diff --git a/ghostscript-2.26-subclassing-devices-fix-put_image-method.patch b/ghostscript-2.26-subclassing-devices-fix-put_image-method.patch deleted file mode 100644 index 0568b4a..0000000 --- a/ghostscript-2.26-subclassing-devices-fix-put_image-method.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fae21f1668d2b44b18b84cf0923a1d5f3008a696 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Tue, 4 Dec 2018 21:31:31 +0000 -Subject: [PATCH] subclassing devices - fix put_image method - -The subclassing devices need to change the 'memory device' parameter to -be the child device, when its the same as the subclassing device. - -Otherwise we end up trying to access the child device's memory pointers -in the subclassing device, which may not contain valid copies of -those pointers. ---- - base/gdevsclass.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/base/gdevsclass.c b/base/gdevsclass.c -index d9c85d2..5109258 100644 ---- a/base/gdevsclass.c -+++ b/base/gdevsclass.c -@@ -797,7 +797,10 @@ int default_subclass_put_image(gx_device *dev, gx_device *mdev, const byte **buf - int alpha_plane_index, int tag_plane_index) - { - if (dev->child) -- return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); -+ if (dev == mdev) -+ return dev_proc(dev->child, put_image)(dev->child, dev->child, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); -+ else -+ return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); - - return 0; - } --- -2.9.1 - diff --git a/ghostscript-9.26a.tar.gz b/ghostscript-9.26a.tar.gz deleted file mode 100644 index 913924f..0000000 --- a/ghostscript-9.26a.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:79482d5b8350a542ed830ce724b7317f878bcddbdbc163471e2a74848462eb3b -size 42087219 diff --git a/ghostscript-9.27.tar.gz b/ghostscript-9.27.tar.gz new file mode 100644 index 0000000..57d5716 --- /dev/null +++ b/ghostscript-9.27.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9760e8bdd07a08dbd445188a6557cb70e60ccb6a5601f7dbfba0d225e28ce285 +size 42277543 diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 5dafac8..acb7ba7 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,9 +1,66 @@ +------------------------------------------------------------------- +Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de + +- Version upgrade to 9.27 + Highlights in this release include: + * We (i.e. Ghostscript upstream) have extensively cleaned up + the Postscript name space: removing access to internal and/or + undocumented Postscript operators, procedures and data. + This has benefits for security and maintainability. + Incompatible changes: + The process of "tidying" the Postscript name space should + have removed only non-standard and undocumented operators. + Nevertheless, it is possible that any integrations or + utilities that rely on those non-standard and undocumented + operators may stop working, or may change behaviour. + If you encounter such a case, please contact us (i.e. + Ghostscript upstream) - (either the #ghostscript IRC channel, + or the gs-devel mailing list would be best), and we'll work + with you to either find an alternative solution. + * Fontmap can now reference invidual fonts in a TrueType + Collection for font subsitution. Previously, a Fontmap entry + could only reference a TrueType collection and use the default + (first) font. + Now, the Fontmap syntax allows for specifying a specific index + in a TTC. See the comments at the top of (the default) + Fontmap.GS for details. + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + IMPORTANT: It is our intention, within the next 12 months + (ideally sooner, in time for the next release) to make SAFER + the default mode of operation. For many users this will have + no effect, since they use SAFER explicitly, but some niche + uses which rely on SAFER being disabled may need to start + explicitly adding the "-dNOSAFER" option. + IMPORTANT: We (i.e. Ghostscript upstream) are in the process of + forking LittleCMS. LCMS2 is not thread safe, and cannot be made + thread safe without breaking the ABI. Our fork will be thread + safe, and include performance enhancements (these changes have + all be been offered and rejected upstream). We will maintain + compatibility between Ghostscript and LCMS2 for a time, but not + in perpetuity. Our fork will be available as its own package + separately from Ghostscript (and MuPDF). + For a release summary see: + http://www.ghostscript.com/doc/9.27/News.htm + For details see the News.htm and History9.htm files. + The Ghostscript 9.27 release should fix (cf. the entry below + dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means) + in particular those security issues: + * CVE-2019-3838 forceput in DefineResource is still accessible + https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186 + https://bugs.ghostscript.com/show_bug.cgi?id=700576 + * CVE-2019-3835: superexec operator is available + https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180 + https://bugs.ghostscript.com/show_bug.cgi?id=700585 +- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch + is no longer needed because it is fixed in the upstream sources. + ------------------------------------------------------------------- Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com - Added AA rules for dvips (bsc#1127934) - Allow execution of dirname (bsc#1128697) -- Allow execution of hpijs (bsc#1128467). For now this is in +- Allow execution of hpijs (bsc#1128467). For now this is in complain mode - Sane profile name "ghostscript", moved profile from /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index 653fadf..d99efe8 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -43,11 +43,7 @@ Url: http://www.ghostscript.com/ # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: #Version: 9.25pre26rc1 -# The upstream version 9.26a is a special Ghostscript upstream security bugfix tar ball -# where upstream provides a complete and consistent state of the whole Ghostscript code -# that includes in particular the complete patchset that is really non-trivial -# to fix the Ghostscript upstream bug 700317 CVE-2019-6116: -Version: 9.26a +Version: 9.27 Release: 0 # Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": @@ -59,7 +55,7 @@ Release: 0 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): #define built_version %{version} -%define built_version 9.26 +%define built_version 9.27 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -71,14 +67,13 @@ Release: 0 #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.26.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostscript-9.26.tar.gz +# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz # URL for MD5 checksums: -# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/MD5SUMS -# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz +# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS +# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: -Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -145,7 +140,6 @@ This package contains the development files for Minimal Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -%patch0 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream @@ -165,7 +159,13 @@ rm -f Resource/Init/*.ps.orig # Again use the zlib sources from Ghostscript upstream # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: +%if 0%{?suse_version} == 1315 +# Again use the freetype sources from Ghostscript upstream because +# Ghostscript 9.27 does no longer build this way for SLE12: +rm -rf jpeg libpng tiff +%else rm -rf freetype jpeg libpng tiff +%endif # In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1 # because that is what Ghostscript upstream recommends according to # https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html diff --git a/ghostscript.changes b/ghostscript.changes index fdb7a64..b6fb1cf 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,9 +1,66 @@ +------------------------------------------------------------------- +Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de + +- Version upgrade to 9.27 + Highlights in this release include: + * We (i.e. Ghostscript upstream) have extensively cleaned up + the Postscript name space: removing access to internal and/or + undocumented Postscript operators, procedures and data. + This has benefits for security and maintainability. + Incompatible changes: + The process of "tidying" the Postscript name space should + have removed only non-standard and undocumented operators. + Nevertheless, it is possible that any integrations or + utilities that rely on those non-standard and undocumented + operators may stop working, or may change behaviour. + If you encounter such a case, please contact us (i.e. + Ghostscript upstream) - (either the #ghostscript IRC channel, + or the gs-devel mailing list would be best), and we'll work + with you to either find an alternative solution. + * Fontmap can now reference invidual fonts in a TrueType + Collection for font subsitution. Previously, a Fontmap entry + could only reference a TrueType collection and use the default + (first) font. + Now, the Fontmap syntax allows for specifying a specific index + in a TTC. See the comments at the top of (the default) + Fontmap.GS for details. + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + IMPORTANT: It is our intention, within the next 12 months + (ideally sooner, in time for the next release) to make SAFER + the default mode of operation. For many users this will have + no effect, since they use SAFER explicitly, but some niche + uses which rely on SAFER being disabled may need to start + explicitly adding the "-dNOSAFER" option. + IMPORTANT: We (i.e. Ghostscript upstream) are in the process of + forking LittleCMS. LCMS2 is not thread safe, and cannot be made + thread safe without breaking the ABI. Our fork will be thread + safe, and include performance enhancements (these changes have + all be been offered and rejected upstream). We will maintain + compatibility between Ghostscript and LCMS2 for a time, but not + in perpetuity. Our fork will be available as its own package + separately from Ghostscript (and MuPDF). + For a release summary see: + http://www.ghostscript.com/doc/9.27/News.htm + For details see the News.htm and History9.htm files. + The Ghostscript 9.27 release should fix (cf. the entry below + dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means) + in particular those security issues: + * CVE-2019-3838 forceput in DefineResource is still accessible + https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186 + https://bugs.ghostscript.com/show_bug.cgi?id=700576 + * CVE-2019-3835: superexec operator is available + https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180 + https://bugs.ghostscript.com/show_bug.cgi?id=700585 +- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch + is no longer needed because it is fixed in the upstream sources. + ------------------------------------------------------------------- Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com - Added AA rules for dvips (bsc#1127934) - Allow execution of dirname (bsc#1128697) -- Allow execution of hpijs (bsc#1128467). For now this is in +- Allow execution of hpijs (bsc#1128467). For now this is in complain mode - Sane profile name "ghostscript", moved profile from /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript diff --git a/ghostscript.spec b/ghostscript.spec index 9506b0e..25ff3ad 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -63,11 +63,7 @@ Url: http://www.ghostscript.com/ # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: #Version: 9.25pre26rc1 -# The upstream version 9.26a is a special Ghostscript upstream security bugfix tar ball -# where upstream provides a complete and consistent state of the whole Ghostscript code -# that includes in particular the complete patchset that is really non-trivial -# to fix the Ghostscript upstream bug 700317 CVE-2019-6116: -Version: 9.26a +Version: 9.27 Release: 0 # Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": @@ -79,7 +75,7 @@ Release: 0 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): #define built_version %{version} -%define built_version 9.26 +%define built_version 9.27 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -91,14 +87,13 @@ Release: 0 #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.26.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostscript-9.26.tar.gz +# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz # URL for MD5 checksums: -# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/MD5SUMS -# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz +# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS +# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: -Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -223,6 +218,7 @@ For information how to use Ghostscript see %package x11 Summary: X11 library for Ghostscript +Group: Productivity/Publishing/PS # Require the exact matching version-release of the ghostscript main-package because # a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault) # because all Ghostscript software is built from one same Ghostscript source tar ball @@ -230,7 +226,6 @@ Summary: X11 library for Ghostscript # The exact matching version-release of the ghostscript main-package is available # on the same package repository where the ghostscript-x11 sub-package is because # all are built simulaneously from the same Ghostscript source package: -Group: Productivity/Publishing/PS Requires: ghostscript = %{version}-%{release} # Unfortunately ghostscript-library.spec and ghostscript-mini.spec have # an unversioned "Provides: ghostscript" and for RPM this means that both @@ -281,7 +276,6 @@ This package contains the development files for Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -%patch0 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream @@ -301,7 +295,13 @@ rm -f Resource/Init/*.ps.orig # Again use the zlib sources from Ghostscript upstream # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: +%if 0%{?suse_version} == 1315 +# Again use the freetype sources from Ghostscript upstream because +# Ghostscript 9.27 does no longer build this way for SLE12: +rm -rf jpeg libpng tiff +%else rm -rf freetype jpeg libpng tiff +%endif # In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1 # because that is what Ghostscript upstream recommends according to # https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html