From 92ede25dddeca4f1429b79456337d8f5eb079e9942262ef99897313c1e6610f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Tue, 12 Nov 2024 15:40:34 +0100
Subject: [PATCH] Sync from SUSE:SLFO:Main ghostscript revision
 eaa1c6dc7697dca274137ff9e9b5adf7

---
 ghostscript-10.03.1.tar.gz |  3 ---
 ghostscript-10.04.0.tar.gz |  3 +++
 ghostscript.changes        | 39 ++++++++++++++++++++++++++++++++++++++
 ghostscript.spec           | 23 ++++++----------------
 4 files changed, 48 insertions(+), 20 deletions(-)
 delete mode 100644 ghostscript-10.03.1.tar.gz
 create mode 100644 ghostscript-10.04.0.tar.gz

diff --git a/ghostscript-10.03.1.tar.gz b/ghostscript-10.03.1.tar.gz
deleted file mode 100644
index 8434bf9..0000000
--- a/ghostscript-10.03.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:31cd01682ad23a801cc3bbc222a55f07c4ea3e068bdfb447792d54db21a2e8ad
-size 89140503
diff --git a/ghostscript-10.04.0.tar.gz b/ghostscript-10.04.0.tar.gz
new file mode 100644
index 0000000..e9354a2
--- /dev/null
+++ b/ghostscript-10.04.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c764dfbb7b13fc71a7a05c634e014f9bb1fb83b899fe39efc0b6c3522a9998b1
+size 89186022
diff --git a/ghostscript.changes b/ghostscript.changes
index ec47764..7f23c58 100644
--- a/ghostscript.changes
+++ b/ghostscript.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Wed Oct 30 12:27:04 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
+
+- Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024"
+  by adding the individual "bsc" numbers for each CVE, see
+  https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4
+  and by adding the "IMPORTANT" change in Ghostscript 10.04.0
+- spec file cleanup: removed the special cases for SLE12
+  i.e. rely on "suse_version >= 1500" as given precondition
+  (recent Ghostscript versions fail to build in SLE12 anyway)
+
+-------------------------------------------------------------------
+Wed Oct 23 08:54:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- Version upgrade to 10.04.0 (bsc#1232173):
+  Highlights in this release include:
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.04.0/News.html
+  * This release addresses:
+    + CVE-2024-46951 (bsc#1232265)
+    + CVE-2024-46952 (bsc#1232266)
+    + CVE-2024-46953 (bsc#1232267)
+    + CVE-2024-46954 (bsc#1232268)
+    + CVE-2024-46955 (bsc#1232269)
+    + CVE-2024-46956 (bsc#1232270)
+  * IMPORTANT: In this release (10.04.0)
+    we (i.e. Ghostscript upstream) have be added
+    protection for device selection from PostScript input.
+    This will mean that, by default, only the device specified
+    on the command line will be permitted. Similar to the file
+    permissions, there will be a "--permit-devices=" allowing
+    a comma separation list of allowed devices. This will also
+    take a single wildcard "*" allowing any device.
+    Any application which relies on allowing PostScript
+    to change devices during a job will have to be aware,
+    and take action to deal with this change.
+    The exception is "nulldevice", switching to that requires
+    no special action. 
+
 -------------------------------------------------------------------
 Mon Jul  1 11:56:34 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
 
diff --git a/ghostscript.spec b/ghostscript.spec
index dd0bc22..9023c6d 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -24,19 +24,21 @@
 %bcond_without  apparmor
 %endif
 Name:           ghostscript%{psuffix}
-Version:        10.03.1
+Version:        10.04.0
 Release:        0
 Summary:        The Ghostscript interpreter for PostScript and PDF
 License:        AGPL-3.0-only
 Group:          Productivity/Office/Other
 URL:            https://www.ghostscript.com/
-# How to manually get Source0:
+# Use "osc service manualrun" to fetch Source0:
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10040/ghostscript-%{version}.tar.gz
+# How to manually (i.e. without "osc service") find the Source0 URL at Ghostscript upstream
+# (example for the Ghostscript 10.03.1 release):
 # Go to https://www.ghostscript.com
 # -> "The current Ghostscript release 10.03.1 can be downloaded here" https://www.ghostscript.com/releases/index.html
 # -> "Ghostscript" https://www.ghostscript.com/releases/gsdnld.html
 # -> "Ghostscript 10.03.1 Source for all platforms / GNU Affero General Public License" = "Ghostscript AGPL Release"
 # https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
-Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
 Source10:       apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
@@ -71,6 +73,7 @@ Requires(preun):update-alternatives
 # in openSUSE products, cf. https://build.opensuse.org/request/show/877083
 Provides:       ghostscript_any = %{version}
 %if "%{flavor}" != "mini"
+BuildRequires:  cups-devel
 BuildRequires:  dbus-1-devel
 BuildRequires:  libexpat-devel
 BuildRequires:  xorg-x11-fonts
@@ -80,18 +83,11 @@ BuildRequires:  pkgconfig(x11)
 BuildRequires:  pkgconfig(xext)
 BuildRequires:  pkgconfig(xproto)
 BuildRequires:  pkgconfig(xt)
-%if 0%{?suse_version} == 1315
-BuildRequires:  cups154-devel
-%else
-BuildRequires:  cups-devel
-%endif
 %if %{with apparmor}
-%if 0%{?suse_version} >= 1500
 BuildRequires:  apparmor-abstractions
 BuildRequires:  apparmor-rpm-macros
 %endif
 %endif
-%endif
 # Always check if latest version of openjpeg becomes compatible with ghostscript
 %if 0%{?suse_version} >= 1550
 BuildRequires:  pkgconfig(libopenjp2) >= 2.3.1
@@ -113,10 +109,8 @@ Obsoletes:      ghostscript-library < %{version}
 # The "Obsoletes: ghostscript-mini" is intentionally unversioned because
 # this package ghostscript should replace any version of ghostscript-mini.
 Obsoletes:      ghostscript-mini
-%if 0%{?suse_version} > 1210
 Recommends:     (cups-filters-ghostscript if cups)
 %endif
-%endif
 
 %description
 Ghostscript is a package of software that provides:
@@ -330,11 +324,9 @@ ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs
 /sbin/ldconfig
 %if %{with apparmor}
 %if "%{flavor}" != "mini"
-%if 0%{?suse_version} >= 1500
 %apparmor_reload %{_sysconfdir}/apparmor.d/ghostscript
 %endif
 %endif
-%endif
 %{_sbindir}/update-alternatives \
   --install %{_bindir}/gs gs %{_bindir}/gs.bin 15
 
@@ -413,9 +405,6 @@ fi
 %if "%{flavor}" != "mini"
 %exclude %{_libdir}/ghostscript/%{version}/X11.so
 %if %{with apparmor}
-%if 0%{?suse_version} < 1500
-%dir %{_sysconfdir}/apparmor.d
-%endif
 %{_sysconfdir}/apparmor.d/ghostscript
 %endif