In ghostscript.changes add fixed CVE and bsc numbers

Ghostscript version upgrade to 10.06.0 fixes security issues where MITRE has not yet CVEs assigned (forwarded request 1305215 from jsmeix)

OBS-URL: https://build.opensuse.org/request/show/1305216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=74

ghostscript-10.05.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49
-size 89707690

ghostscript-10.06.0-Fix_32-bit_build.patch

@@ -0,0 +1,63 @@
+From 3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Wed, 10 Sep 2025 08:55:30 +0100
+Subject: Fix 32-bit build
+
+Bug #708824 "ghostscript 10.06.0 compilation failure on 32-bit archs"
+
+nbytes shiouldn't be an intptr_t, it doesn't get used for pointer
+arithmetic. Previously it was a uint, should be a int64_t, to fit with
+all the other devices.
+
+Checked other warnings, and found a (very minor) one in gdevdbit.c, fix
+that while we're here (signed/unsigned mismatch, we don't really care).
+---
+ base/gdevdbit.c | 2 +-
+ base/gdevmpla.c | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/base/gdevdbit.c b/base/gdevdbit.c
+index e07cc3f3b..1b5c69325 100644
+--- a/base/gdevdbit.c
++++ b/base/gdevdbit.c
+@@ -191,7 +191,7 @@ gx_default_copy_alpha_hl_color(gx_device * dev, const byte * data, int data_x,
+     fit_copy(dev, data, data_x, raster, id, x, y, width, height);
+     row_alpha = data;
+     out_raster = bitmap_raster(width * (size_t)byte_depth);
+-    if (check_64bit_multiply(out_raster, ncomps, &product) != 0)
++    if (check_64bit_multiply(out_raster, ncomps, (int64_t *) &product) != 0)
+         return gs_note_error(gs_error_undefinedresult);
+     gb_buff = gs_alloc_bytes(mem, product, "copy_alpha_hl_color(gb_buff)");
+     if (gb_buff == 0) {
+diff --git a/base/gdevmpla.c b/base/gdevmpla.c
+index 2f0d52256..ffc5ff42e 100644
+--- a/base/gdevmpla.c
++++ b/base/gdevmpla.c
+@@ -1954,12 +1954,12 @@ mem_planar_strip_copy_rop2(gx_device * dev,
+         int i;
+         int j;
+         intptr_t chunky_sraster;
+-        intptr_t nbytes;
++        int64_t nbytes;
+         byte **line_ptrs;
+         byte *sbuf, *buf;
+ 
+         chunky_sraster = sraster * (intptr_t)mdev->num_planar_planes;
+-        if (check_64bit_multiply(height, chunky_sraster, (size_t *)&nbytes) != 0)
++        if (check_64bit_multiply(height, chunky_sraster, &nbytes) != 0)
+             return gs_note_error(gs_error_undefinedresult);
+         buf = gs_alloc_bytes(mdev->memory, nbytes, "mem_planar_strip_copy_rop(buf)");
+         if (buf == NULL) {
+@@ -2003,7 +2003,7 @@ mem_planar_strip_copy_rop2(gx_device * dev,
+         intptr_t i;
+         intptr_t chunky_t_raster;
+         int chunky_t_height;
+-        intptr_t nbytes;
++        int64_t nbytes;
+         byte **line_ptrs;
+         byte *tbuf, *buf;
+         gx_strip_bitmap newtex;
+-- 
+cgit v1.2.3
+
+

ghostscript.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Tue Sep 16 13:45:31 UTC 2025 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.06.0
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.06.0/News.html
+  * This release addresses CVEs:
+    CVE-2025-59798 (bsc#1250353)
+    CVE-2025-59799 (bsc#1250354)
+    CVE-2025-59800 (bsc#1250355)
+    CVE-2025-59801 (belongs to GhostXPS not part of Ghostscript)
+  * The 10.06.0 removes the non-standard operator "selectdevice"
+    (cf. the entry below dated Tue Apr  1 09:56:06 UTC 2025)
+- ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f
+  to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824
+  "ghostscript 10.06.0 compilation failure on 32-bit archs"
+
+-------------------------------------------------------------------
+Tue Sep 16 08:15:18 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Switch over to libalternatives for ghostscript to provide a gs
+  variant (bsc#1245896)
+
 -------------------------------------------------------------------
 Mon Aug  4 07:14:46 UTC 2025 - Johannes Meixner <jsmeix@suse.com>
 

ghostscript.spec

@@ -2,6 +2,7 @@
 # spec file for package ghostscript
 #
 # Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,15 +24,20 @@
 %global psuffix %{nil}
 %bcond_without  apparmor
 %endif
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
 Name:           ghostscript%{psuffix}
-Version:        10.05.1
+Version:        10.06.0
 Release:        0
 Summary:        The Ghostscript interpreter for PostScript and PDF
 License:        AGPL-3.0-only
 Group:          Productivity/Office/Other
 URL:            https://www.ghostscript.com/
 # Use "osc service manualrun" to fetch Source0:
-Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10051/ghostscript-%{version}.tar.gz
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10060/ghostscript-%{version}.tar.gz
 # How to manually (i.e. without "osc service") find the Source0 URL at Ghostscript upstream
 # (example for the Ghostscript 10.05.1 release):
 # Go to https://www.ghostscript.com
@@ -45,6 +51,11 @@ Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
 # -> "release notes" https://ghostscript.readthedocs.io/en/gs10.05.1/News.html
 Source10:       apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
+# Patch1 ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit
+# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f
+# to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824
+# "ghostscript 10.06.0 compilation failure on 32-bit archs":
+Patch1:         ghostscript-10.06.0-Fix_32-bit_build.patch
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@@ -62,10 +73,15 @@ BuildRequires:  libpng-devel
 BuildRequires:  libtiff-devel
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
 BuildRequires:  update-alternatives
-BuildRequires:  zlib-devel
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
+%endif
+BuildRequires:  zlib-devel
 # Provide the additional RPM Provides of the ghostscript-library package
 # (ghostscript_x11 is provided by the ghostscript-x11 sub-package, see below).
 # The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any"
@@ -165,7 +181,11 @@ This package contains the development files for Ghostscript.
 
 %prep
 %setup -q -n ghostscript-%{version}
-
+# Patch1 ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit
+# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f
+# to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824
+# "ghostscript 10.06.0 compilation failure on 32-bit archs":
+%patch -P 1 -p1
 # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
 # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467):
 %patch -P 101 -p1
@@ -342,10 +362,20 @@ install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript
 %endif
 
 # Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives
-install -d %{buildroot}%{_sysconfdir}/alternatives
 mv %{buildroot}%{_bindir}/gs %{buildroot}%{_bindir}/gs.bin
+%if %{with libalternatives}
+mkdir -p %{buildroot}%{_datadir}/libalternatives/gs
+ln -sf %{_bindir}/alts %{buildroot}%{_bindir}/gs
+cat > %{buildroot}%{_datadir}/libalternatives/gs/10.conf <<-EOF
+	binary=%{_bindir}/gs.bin
+	man=gs.1
+	group=gs
+	EOF
+%else
+install -d %{buildroot}%{_sysconfdir}/alternatives
 ln -sf %{_bindir}/gs.bin %{buildroot}%{_sysconfdir}/alternatives/gs
 ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs
+%endif
 
 %post
 /sbin/ldconfig
@@ -354,20 +384,30 @@ ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs
 %apparmor_reload %{_sysconfdir}/apparmor.d/ghostscript
 %endif
 %endif
+%if ! %{with libalternatives}
 %{_sbindir}/update-alternatives \
   --install %{_bindir}/gs gs %{_bindir}/gs.bin 15
+%endif
 
 %postun -p /sbin/ldconfig
 
+%if ! %{with libalternatives}
 %preun
 if test $1 -eq 0 ; then
     %{_sbindir}/update-alternatives \
     --remove gs %{_bindir}/gs.bin
 fi
+%endif
 
 %files
 %license LICENSE
+%if %{with libalternatives}
+%dir %{_datadir}/libalternatives/
+%dir %{_datadir}/libalternatives/gs/
+%{_datadir}/libalternatives/gs/10.conf
+%else
 %ghost %config %{_sysconfdir}/alternatives/gs
+%endif
 %{_bindir}/dvipdf
 %{_bindir}/eps2eps
 %{_bindir}/gs