Accepting request 700982 from Printing

Ghostscript version upgrade to 9.27 (bsc#1131863)

OBS-URL: https://build.opensuse.org/request/show/700982
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=39
This commit is contained in:
Dominique Leuenberger 2019-05-07 21:11:37 +00:00 committed by Git OBS Bridge
commit 00991d98dd
7 changed files with 144 additions and 64 deletions

View File

@ -1,34 +0,0 @@
From fae21f1668d2b44b18b84cf0923a1d5f3008a696 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Tue, 4 Dec 2018 21:31:31 +0000
Subject: [PATCH] subclassing devices - fix put_image method
The subclassing devices need to change the 'memory device' parameter to
be the child device, when its the same as the subclassing device.
Otherwise we end up trying to access the child device's memory pointers
in the subclassing device, which may not contain valid copies of
those pointers.
---
base/gdevsclass.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/base/gdevsclass.c b/base/gdevsclass.c
index d9c85d2..5109258 100644
--- a/base/gdevsclass.c
+++ b/base/gdevsclass.c
@@ -797,7 +797,10 @@ int default_subclass_put_image(gx_device *dev, gx_device *mdev, const byte **buf
int alpha_plane_index, int tag_plane_index)
{
if (dev->child)
- return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index);
+ if (dev == mdev)
+ return dev_proc(dev->child, put_image)(dev->child, dev->child, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index);
+ else
+ return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index);
return 0;
}
--
2.9.1

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:79482d5b8350a542ed830ce724b7317f878bcddbdbc163471e2a74848462eb3b
size 42087219

3
ghostscript-9.27.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9760e8bdd07a08dbd445188a6557cb70e60ccb6a5601f7dbfba0d225e28ce285
size 42277543

View File

@ -1,9 +1,66 @@
-------------------------------------------------------------------
Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de
- Version upgrade to 9.27
Highlights in this release include:
* We (i.e. Ghostscript upstream) have extensively cleaned up
the Postscript name space: removing access to internal and/or
undocumented Postscript operators, procedures and data.
This has benefits for security and maintainability.
Incompatible changes:
The process of "tidying" the Postscript name space should
have removed only non-standard and undocumented operators.
Nevertheless, it is possible that any integrations or
utilities that rely on those non-standard and undocumented
operators may stop working, or may change behaviour.
If you encounter such a case, please contact us (i.e.
Ghostscript upstream) - (either the #ghostscript IRC channel,
or the gs-devel mailing list would be best), and we'll work
with you to either find an alternative solution.
* Fontmap can now reference invidual fonts in a TrueType
Collection for font subsitution. Previously, a Fontmap entry
could only reference a TrueType collection and use the default
(first) font.
Now, the Fontmap syntax allows for specifying a specific index
in a TTC. See the comments at the top of (the default)
Fontmap.GS for details.
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
IMPORTANT: It is our intention, within the next 12 months
(ideally sooner, in time for the next release) to make SAFER
the default mode of operation. For many users this will have
no effect, since they use SAFER explicitly, but some niche
uses which rely on SAFER being disabled may need to start
explicitly adding the "-dNOSAFER" option.
IMPORTANT: We (i.e. Ghostscript upstream) are in the process of
forking LittleCMS. LCMS2 is not thread safe, and cannot be made
thread safe without breaking the ABI. Our fork will be thread
safe, and include performance enhancements (these changes have
all be been offered and rejected upstream). We will maintain
compatibility between Ghostscript and LCMS2 for a time, but not
in perpetuity. Our fork will be available as its own package
separately from Ghostscript (and MuPDF).
For a release summary see:
http://www.ghostscript.com/doc/9.27/News.htm
For details see the News.htm and History9.htm files.
The Ghostscript 9.27 release should fix (cf. the entry below
dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
in particular those security issues:
* CVE-2019-3838 forceput in DefineResource is still accessible
https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186
https://bugs.ghostscript.com/show_bug.cgi?id=700576
* CVE-2019-3835: superexec operator is available
https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180
https://bugs.ghostscript.com/show_bug.cgi?id=700585
- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
is no longer needed because it is fixed in the upstream sources.
-------------------------------------------------------------------
Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com
- Added AA rules for dvips (bsc#1127934)
- Allow execution of dirname (bsc#1128697)
- Allow execution of hpijs (bsc#1128467). For now this is in
- Allow execution of hpijs (bsc#1128467). For now this is in
complain mode
- Sane profile name "ghostscript", moved profile from
/etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript

View File

@ -1,7 +1,7 @@
#
# spec file for package ghostscript-mini
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -43,11 +43,7 @@ Url: http://www.ghostscript.com/
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version:
#Version: 9.25pre26rc1
# The upstream version 9.26a is a special Ghostscript upstream security bugfix tar ball
# where upstream provides a complete and consistent state of the whole Ghostscript code
# that includes in particular the complete patchset that is really non-trivial
# to fix the Ghostscript upstream bug 700317 CVE-2019-6116:
Version: 9.26a
Version: 9.27
Release: 0
# Normal version for Ghostscript releases is the upstream version:
# tarball_version is used below to specify the directory via "setup -n":
@ -59,7 +55,7 @@ Release: 0
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
#define built_version %{version}
%define built_version 9.26
%define built_version 9.27
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@ -71,14 +67,13 @@ Release: 0
#Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0:
# wget -O ghostscript-9.26.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostscript-9.26.tar.gz
# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz
# URL for MD5 checksums:
# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/MD5SUMS
# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz
# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS
# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz
Source0: ghostscript-%{version}.tar.gz
Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream:
Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
@ -145,7 +140,6 @@ This package contains the development files for Minimal Ghostscript.
# Be quiet when unpacking and
# use a directory name matching Source0 to make it work also for ghostscript-mini:
%setup -q -n ghostscript-%{tarball_version}
%patch0 -p1
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
# Again use the zlib sources from Ghostscript upstream
@ -165,7 +159,13 @@ rm -f Resource/Init/*.ps.orig
# Again use the zlib sources from Ghostscript upstream
# and disable remove-zlib-h-dependency.patch because
# Ghostscript 9.21 does no longer build this way:
%if 0%{?suse_version} == 1315
# Again use the freetype sources from Ghostscript upstream because
# Ghostscript 9.27 does no longer build this way for SLE12:
rm -rf jpeg libpng tiff
%else
rm -rf freetype jpeg libpng tiff
%endif
# In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1
# because that is what Ghostscript upstream recommends according to
# https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html

View File

@ -1,9 +1,66 @@
-------------------------------------------------------------------
Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de
- Version upgrade to 9.27
Highlights in this release include:
* We (i.e. Ghostscript upstream) have extensively cleaned up
the Postscript name space: removing access to internal and/or
undocumented Postscript operators, procedures and data.
This has benefits for security and maintainability.
Incompatible changes:
The process of "tidying" the Postscript name space should
have removed only non-standard and undocumented operators.
Nevertheless, it is possible that any integrations or
utilities that rely on those non-standard and undocumented
operators may stop working, or may change behaviour.
If you encounter such a case, please contact us (i.e.
Ghostscript upstream) - (either the #ghostscript IRC channel,
or the gs-devel mailing list would be best), and we'll work
with you to either find an alternative solution.
* Fontmap can now reference invidual fonts in a TrueType
Collection for font subsitution. Previously, a Fontmap entry
could only reference a TrueType collection and use the default
(first) font.
Now, the Fontmap syntax allows for specifying a specific index
in a TTC. See the comments at the top of (the default)
Fontmap.GS for details.
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
IMPORTANT: It is our intention, within the next 12 months
(ideally sooner, in time for the next release) to make SAFER
the default mode of operation. For many users this will have
no effect, since they use SAFER explicitly, but some niche
uses which rely on SAFER being disabled may need to start
explicitly adding the "-dNOSAFER" option.
IMPORTANT: We (i.e. Ghostscript upstream) are in the process of
forking LittleCMS. LCMS2 is not thread safe, and cannot be made
thread safe without breaking the ABI. Our fork will be thread
safe, and include performance enhancements (these changes have
all be been offered and rejected upstream). We will maintain
compatibility between Ghostscript and LCMS2 for a time, but not
in perpetuity. Our fork will be available as its own package
separately from Ghostscript (and MuPDF).
For a release summary see:
http://www.ghostscript.com/doc/9.27/News.htm
For details see the News.htm and History9.htm files.
The Ghostscript 9.27 release should fix (cf. the entry below
dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
in particular those security issues:
* CVE-2019-3838 forceput in DefineResource is still accessible
https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186
https://bugs.ghostscript.com/show_bug.cgi?id=700576
* CVE-2019-3835: superexec operator is available
https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180
https://bugs.ghostscript.com/show_bug.cgi?id=700585
- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
is no longer needed because it is fixed in the upstream sources.
-------------------------------------------------------------------
Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com
- Added AA rules for dvips (bsc#1127934)
- Allow execution of dirname (bsc#1128697)
- Allow execution of hpijs (bsc#1128467). For now this is in
- Allow execution of hpijs (bsc#1128467). For now this is in
complain mode
- Sane profile name "ghostscript", moved profile from
/etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript

View File

@ -1,7 +1,7 @@
#
# spec file for package ghostscript
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -63,11 +63,7 @@ Url: http://www.ghostscript.com/
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version:
#Version: 9.25pre26rc1
# The upstream version 9.26a is a special Ghostscript upstream security bugfix tar ball
# where upstream provides a complete and consistent state of the whole Ghostscript code
# that includes in particular the complete patchset that is really non-trivial
# to fix the Ghostscript upstream bug 700317 CVE-2019-6116:
Version: 9.26a
Version: 9.27
Release: 0
# Normal version for Ghostscript releases is the upstream version:
# tarball_version is used below to specify the directory via "setup -n":
@ -79,7 +75,7 @@ Release: 0
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
#define built_version %{version}
%define built_version 9.26
%define built_version 9.27
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@ -91,14 +87,13 @@ Release: 0
#Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0:
# wget -O ghostscript-9.26.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostscript-9.26.tar.gz
# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz
# URL for MD5 checksums:
# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/MD5SUMS
# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz
# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS
# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz
Source0: ghostscript-%{version}.tar.gz
Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream:
Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
@ -223,6 +218,7 @@ For information how to use Ghostscript see
%package x11
Summary: X11 library for Ghostscript
Group: Productivity/Publishing/PS
# Require the exact matching version-release of the ghostscript main-package because
# a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault)
# because all Ghostscript software is built from one same Ghostscript source tar ball
@ -230,7 +226,6 @@ Summary: X11 library for Ghostscript
# The exact matching version-release of the ghostscript main-package is available
# on the same package repository where the ghostscript-x11 sub-package is because
# all are built simulaneously from the same Ghostscript source package:
Group: Productivity/Publishing/PS
Requires: ghostscript = %{version}-%{release}
# Unfortunately ghostscript-library.spec and ghostscript-mini.spec have
# an unversioned "Provides: ghostscript" and for RPM this means that both
@ -281,7 +276,6 @@ This package contains the development files for Ghostscript.
# Be quiet when unpacking and
# use a directory name matching Source0 to make it work also for ghostscript-mini:
%setup -q -n ghostscript-%{tarball_version}
%patch0 -p1
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
# Again use the zlib sources from Ghostscript upstream
@ -301,7 +295,13 @@ rm -f Resource/Init/*.ps.orig
# Again use the zlib sources from Ghostscript upstream
# and disable remove-zlib-h-dependency.patch because
# Ghostscript 9.21 does no longer build this way:
%if 0%{?suse_version} == 1315
# Again use the freetype sources from Ghostscript upstream because
# Ghostscript 9.27 does no longer build this way for SLE12:
rm -rf jpeg libpng tiff
%else
rm -rf freetype jpeg libpng tiff
%endif
# In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1
# because that is what Ghostscript upstream recommends according to
# https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html