscript/9.25/Use.htm
|
|
|
|
Its name 'SAFER' says everything: It makes it 'safer'
|
|
|
|
to let Ghostscript run a PostScript program,
|
|
|
|
but it does not make it completely safe.
|
|
|
|
In theory software is safe against misuse (i.e. has no bugs).
|
|
|
|
In practice there is an endless sequence of various kind of
|
|
|
|
security issues (i.e. software can be misused to do more than
|
|
|
|
what is intended) that get fixed issue by issue ad infinitum.
|
|
|
|
In the end all that means:
|
|
|
|
In practice the user who runs Ghostscript must not let it
|
|
|
|
process arbitrary PostScript files from untrusted origin.
|
|
|
|
In particular Ghostscript is usually run when printing
|
|
|
|
documents (with the '-dSAFER' option set), see the part about
|
|
|
|
"It is crucial to limit access to CUPS to trusted users" in
|
|
|
|
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.25rc1 (first release candidate for 9.25).
|
|
|
|
Highlights in this release include:
|
|
|
|
* This release fixes problems with argument handling, some
|
|
|
|
unintended results of the security fixes to the SAFER file
|
|
|
|
access restrictions (specifically accessing ICC profile files),
|
|
|
|
and some additional security issues over the 9.24 release.
|
|
|
|
* Security issues have been the primary focus of this release,
|
|
|
|
including solving several (well publicised) real
|
|
|
|
and potential exploits.
|
|
|
|
PLEASE NOTE:
|
|
|
|
We (i.e. Ghostscript upstream) strongly urge users to upgrade
|
|
|
|
to this latest release to avoid these issues.
|
|
|
|
* Avoid that ps2epsi fails with
|
|
|
|
'Error: /undefined in --setpagedevice--'
|
|
|
|
Recent changes required to harden SAFER mode mean that
|
|
|
|
it is no longer possible to run ps2epsi in SAFER mode,
|
|
|
|
because it relies upon unsafe Ghostscript non-standard
|
|
|
|
extension operators.
|
|
|
|
Removing SAFER and DELAYSAFER, and the code to reset SAFER,
|
|
|
|
allow ps2epsi to run as well as it ever did (ie badly).
|
|
|
|
This program (i.e. ps2epsi) should now be considered unsafe,
|
|
|
|
you should not use it on untrusted PostScript programs.
|
|
|
|
Likely we (i.e. Ghostscript upstream) will deprecate and
|
|
|
|
remove this program in future.
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 13 10:25:21 CEST 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.24
|
|
|
|
Highlights in this release include:
|
|
|
|
* Security issues have been the primary focus of this release,
|
|
|
|
including solving several (well publicised)
|
|
|
|
real and potential exploits.
|
|
|
|
PLEASE NOTE:
|
|
|
|
We (i.e. Ghostscript upstream) strongly urge users to upgrade
|
|
|
|
to this latest release to avoid these issues.
|
|
|
|
* As well as Ghostscript itself, jbig2dec has had a significant
|
|
|
|
amount of work improving its robustness in the face of
|
|
|
|
out specification files.
|
|
|
|
* IMPORTANT: We (i.e. Ghostscript upstream) are in the process
|
|
|
|
of forking LittleCMS. LCMS2 is not thread safe, and cannot
|
|
|
|
be made thread safe without breaking the ABI. Our fork
|
|
|
|
will be thread safe, and include performance enhancements
|
|
|
|
(these changes have all be been offered and rejected upstream).
|
|
|
|
We will maintain compatibility between Ghostscript and LCMS2
|
|
|
|
for a time, but not in perpetuity. Our fork will be available
|
|
|
|
as its own package separately from Ghostscript (and MuPDF).
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
For a release summary see:
|
|
|
|
http://www.ghostscript.com/doc/9.24/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- fix_ln_docdir_gsdatadir.patch is no longer needed
|
|
|
|
because the issue is fixed in the upstream sources.
|
|
|
|
- CVE-2018-10194.patch is no longer needed
|
|
|
|
because the issue is fixed in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2018-10194.patch fixes stack-based buffer overflow
|
|
|
|
in gdevpdts.c (bsc#1090099), see
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=699255 and
|
|
|
|
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 22 12:51:39 CET 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.23
|
|
|
|
Highlights in this release include:
|
|
|
|
* Ghostscript now has a family of 'pdfimage' devices
|
|
|
|
(pdfimage8, pdfimage24 and pdfimage32) which produce
|
|
|
|
rendered output wrapped up as an image in a PDF.
|
|
|
|
Additionally, there is a 'pclm' device which
|
|
|
|
produces PCLm format output.
|
|
|
|
* There is now a ColorAccuracy parameter allowing the user
|
|
|
|
to decide between speed or accuracy in ICC color transforms.
|
|
|
|
* JPEG Passthrough: devices which support it can now receive
|
|
|
|
the 'raw' JPEG stream from the interpreter.
|
|
|
|
The main use of this is the pdfwrite/ps2write family of devices
|
|
|
|
that can now take JPEG streams from the input file(s) and write
|
|
|
|
them unchanged to the output (thus avoiding additional
|
|
|
|
quantization effects).
|
|
|
|
* PDF transparency performance improvements
|
|
|
|
* IMPORTANT: We (i.e. Ghostscript upstream) are in the process
|
|
|
|
of forking LittleCMS.
|
|
|
|
LCMS2 is not thread safe, and cannot be made thread safe
|
|
|
|
without breaking the ABI. Our fork will be thread safe,
|
|
|
|
and include performance enhancements (these changes have all
|
|
|
|
be been offered and rejected upstream). We will maintain
|
|
|
|
compatibility between Ghostscript and LCMS2 for a time,
|
|
|
|
but not in perpetuity. Our fork will be available as its own
|
|
|
|
package separately from Ghostscript (and MuPDF).
|
|
|
|
* We have continued the focus on code hygiene in this release
|
|
|
|
cleaning up security issues, ignored return values,
|
|
|
|
and compiler warnings.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
Incompatible changes
|
|
|
|
* The planned device API tidy has, unfortunately, been
|
|
|
|
indefinitely postponed, until appropriate resources
|
|
|
|
are available.
|
|
|
|
For a release summary see:
|
|
|
|
http://www.ghostscript.com/doc/9.23/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
See also the entries below since "Version upgrade to 9.22"
|
|
|
|
(boo#1082896 and boo#1074266).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 16 12:39:36 CET 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- For now use lcms2 from SUSE because that is what currently
|
|
|
|
Ghostscript upstream recommends according to
|
|
|
|
https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html
|
|
|
|
because since Ghostscript 9.23rc1 there is no longer lcms2
|
|
|
|
in Ghostscript but now it is lcms2art which is the beginning
|
|
|
|
of a lcms2 fork, see News.htm that reads in particular
|
|
|
|
"LCMS2 is not thread safe ... Our fork will be thread safe ...
|
|
|
|
We will maintain compatibility between Ghostscript and LCMS2
|
|
|
|
for a time, but not in perpetuity", see also
|
|
|
|
https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c14
|
|
|
|
- On SLE11 and on SLE12-SP1 there is liblcms2-2-2.5
|
|
|
|
which is too old so that configure fails there with
|
|
|
|
configure: error: lcms2 not found, or too old
|
|
|
|
but there is no configure option to build it without lcms2
|
|
|
|
so that for SLE11 and SLE12-SP1 it is built with
|
|
|
|
the lcms2art in Ghostscript.
|
|
|
|
- ppc64le-support.patch is no longer needed because it only
|
|
|
|
contained a fix for lcms2art/include/lcms2art.h in Ghostscript
|
|
|
|
but currently lcms2 from SUSE is used instead (see above).
|
|
|
|
- Do no longer require any fonts packages in particular
|
|
|
|
neither require ghostscript-fonts-std because the PostScript
|
|
|
|
Base35 fonts are provided by Ghostscript (in 'Resource')
|
|
|
|
nor require ghostscript-fonts-other (provides Bitream Charter,
|
|
|
|
Adobe Utopia, URW Antiqua, URW Grotesq and Hershey fonts where
|
|
|
|
all but the last are also provided by texlive-<name>-fonts) and
|
|
|
|
those fonts are not required for PostScript compliance, see
|
|
|
|
https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c13
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 15 11:19:33 CET 2018 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.23rc1 (first release candidate for 9.23).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
- Adapted ppc64le-support.patch: In Ghostscript 9.23 there is now
|
|
|
|
lcms2art/include/lcms2art.h (instead of lcms2/include/lcms2.h).
|
|
|
|
- ghostscript-fix-debug-use.patch is no longer needed
|
|
|
|
because the issue is fixed in the upstream sources.
|
|
|
|
- fix_ln_docdir_gsdatadir.patch avoids
|
|
|
|
"base/unixinst.mak:162: recipe for target 'install-doc' failed"
|
|
|
|
- Adapted spec file to the new Ghostscript upstream documentation
|
|
|
|
directory /usr/share/doc/ghostscript/9.23/
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Feb 28 00:14:31 UTC 2018 - stefan.bruens@rwth-aachen.de
|
|
|
|
|
|
|
|
- Use -p /sbin/ldconfig instead of shell post(un) scriptlet, drop
|
|
|
|
explicit Prereq for ldconfig
|
|
|
|
- Use shared libgs library for gs binary instead of static linked
|
|
|
|
version
|
|
|
|
- Use --disable-compile-inits, to allow unbundling of Resource files
|
|
|
|
- Remove --disable-omni switch, has been removed in GS 9.20
|
|
|
|
- Keep patch ordering in full/mini consistent
|
|
|
|
- Remove patch backup files to avoid packaging
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Feb 27 14:55:51 CET 2018 - novell@mirell.de
|
|
|
|
|
|
|
|
- Add ghostscript-fix-debug-use.patch from upstream to fix broken
|
|
|
|
printing with some drivers (especially Dell Printers) from
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=698837
|
|
|
|
- Fix build for SLE targets
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Nov 29 16:04:48 CET 2017 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.22.
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Highlights in this release include:
|
|
|
|
* Ghostscript can now consume and produce (via the pdfwrite
|
|
|
|
device) PDF 2.0 compliant files.
|
|
|
|
* The main focus of this release has been security and code
|
|
|
|
cleanliness. Hence many AddressSanitizer, Valgrind and
|
|
|
|
Coverity issues have been addressed.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
Incompatible changes
|
|
|
|
* The planned device API tidy (still!) did not happen for
|
|
|
|
this release, due to time pressures, but we still intend
|
|
|
|
to undertake the following: We plan to somewhat tidy up
|
|
|
|
the device API. We intend to remove deprecated device procs
|
|
|
|
(methods/function pointers) and change the device API
|
|
|
|
so every device proc takes a graphics state parameter
|
|
|
|
(rather than the current scheme where only a very few procs
|
|
|
|
take an imager state parameter). This should serve as notice
|
|
|
|
to anyone maintaining a Ghostscript device outside the
|
|
|
|
canonical source tree that you may (probably will) need
|
|
|
|
to update your device(s) when these changes happen.
|
|
|
|
Devices using only the non-deprecated procs should be
|
|
|
|
trivial to update.
|
|
|
|
- Up to 9.22rc1 it "just built" for all openSUSE versions but
|
|
|
|
since 9.22rc2 the libijs part does no longer buid for any
|
|
|
|
released openSUSE version where if fails with messages like
|
|
|
|
libtool: Version mismatch error.
|
|
|
|
This is libtool 2.4.6 Debian-2.4.6-2, but the
|
|
|
|
definition of this LT_INIT comes from libtool 2.4.2.
|
|
|
|
You should recreate aclocal.m4 with macros from
|
|
|
|
libtool 2.4.6 Debian-2.4.6-2 and run autoconf again.
|
|
|
|
Makefile: recipe for target 'ijs.lo' failed
|
|
|
|
so that currently it only builds for Tumbleweed/Factory.
|
|
|
|
Presumably it is not too complicated to make it build again
|
|
|
|
also for released openSUSE versions but currently I have
|
|
|
|
less than zero energy to fix such "latest breaking changes"
|
|
|
|
so that for now Ghostscript 9.22 is only provided for
|
|
|
|
openSUSE Tumbleweed/Factory and the upcoming SLE15/Leap15.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Sep 29 09:12:06 CEST 2017 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.22rc2 (second release candidate for 9.22).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 14 15:19:40 CEST 2017 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.22rc1 (first release candidate for 9.22).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
- Since Ghostscript 9.22rc1 font2c and wftopfa are removed.
|
|
|
|
- CVE-2017-5951.patch CVE-2017-7207.patch
|
|
|
|
CVE-2017-8291.patch and CVE-2017-9216.patch
|
|
|
|
are fixed in the version 9.22rc1 upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com
|
|
|
|
|
|
|
|
- CVE-2017-7207.patch fixes a NULL pointer dereference
|
|
|
|
in mem_get_bits_rectangle
|
|
|
|
see https://bugs.ghostscript.com/show_bug.cgi?id=697676
|
|
|
|
(bsc#1030263)
|
|
|
|
- CVE-2017-9216.patch fixes a NULL pointer dereference
|
|
|
|
in jbig2_huffman_get
|
|
|
|
see https://bugs.ghostscript.com/show_bug.cgi?id=697934
|
|
|
|
(bsc#1040643)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue May 2 14:27:22 CEST 2017 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2017-8291.patch fixes
|
|
|
|
a type confusion in .rsdparams and .eqproc
|
|
|
|
see https://bugs.ghostscript.com/show_bug.cgi?id=697808
|
|
|
|
and https://bugs.ghostscript.com/show_bug.cgi?id=697799
|
|
|
|
(bsc#1036453).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 12 11:12:27 CEST 2017 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2016-10317 (bsc#1032230)
|
|
|
|
heap buffer overflow in fill_threshhold_buffer()
|
|
|
|
is not yet fixed because there is no fix available at
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=697459
|
|
|
|
- CVE-2016-10219 (bsc#1032138)
|
|
|
|
divide by zero in intersect()
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=697453
|
|
|
|
is fixed in the version 9.21 upstream sources
|
|
|
|
- CVE-2016-10218 (bsc#1032135)
|
|
|
|
null pointer dereference in pdf14_pop_transparency_group()
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=697444
|
|
|
|
is fixed in the version 9.21 upstream sources.
|
|
|
|
- CVE-2016-10217 (bsc#1032130)
|
|
|
|
use-after-free in pdf14_cleanup_parent_color_profiles()
|
|
|
|
that is related to pdf14_open() in base/gdevp14.c
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=697456
|
|
|
|
is fixed in the version 9.21 upstream sources.
|
|
|
|
- CVE-2016-10220 (bsc#1032120)
|
|
|
|
null pointer dereference in gx_device_finalize() that is
|
|
|
|
related to gs_makewordimagedevice() in base/gsdevmem.c
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=697450
|
|
|
|
is fixed in the version 9.21 upstream sources.
|
|
|
|
- CVE-2017-5951.patch fixes
|
|
|
|
null pointer dereference in ref_stack_index() that is
|
|
|
|
related to mem_get_bits_rectangle() in base/gdevmem.c
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=697548
|
|
|
|
(bsc#1032114)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Apr 10 14:06:09 CEST 2017 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.21.
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Highlights in this release include:
|
|
|
|
* pdfwrite now preserves annotations from
|
|
|
|
input PDFs (where possible).
|
|
|
|
* The GhostXPS interpreter now provides the pdfwrite device
|
|
|
|
with the data it requires to emit a ToUnicode CMap: thus
|
|
|
|
allowing fully searchable PDFs to be created from XPS
|
|
|
|
input (in the vast majority of cases).
|
|
|
|
* Ghostscript now allows the default color space
|
|
|
|
for PDF transparency blends.
|
|
|
|
* The Ghostscript/GhostPDL configure script now has much
|
|
|
|
better/fuller support for cross compiling.
|
|
|
|
* The tiffscaled and tiffscaled4 devices can now
|
|
|
|
use ETS (Even Tone Screening)
|
|
|
|
* The toolbin/pdf_info.ps utility can now emit
|
|
|
|
the PDF XML metadata.
|
|
|
|
* Ghostscript has a new scan converter available
|
|
|
|
(currently optional, but will become the default in a near
|
|
|
|
future release). It can be enabled by using the command line
|
|
|
|
option: '-dSCANCONVERTERTYPE=2'. This new implementation
|
|
|
|
provides vastly improved performance with large and complex
|
|
|
|
paths.
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
Incompatible changes:
|
|
|
|
* The planned device API tidy (still!) did not happen for
|
|
|
|
this release, due to time pressures, but we still intend
|
|
|
|
to undertake the following: We plan to somewhat tidy up
|
|
|
|
the device API. We intend to remove deprecated device
|
|
|
|
procs (methods/function pointers) and change the device API
|
|
|
|
so every device proc takes a graphics state parameter
|
|
|
|
(rather than the current scheme where only a very few procs
|
|
|
|
take an imager state parameter). This should serve as notice
|
|
|
|
to anyone maintaining a Ghostscript device outside the
|
|
|
|
canonical source tree that you may (probably will) need to
|
|
|
|
update your device(s) when these changes happen. Devices using
|
|
|
|
only the non-deprecated procs should be trivial to update.
|
|
|
|
- CVE-2016-7976.patch and CVE-2016-7977.patch and
|
|
|
|
CVE-2016-7978.patch and CVE-2016-7979.patch and
|
|
|
|
CVE-2016-8602.patch are no longer needed because
|
|
|
|
those issues are fixed in the upstream sources.
|
|
|
|
- 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch
|
|
|
|
and
|
|
|
|
0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch
|
|
|
|
are no longer needed because both are included
|
|
|
|
in the upstream sources, see the upstream issue
|
|
|
|
https://bugs.ghostscript.com/show_bug.cgi?id=697484
|
|
|
|
- Again use the zlib sources from Ghostscript upstream
|
|
|
|
and disable remove-zlib-h-dependency.patch because
|
|
|
|
Ghostscript 9.21 does no longer build this way,
|
|
|
|
cf. the entry below dated "Wed Nov 18 11:46:58 UTC 2015"
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jan 12 17:13:58 UTC 2017 - stefan.bruens@rwth-aachen.de
|
|
|
|
|
|
|
|
- Set SOURCE_DATE_EPOCH based on changelog head
|
|
|
|
- Add 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch
|
|
|
|
* Use SOURCE_DATE_EPOCH for mkromfs output for reproducible build
|
|
|
|
- Add 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch
|
|
|
|
* Sort ROM contents for deterministic output
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Oct 17 13:36:57 CEST 2016 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2013-5653 (getenv and filenameforall ignore -dSAFER)
|
|
|
|
is fixed in the Ghostscript 9.20 upstream sources
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=694724
|
|
|
|
(bsc#1001951).
|
|
|
|
- CVE-2016-7976.patch fixes that
|
|
|
|
various userparams allow %pipe% in paths, allowing
|
|
|
|
remote shell command execution
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=697178
|
|
|
|
(bsc#1001951).
|
|
|
|
- CVE-2016-7977.patch fixes that
|
|
|
|
.libfile doesn't check PermitFileReading array, allowing
|
|
|
|
remote file disclosure
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=697169
|
|
|
|
(bsc#1001951).
|
|
|
|
- CVE-2016-7978.patch fixes that
|
|
|
|
reference leak in .setdevice allows
|
|
|
|
use-after-free and remote code execution
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=697179
|
|
|
|
(bsc#1001951).
|
|
|
|
- CVE-2016-7979.patch fixes that
|
|
|
|
type confusion in .initialize_dsc_parser allows
|
|
|
|
remote code execution
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=697190
|
|
|
|
(bsc#1001951).
|
|
|
|
- CVE-2016-8602.patch fixes a NULL dereference in .sethalftone5
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=697203
|
|
|
|
(bsc#1004237).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 29 14:40:38 CEST 2016 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.20. Purely a maintenance release.
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Highlights in this release include:
|
|
|
|
* The usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
Incompatible changes:
|
|
|
|
* The planned device API tidy did not happen for this release,
|
|
|
|
due to time pressures, but we still intend to undertake the
|
|
|
|
following: We plan to somewhat tidy up the device API.
|
|
|
|
We intend to remove deprecated device procs
|
|
|
|
(methods/function pointers) and change the device API
|
|
|
|
so every device proc takes a graphics state parameter (rather
|
|
|
|
than the current scheme where only a very few procs take an
|
|
|
|
imager state parameter). This should serve as notice to anyone
|
|
|
|
maintaining a Ghostscript device outside the canonical source
|
|
|
|
tree that you may (probably will) need to update your
|
|
|
|
device(s) when these changes happen. Devices using only
|
|
|
|
the non-deprecated procs should be trivial to update.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 15 10:12:03 CEST 2016 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.20rc1 (first release candidate for 9.20).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 23 15:43:27 CET 2016 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.19. Mainly a maintenance release.
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Highlights in this release include:
|
|
|
|
* Metadata pdfmark is now implemented. This allows the user
|
|
|
|
to specify an XMP stream which will be written to the
|
|
|
|
Catalog of the PDF file. A new pdfmark 'Ext_Metadata' has
|
|
|
|
been defined. This takes a string parameter which contains
|
|
|
|
XML to be add to the XMP normally created by pdfwrite.
|
|
|
|
See "pdfwrite pdfmark extensions" for more information.
|
|
|
|
* An experimental, rudimentary raster trapping implementation
|
|
|
|
has been added to the Ghostscript graphics library.
|
|
|
|
See "Trapping" for details.
|
|
|
|
Incompatible changes:
|
|
|
|
* (Minor) API change: copy_alpha now supports 8 bit depth
|
|
|
|
(as well as the previous 2 and 4).
|
|
|
|
* The gs man pages are woefully out of date and basically
|
|
|
|
unmaintained. With the release following 9.19, we intend
|
|
|
|
to replace their contents with a very limited summary
|
|
|
|
of (unlikely to ever change aspects of) calling
|
|
|
|
Ghostscript, and a pointer to the (maintained) HTML
|
|
|
|
documentation. That is, unless a volunteer is willing
|
|
|
|
to update, and commit to maintaining the man pages.
|
|
|
|
* ijs-config is no longer provided
|
|
|
|
Planned incompatible changes:
|
|
|
|
* We plan (ideally for the release following 9.19) to somewhat
|
|
|
|
tidy up the device API. We plan to remove deprecated device
|
|
|
|
procs (methods/function pointers). We also intend to merge
|
|
|
|
the imager state and graphics state (thus eliminating the
|
|
|
|
imager state), and change the device API so every device proc
|
|
|
|
takes a graphics state parameter (rather than the current
|
|
|
|
scheme where only a very few procs take an imager state
|
|
|
|
parameter). This should serve as notice to anyone maintaining
|
|
|
|
a Ghostscript device outside the canonical source tree that
|
|
|
|
you may (probably will) need to update your device(s) when
|
|
|
|
these changes happen. Devices using only the non-deprecated
|
|
|
|
procs should be trivial to update.
|
|
|
|
- fix_make_install.patch fixes and
|
|
|
|
add_brackets_for_old_autoconf.patch are no longer needed
|
|
|
|
because both issues are fixed in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 18 10:13:23 CET 2016 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.19rc1 (first release candidate for 9.19).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
- ijs-config is no longer provided
|
|
|
|
- fix_make_install.patch fixes an install error and
|
|
|
|
add_brackets_for_old_autoconf.patch fixes an autoconf error
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=696665
|
|
|
|
- fix_ijs_and_x11_for_FirstPage_and_LastPage.patch is no longer
|
|
|
|
needed because it is fixed in the upstream sources.
|
|
|
|
- install_gserrors.h.patch is no longer needed because it is fixed
|
|
|
|
in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Nov 18 11:46:58 UTC 2015 - schwab@suse.de
|
|
|
|
|
|
|
|
- Do not use library sources for freetype jpeg libpng tiff zlib
|
|
|
|
from the Ghostscript upstream tarball because we prefer to use
|
|
|
|
for long-established standard libraries the ones from SUSE
|
|
|
|
in particular to automatically get SUSE security updates
|
|
|
|
for standard libraries.
|
|
|
|
In contrast we use e.g. lcms2 from the Ghostscript upstream
|
|
|
|
tarball because this one is specially modified to work with
|
|
|
|
Ghostscript so that we cannot use lcms2 from SUSE.
|
|
|
|
- remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
|
|
|
in makefiles as we do not use the zlib sources from the
|
|
|
|
Ghostscript upstream tarball.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Nov 5 13:33:14 CET 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- An incompatible change appeared when building other software
|
|
|
|
with Ghostscript 9.18.
|
|
|
|
Since version 9.18 Ghostscript does no longer provide
|
|
|
|
e_<SomeError> (e.g. e_NeedInput) in its header files
|
|
|
|
(gserrors.h and ierrors.h).
|
|
|
|
When building other software with Ghostscript 9.18
|
|
|
|
gs_error_<SomeError> (e.g. gs_error_NeedInput)
|
|
|
|
must be used, see boo#953149 and
|
|
|
|
http://bugs.ghostscript.com/show_bug.cgi?id=696317
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Oct 30 11:28:14 CET 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- install_gserrors.h.patch installs gserrors.h to fix
|
|
|
|
http://bugs.ghostscript.com/show_bug.cgi?id=696301
|
|
|
|
because without gserrors.h several other packages fail to build
|
|
|
|
(in particular texlive, libspectre, gimp,...).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Oct 12 10:26:52 CEST 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- fix_ijs_and_x11_for_FirstPage_and_LastPage.patch
|
|
|
|
fixes the Ghostscript device ijs and the x11* devices
|
|
|
|
so that they also work when -dFirstPage/-dLastPage is used,
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=696246
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 6 10:21:22 CEST 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.18. A maintenance release.
|
|
|
|
There are no recorded incompatible changes (as of this writing).
|
|
|
|
Highlights in this release include:
|
|
|
|
* A substantial revision of the build system and GhostPDL
|
|
|
|
directory structure. Ghostscript-only users should
|
|
|
|
not be affected by this change.
|
|
|
|
* A new method of internally inserting devices into the device
|
|
|
|
chain has been developed, named "device subclassing".
|
|
|
|
This allows suitably written devices to be more easily and
|
|
|
|
consistently as "filter" devices.
|
|
|
|
The first fruit of this is a new implementation of
|
|
|
|
the "-dFirstPage"/"-dLastPage" feature which functions
|
|
|
|
a device filter in the Ghostscript graphics library, meaning
|
|
|
|
it works consistently with all input languages.
|
|
|
|
* Plus the usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
See http://www.ghostscript.com/doc/9.18/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Sep 29 11:05:48 CEST 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.18rc2 (second release candidate for 9.18).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
- assign_pointer_not_value_in_gximono.c.patch is no longer needed
|
|
|
|
because it is fixed in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 24 10:29:04 CEST 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.18rc1 (first release candidate for 9.18).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
- CVE-2015-3228.patch is no longer needed because it is fixed
|
|
|
|
in the upstream sources.
|
|
|
|
- assign_pointer_not_value_in_gximono.c.patch attempts to fix a
|
|
|
|
"assignment makes pointer from integer without a cast" compiler
|
|
|
|
warning by assigning the pointer and not the integer value.
|
|
|
|
- Removed --disable-compile-inits from configure, see
|
|
|
|
http://bugs.ghostscript.com/show_bug.cgi?id=696223
|
|
|
|
and "Precompiled run-time data" in
|
|
|
|
/usr/share/ghostscript/9.18/doc/Make.htm
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Jul 29 15:20:46 CEST 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- CVE-2015-3228.patch fixes out of bound read/write cause
|
|
|
|
by integer overflow in gsmalloc.c (boo#939342).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Mar 31 10:18:06 CEST 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.16. Primarily a maintenance release.
|
|
|
|
There are no recorded incompatible changes (as of this writing).
|
|
|
|
Highlights in this release include:
|
|
|
|
* "LockColorants" command line option for tiffsep and psdcmyk
|
|
|
|
devices.
|
|
|
|
* Improved high level devices handling of Forms.
|
|
|
|
See http://www.ghostscript.com/doc/9.16/News.htm
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- fix.including.pread.pwrite.pthread_mutexattr_settype.diff
|
|
|
|
is no longer needed because it is fixed in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 25 12:38:16 CET 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- fix.including.pread.pwrite.pthread_mutexattr_settype.diff
|
|
|
|
fixes on SLE11 implicit declaration of function warnings
|
|
|
|
for 'pread' 'pwrite' 'pthread_mutexattr_settype' see
|
|
|
|
http://bugs.ghostscript.com/show_bug.cgi?id=695882
|
|
|
|
- ppc64le-support.patch is a remainder of the previous patch
|
|
|
|
now the hunk for LCMS (lcms/include/lcms.h) is removed
|
|
|
|
because LCMS 1.x is removed since Ghostscript 9.16
|
|
|
|
but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=695544
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 20 17:12:34 CET 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.16rc2 (second release candidate for 9.16).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
Regarding installing packages (in particular release candidates)
|
|
|
|
from the openSUSE build service development project "Printing"
|
|
|
|
see https://build.opensuse.org/project/show/Printing
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 20 10:52:47 CET 2015 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- For SLE12 build it with traditional CUPS 1.5.4 to ensure
|
|
|
|
it works on SLE12 both with CUPS 1.7.5 and CUPS 1.5.4.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Sep 28 18:00:37 CEST 2014 - ro@suse.de
|
|
|
|
|
|
|
|
- readd ppc64le patch ppc64le-support.patch (adapted for lcms2 in
|
|
|
|
Ghostscript version 9.15): the tests in lcms2.h cannot work
|
|
|
|
without "include <endian.h>" that is now added and
|
|
|
|
regardless that lcms is not used by default (unless the
|
|
|
|
configure option --with-lcms is set), lcms is again fixed
|
|
|
|
(see http://bugs.ghostscript.com/show_bug.cgi?id=695544).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Sep 23 10:14:28 CEST 2014 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.15. Primarily a maintenance release.
|
|
|
|
There are no recorded incompatible changes (as of this writing).
|
|
|
|
Highlights in this release include:
|
|
|
|
* Ghostscript now supports the PDF security handler revision 6.
|
|
|
|
* The pdfwrite and ps2write (and related) devices can now be
|
|
|
|
forced to "flatten" glyphs into "basic" marking operations
|
|
|
|
(rather than writing fonts to the output), by giving
|
|
|
|
the -dNoOutputFonts command line option (defaults to "false").
|
|
|
|
* PostScript programs can now use get_params or get_param to
|
|
|
|
determine if a page contains color markings by reading the
|
|
|
|
pageneutralcolor state from the device (so whether the page
|
|
|
|
is "color" or "mono"). Note that this is only accurate when in
|
|
|
|
clist mode, so -dMaxBitmap=0 and -dGrayDetection=true should
|
|
|
|
both be used.
|
|
|
|
* The pdfwrite device now supports Link annotations with GoTo
|
|
|
|
and GoToR actions.
|
|
|
|
* The pdfwrite device now supports BMC/BDC/EMC pdfmarks
|
|
|
|
* Regarding the new color management for the pdfwrite device
|
|
|
|
introduced in the previous release, the proscription on using
|
|
|
|
the new color management when producing PDF/A-1 compliant files
|
|
|
|
is now lifted. To reiterate, also, with the new color
|
|
|
|
management implementation, using the UseCIEColor option is
|
|
|
|
strongly discouraged. For further information on the new
|
|
|
|
pdfwrite color management, see in Ps2pdf.htm the
|
|
|
|
"Color Conversion and Management" section.
|
|
|
|
* Plus the usual round of bug fixes, compatibility changes,
|
|
|
|
and incremental improvements.
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Sep 17 12:17:47 CEST 2014 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.15rc2 (second release candidate for 9.15).
|
|
|
|
Ghostscript upstream QA highlighted a couple of issues
|
|
|
|
that they felt warranted a fresh release candidate.
|
|
|
|
For details see the History9.htm file.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Sep 9 16:06:31 CEST 2014 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.15rc1 (first release candidate for 9.15).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- ppc64le-support.patch is no longer needed because
|
|
|
|
it is fixed in the upstream sources.
|
|
|
|
- Removed trailing whitespaces in spec file and changes file.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Aug 18 15:12:28 UTC 2014 - meissner@suse.com
|
|
|
|
|
|
|
|
- gs does not seem to require libopenssl-devel for building.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 27 12:21:55 CET 2014 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.14. Primarily a maintenance release.
|
|
|
|
Highlights in this release include (excerpt):
|
|
|
|
* pdfwrite now uses the same color management engine as
|
|
|
|
Ghostscript rendering devices (by default LCMS2). For
|
|
|
|
the duration of this release a new switch -dPDFUseOldCMS
|
|
|
|
is available which will restore the old color management.
|
|
|
|
See: "Color Conversion and Management" in Ps2pdf.htm
|
|
|
|
Due to constraints of the PDF/A-1 specification, the new color
|
|
|
|
management does not yet apply when producing PDF/A files.
|
|
|
|
* A new device 'eps2write' has been added which allows for the
|
|
|
|
creation of EPS files using the ps2write device instead of
|
|
|
|
the deprecated and removed pswrite device. The epswrite device
|
|
|
|
is now also deprecated and will be removed in a future release.
|
|
|
|
* Ghostscript has a new "pwgraster" output device for PWG Raster
|
|
|
|
output.
|
|
|
|
* The CUPS device now has improved support for PPD-less printing.
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Dec 13 19:09:12 UTC 2013 - uweigand@de.ibm.com
|
|
|
|
|
|
|
|
- ppc64le-support.patch from IBM fixes endianness
|
|
|
|
in lcms (the Little-CMS library) to support the new
|
|
|
|
architecture ppc64le (IBM Power PC Little Endian architecture)
|
|
|
|
because ppc64 is big-endian and ppc64le is little-endian
|
|
|
|
and lcms has a hard-coded check that assumes PowerPC
|
|
|
|
is always big-endian which is incorrect on ppc64le.
|
|
|
|
The fix is already in the main Little-CMS repository
|
|
|
|
by this Git commit
|
|
|
|
https://github.com/mm2/Little-CMS/commit/b4f5c91a2c1582bd284f0d0f49cb43e2c2235a79
|
|
|
|
(There are some cosmetic changes in the upstream patch.)
|
|
|
|
It is not yet in the imported copy in Ghostscript.
|
|
|
|
IBM will work with upstream to get the fix imported too.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Sep 3 16:26:46 CEST 2013 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.10. Primarily a maintenance release.
|
|
|
|
Highlights in this release include:
|
|
|
|
* LittleCMS2 and libpng have both been updated to the
|
|
|
|
latest versions.
|
|
|
|
* The URW Postscript font set has been updated to the
|
|
|
|
latest version, fixing many compatibility problems
|
|
|
|
with the Adobe fonts.
|
|
|
|
* The CUPS filters gstoraster and gstopxl have been
|
|
|
|
removed from Ghostscript. Those filters are now provided by
|
|
|
|
cups-filters (a free software package hosted by OpenPrinting)
|
|
|
|
that contains all CUPS filters needed by CUPS under Linux
|
|
|
|
(see also the openSUSE issue bnc#735404 comment#44 at
|
|
|
|
https://bugzilla.novell.com/show_bug.cgi?id=735404#c44).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- fix-undefined-operation.patch is no longer needed because
|
|
|
|
it is fixed in the upstream sources.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Aug 29 15:06:13 CEST 2013 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.10rc1 (release candidate for the 9.10 version).
|
|
|
|
For details see the News.htm and History9.htm files.
|
|
|
|
- Prepare spec files to build both releases and release candidates
|
|
|
|
easily in the future by using special different version strings.
|
|
|
|
- fix-undefined-operation.patch fixes
|
|
|
|
http://bugs.ghostscript.com/show_bug.cgi?id=694546
|
|
|
|
- Removed BuildRequires for liblcms-devel because it is not needed
|
|
|
|
when we build Ghostscript that works in compliance with upstream
|
|
|
|
(see https://bugzilla.novell.com/show_bug.cgi?id=828751#c5).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 27 07:58:08 UTC 2013 - mmeister@suse.com
|
|
|
|
|
|
|
|
- Added url as source.
|
|
|
|
Please see http://en.opensuse.org/SourceUrls
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Feb 19 13:51:06 CET 2013 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Version upgrade to 9.07.
|
|
|
|
* As of this release (9.07), Ghostscript is distributed
|
|
|
|
under the GNU Affero General Public License (AGPL).
|
|
|
|
* Ghostscript has been extended to support file sizes >4Gb
|
|
|
|
in particular reading and writing PDF files.
|
|
|
|
* Color management enhancements. Full details of the color
|
|
|
|
management features can be found in: GS9_Color_Management.pdf
|
|
|
|
* The pdfwrite devices now supports linearized (or optimized
|
|
|
|
for fast web view) output directly ("-dFastWebView").
|
|
|
|
* With the addition of linearisation to pdfwrite, pdfopt.ps
|
|
|
|
has become redundant. Since it is difficult to maintain,
|
|
|
|
has a number of bugs, and is believed not to work properly
|
|
|
|
anyway, it is removed. Accordingly the pdfopt shell script
|
|
|
|
that used pdfopt.ps is also removed.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jan 3 11:58:51 CET 2013 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Provide libijs (that is not done via "configure --with-ijs")
|
|
|
|
because libijs is needed by the pdftoijs filter in the
|
|
|
|
cups-filters package (see the README file in cups-filters).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 27 12:02:51 UTC 2012 - mmeister@suse.com
|
|
|
|
|
|
|
|
- Version upgrade to 9.06. Mainly a bugfix release.
|
|
|
|
* pdfwrite announcements:
|
|
|
|
pdfwrite now supports the creation of PDF/A-2 files.
|
|
|
|
For further details see the NEWS file.
|
|
|
|
* removed moribund dumphint tool, see History9.htm and
|
|
|
|
http://bugs.ghostscript.com/show_bug.cgi?id=693223
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Sep 24 10:44:57 UTC 2012 - idonmez@suse.com
|
|
|
|
|
|
|
|
- "export SUSE_ASNEEDED=0" disables -Wl,--as-needed linker flags,
|
|
|
|
see http://bugs.ghostscript.com/show_bug.cgi?id=693100
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu May 10 15:49:33 CEST 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Require Ghostscript's font packages because the
|
|
|
|
Ghostscript package provides the "Fontmap" file
|
|
|
|
/usr/share/ghostscript/<version>/Resource/Init/Fontmap.GS
|
|
|
|
which lists Ghostscript's fonts but the fonts itself
|
|
|
|
are provided in the separated packages ghostscript-fonts-std
|
|
|
|
and ghostscript-fonts-other so that a RPM requirement
|
|
|
|
is needed to make sure that Ghostscript has its fonts.
|
|
|
|
- Extract the catalog of devices which are actually built-in
|
|
|
|
in exactly this Ghostscript and provide it as catalog.devices
|
|
|
|
in the Ghostscript package.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Apr 27 10:40:53 CEST 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- BuildRequires dbus-1-devel for "configure --enable-dbus"
|
|
|
|
to have colord support in gstoraster (see the entry regarding
|
|
|
|
"color management daemon" in doc/History9.htm).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Apr 24 14:30:45 CEST 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Install documentation which is not installed by default
|
|
|
|
(LICENSE doc/AUTHORS doc/COPYING doc/thirdparty.htm
|
|
|
|
doc/WhatIsGS.htm doc/GS9_Color_Management.pdf
|
|
|
|
doc/gs-vms.hlp doc/Ps2ps2.htm).
|
|
|
|
- Add a link from SUSE's usual documentation directory
|
|
|
|
(/usr/share/doc/packages/ghostscript/) to Ghostscript's
|
|
|
|
documentation directory (/usr/share/ghostscript/9.05/doc/)
|
|
|
|
because "configure --docdir=..." does not work.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Apr 5 15:06:56 CEST 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Removed BuildRequires docbook-toys which is not needed
|
|
|
|
(db2ps and db2pdf called in ijs/Makefile.am to make ijs_spec.ps
|
|
|
|
and ijs_spec.pdf but neither of them is made - both are
|
|
|
|
provided in the sources) but docbook-toys pulls in packages
|
|
|
|
like texlive-bin-jadetex and texlive-jadetex which needlessly
|
|
|
|
blow up the build system.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 28 10:59:21 CEST 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Require the basic fonts for Ghostscript
|
|
|
|
(package ghostscript-fonts-std) and recommend the
|
|
|
|
optional fonts (package ghostscript-fonts-other).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 23 11:32:28 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Cleaned up BuildRequires.
|
|
|
|
- Added ghostscript-mini.spec with minimal BuildRequires.
|
|
|
|
- Explicitly specify configure --with-* versus --without-*
|
|
|
|
in ghostscript.spec versus ghostscript-mini.spec
|
|
|
|
to make the differences clear.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 16 10:27:01 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Unfortunately ghostscript-library.spec and ghostscript-mini.spec
|
|
|
|
have unversioned "Provides: ghostscript" and for RPM this means
|
|
|
|
that both ghostscript-library and ghostscript-mini
|
|
|
|
provide any version of ghostscript. Therefore any non-matching
|
|
|
|
version of ghostscript-library and ghostscript-mini fulfill
|
|
|
|
any RPM requirement for ghostscript in the ghostscript-x11
|
|
|
|
and ghostscript-devel sub-packages which is wrong.
|
|
|
|
Therefore explicit conflicts with ghostscript-library and
|
|
|
|
ghostscript-mini are specified in the ghostscript-x11
|
|
|
|
and ghostscript-devel sub-packages to avoid the mess.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 15 16:43:26 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Configure --without-libpaper disables libpaper support
|
|
|
|
because SUSE does not have libpaper.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 15 12:28:36 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Configure --without-jasper and --enable-openjpeg because
|
|
|
|
since Ghostscript 9.05 JasPer is deprecated and Ghostscript
|
|
|
|
now ships modified OpenJPEG sources for JPEG2000 decoding
|
|
|
|
(replacing JasPer). Performance, reliability and memory use
|
|
|
|
whilst decoding JPX streams are all improved. Accordingly
|
|
|
|
the BuildRequires libjasper-devel is removed.
|
|
|
|
- Configure --without-ufst and --without-luratech because
|
|
|
|
those are relevant to commercial releases only
|
|
|
|
which would require a commercial license.
|
|
|
|
- Added BuildRequires libtool which requires automake and
|
|
|
|
automake requires autoconf to fix build requirements
|
|
|
|
for openSUSE:Factory.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Feb 24 16:48:06 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Using fixed /usr/lib/cups/filter (no lib64) because CUPS
|
|
|
|
in the Printing project uses it in any case.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Feb 24 15:21:05 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Adapt RPM dependencies to what is actually used
|
|
|
|
in openSUSE:Factory (dated 22 Feb. 2012).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Feb 16 15:36:21 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Added RPM dependencies to make sure ghostscript-x11 and the
|
|
|
|
main-package have exact matching version-release because both
|
|
|
|
could have any kind of Ghostscript-internal dependencies.
|
|
|
|
This is only an approximation to have ghostscript-x11 and
|
|
|
|
the main-package from the same build where the main-package
|
|
|
|
and its sub-package have been made but currently there is
|
|
|
|
no clean way to specify a 'same build' RPM dependency.
|
|
|
|
Therefore currently ghostscript-x11 and the main-package could
|
|
|
|
have same version-release but nevertheless come from different
|
|
|
|
projects/repositories (e.g. with different patches or
|
|
|
|
whatever kind of differences).
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Feb 15 11:42:41 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Split files which require X11 stuff into a ghostscript-x11
|
|
|
|
sub-package (currently only /usr/lib/ghostscript/9.05/X11.so)
|
|
|
|
so that the ghostscript package can be installed without X11.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Feb 9 11:34:33 CET 2012 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Upgrade to version 9.05 (see bnc#735824):
|
|
|
|
New simple ink-coverage device (inkconv).
|
|
|
|
The ps2write device has a large number of improvements.
|
|
|
|
Fixes and improvements for the CUPS Raster output device
|
|
|
|
(in particular Ghostscript bug 691922 regarding color model).
|
|
|
|
Renamed the PXL CUPS filter from "pstopxl" to "gstopxl".
|
|
|
|
For details see the doc/News.htm file.
|
|
|
|
- Removed "make cups" and "make cups-install" from spec file
|
|
|
|
using "configure ... --with-install-cups" instead
|
|
|
|
(new since version 9.04, see "configure --help").
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Dec 13 15:18:06 UTC 2011 - jw@suse.com
|
|
|
|
|
|
|
|
- Upgrade to version 9.04 (see bnc#735824):
|
|
|
|
For details see the doc/News.htm file.
|
|
|
|
- Added "make cups" and "make cups-install" to spec file.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Mar 15 16:06:40 CET 2011 - jsmeix@suse.de
|
|
|
|
|
|
|
|
- Initial ghostscript package.
|
|
|
|
|