Accepting request 635772 from home:jsmeix:branches:Printing

Ghostscript version upgrade to 9.25 which provides fixes for regressions in Ghostscript 9.24 and more security bufgixes, see https://www.ghostscript.com/doc/9.25/News.htm

OBS-URL: https://build.opensuse.org/request/show/635772
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=95

ghostscript-9.25.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:baafa64740b090bff50b220a6df3be95c46069b7e30f4b4effed28316e5b2389
+size 42017635

ghostscript-9.25rc1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:30955a417fac3d9faeb37ec6ef3f9309d0f6d3c2bce3ea1073fe547d5f755615
-size 42019310

ghostscript-mini.changes

@@ -1,3 +1,102 @@
+-------------------------------------------------------------------
+Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de
+
+- Version upgrade to 9.25
+  For the highlights in this release see the highlights in the
+  9.25rc1 first release candidate for 9.25 entry below.
+  PLEASE NOTE:
+  We (i.e. Ghostscript upstream) strongly urge users to upgrade
+  to this latest release to avoid these issues.
+  For a release summary see:
+  http://www.ghostscript.com/doc/9.25/News.htm
+  For details see the News.htm and History9.htm files.
+  The Ghostscript 9.25 release should fix (see below)
+  in particular those security issues:
+  * CVE-2018-15909: shading_param incomplete type checking
+    https://bugs.ghostscript.com/show_bug.cgi?id=699660
+    https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172
+  * CVE-2018-15908: .tempfile file permission issues
+    https://bugs.ghostscript.com/show_bug.cgi?id=699657
+    https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171
+  * CVE-2018-15910: LockDistillerParams type confusion
+    https://bugs.ghostscript.com/show_bug.cgi?id=699656
+    https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173
+  * CVE-2018-15911: uninitialized memory access in the aesdecode
+    https://bugs.ghostscript.com/show_bug.cgi?id=699665
+    https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195
+  * CVE-2018-16513: setcolor missing type check
+    https://bugs.ghostscript.com/show_bug.cgi?id=699655
+    https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412
+  * CVE-2018-16509: /invalidaccess bypass after failed restore
+    https://bugs.ghostscript.com/show_bug.cgi?id=699654
+    https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410
+  * CVE-2018-16510: Incorrect exec stack handling in the "CS"
+    and "SC" PDF primitives
+    https://bugs.ghostscript.com/show_bug.cgi?id=699671
+    https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411
+  * CVE-2018-16542: .definemodifiedfont memory corruption
+    if /typecheck is handled
+    https://bugs.ghostscript.com/show_bug.cgi?id=699668
+    https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413
+  * CVE-2018-16541 incorrect free logic in pagedevice replacement
+    https://bugs.ghostscript.com/show_bug.cgi?id=699664
+    https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421
+  * CVE-2018-16540 use-after-free in copydevice handling
+    https://bugs.ghostscript.com/show_bug.cgi?id=699661
+    https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420
+  * CVE-2018-16539: incorrect access checking in temp file
+    handling to disclose contents of files
+    https://bugs.ghostscript.com/show_bug.cgi?id=699658
+    https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422
+  * CVE-2018-16543: gssetresolution and gsgetresolution allow
+    for unspecified impact
+    https://bugs.ghostscript.com/show_bug.cgi?id=699670
+    https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423
+  * CVE-2018-16511: type confusion in "ztype" could be used by
+    remote attackers able to supply crafted PostScript to crash
+    the interpreter or possibly have unspecified other impact
+    https://bugs.ghostscript.com/show_bug.cgi?id=699659
+    https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426
+  * CVE-2018-16585 .setdistillerkeys PostScript command is
+    accepted even though it is not intended for use
+    https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581
+  * CVE-2018-16802: Incorrect"restoration of privilege" checking
+    when running out of stack during exceptionhandling could be
+    used by attackers able to supply crafted PostScript to execute
+    code using the "pipe" instruction. This is due to an incomplete
+    fix for CVE-2018-16509
+    https://bugs.ghostscript.com/show_bug.cgi?id=699714
+    https://bugs.ghostscript.com/show_bug.cgi?id=699718
+    https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027
+  Regarding what the above "should fix" means:
+  PostScript is a general purpose Turing-complete programming
+  language (cf. https://en.wikipedia.org/wiki/PostScript)
+  that supports in particular file access on the system disk.
+  When Ghostscript processes PostScript it runs a PostScript
+  program as the user who runs Ghostscript.
+  When Ghostscript processes an arbitrary PostScript file,
+  the user who runs Ghostscript runs an arbitrary program
+  which can do anything on the system where Ghostscript runs
+  that this user is allowed to do on that system.
+  To make it safer when Ghostscript runs a PostScript program
+  the Ghostscript command line option '-dSAFER' disables
+  certain file access functionality, for details see
+  /usr/share/doc/ghostscript/9.25/Use.htm
+  Its name 'SAFER' says everything: It makes it 'safer'
+  to let Ghostscript run a PostScript program,
+  but it does not make it completely safe.
+  In theory software is safe against misuse (i.e. has no bugs).
+  In practice there is an endless sequence of various kind of
+  security issues (i.e. software can be misused to do more than
+  what is intended) that get fixed issue by issue ad infinitum.
+  In the end all that means:
+  In practice the user who runs Ghostscript must not let it
+  process arbitrary PostScript files from untrusted origin.
+  In particular Ghostscript is usually run when printing
+  documents (with the '-dSAFER' option set), see the part about
+  "It is crucial to limit access to CUPS to trusted users" in
+  https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
+
 -------------------------------------------------------------------
 Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de
 

ghostscript-mini.spec

@@ -37,20 +37,20 @@ Url:            http://www.ghostscript.com/
 # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
 # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
 # so that we keep additionally the previous version number to upgrade from the previous version:
-Version:        9.24pre25rc1
+#Version:        9.24pre25rc1
-Release:        0
 # Normal version for Ghostscript releases is the upstream version:
-#Version:        9.24
+Version:        9.25
+Release:        0
 # tarball_version is used below to specify the directory via "setup -n":
 # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
 # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
-#define tarball_version %{version}
+%define tarball_version %{version}
-%define tarball_version 9.25rc1
+#define tarball_version 9.25rc1
 # built_version is used below in the install and files sections:
 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
 # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
-#define built_version %{version}
+%define built_version %{version}
-%define built_version 9.25
+#define built_version 9.25
 # Source0...Source9 is for sources from upstream:
 # Special URLs for Ghostscript release candidates:
 # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@@ -59,14 +59,14 @@ Release:        0
 # URL for MD5 checksums:
 # wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS
 # MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz
-Source0:        ghostscript-%{tarball_version}.tar.gz
+#Source0:        ghostscript-%{tarball_version}.tar.gz
 # Normal URLs for Ghostscript releases:
 # URL for Source0:
-# wget -O ghostscript-9.24.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/ghostscript-9.24.tar.gz
+# wget -O ghostscript-9.25.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/ghostscript-9.25.tar.gz
 # URL for MD5 checksums:
-# wget -O gs924.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/MD5SUMS
+# wget -O gs925.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/MD5SUMS
-# MD5 checksum for Source0: c5c3fa8eb737a6540814314a9d9e4995 ghostscript-9.24.tar.gz
+# MD5 checksum for Source0: eebd0fadbfa8e800094422ce65e94d5d ghostscript-9.25.tar.gz
-#Source0:        ghostscript-%{version}.tar.gz
+Source0:        ghostscript-%{version}.tar.gz
 # Patch0...Patch9 is for patches from upstream:
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:

ghostscript.changes

@@ -1,3 +1,102 @@
+-------------------------------------------------------------------
+Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de
+
+- Version upgrade to 9.25
+  For the highlights in this release see the highlights in the
+  9.25rc1 first release candidate for 9.25 entry below.
+  PLEASE NOTE:
+  We (i.e. Ghostscript upstream) strongly urge users to upgrade
+  to this latest release to avoid these issues.
+  For a release summary see:
+  http://www.ghostscript.com/doc/9.25/News.htm
+  For details see the News.htm and History9.htm files.
+  The Ghostscript 9.25 release should fix (see below)
+  in particular those security issues:
+  * CVE-2018-15909: shading_param incomplete type checking
+    https://bugs.ghostscript.com/show_bug.cgi?id=699660
+    https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172
+  * CVE-2018-15908: .tempfile file permission issues
+    https://bugs.ghostscript.com/show_bug.cgi?id=699657
+    https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171
+  * CVE-2018-15910: LockDistillerParams type confusion
+    https://bugs.ghostscript.com/show_bug.cgi?id=699656
+    https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173
+  * CVE-2018-15911: uninitialized memory access in the aesdecode
+    https://bugs.ghostscript.com/show_bug.cgi?id=699665
+    https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195
+  * CVE-2018-16513: setcolor missing type check
+    https://bugs.ghostscript.com/show_bug.cgi?id=699655
+    https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412
+  * CVE-2018-16509: /invalidaccess bypass after failed restore
+    https://bugs.ghostscript.com/show_bug.cgi?id=699654
+    https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410
+  * CVE-2018-16510: Incorrect exec stack handling in the "CS"
+    and "SC" PDF primitives
+    https://bugs.ghostscript.com/show_bug.cgi?id=699671
+    https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411
+  * CVE-2018-16542: .definemodifiedfont memory corruption
+    if /typecheck is handled
+    https://bugs.ghostscript.com/show_bug.cgi?id=699668
+    https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413
+  * CVE-2018-16541 incorrect free logic in pagedevice replacement
+    https://bugs.ghostscript.com/show_bug.cgi?id=699664
+    https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421
+  * CVE-2018-16540 use-after-free in copydevice handling
+    https://bugs.ghostscript.com/show_bug.cgi?id=699661
+    https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420
+  * CVE-2018-16539: incorrect access checking in temp file
+    handling to disclose contents of files
+    https://bugs.ghostscript.com/show_bug.cgi?id=699658
+    https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422
+  * CVE-2018-16543: gssetresolution and gsgetresolution allow
+    for unspecified impact
+    https://bugs.ghostscript.com/show_bug.cgi?id=699670
+    https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423
+  * CVE-2018-16511: type confusion in "ztype" could be used by
+    remote attackers able to supply crafted PostScript to crash
+    the interpreter or possibly have unspecified other impact
+    https://bugs.ghostscript.com/show_bug.cgi?id=699659
+    https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426
+  * CVE-2018-16585 .setdistillerkeys PostScript command is
+    accepted even though it is not intended for use
+    https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581
+  * CVE-2018-16802: Incorrect"restoration of privilege" checking
+    when running out of stack during exceptionhandling could be
+    used by attackers able to supply crafted PostScript to execute
+    code using the "pipe" instruction. This is due to an incomplete
+    fix for CVE-2018-16509
+    https://bugs.ghostscript.com/show_bug.cgi?id=699714
+    https://bugs.ghostscript.com/show_bug.cgi?id=699718
+    https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027
+  Regarding what the above "should fix" means:
+  PostScript is a general purpose Turing-complete programming
+  language (cf. https://en.wikipedia.org/wiki/PostScript)
+  that supports in particular file access on the system disk.
+  When Ghostscript processes PostScript it runs a PostScript
+  program as the user who runs Ghostscript.
+  When Ghostscript processes an arbitrary PostScript file,
+  the user who runs Ghostscript runs an arbitrary program
+  which can do anything on the system where Ghostscript runs
+  that this user is allowed to do on that system.
+  To make it safer when Ghostscript runs a PostScript program
+  the Ghostscript command line option '-dSAFER' disables
+  certain file access functionality, for details see
+  /usr/share/doc/ghostscript/9.25/Use.htm
+  Its name 'SAFER' says everything: It makes it 'safer'
+  to let Ghostscript run a PostScript program,
+  but it does not make it completely safe.
+  In theory software is safe against misuse (i.e. has no bugs).
+  In practice there is an endless sequence of various kind of
+  security issues (i.e. software can be misused to do more than
+  what is intended) that get fixed issue by issue ad infinitum.
+  In the end all that means:
+  In practice the user who runs Ghostscript must not let it
+  process arbitrary PostScript files from untrusted origin.
+  In particular Ghostscript is usually run when printing
+  documents (with the '-dSAFER' option set), see the part about
+  "It is crucial to limit access to CUPS to trusted users" in
+  https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
+
 -------------------------------------------------------------------
 Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de
 

ghostscript.spec

@@ -57,20 +57,20 @@ Url:            http://www.ghostscript.com/
 # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
 # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
 # so that we keep additionally the previous version number to upgrade from the previous version:
-Version:        9.24pre25rc1
+#Version:        9.24pre25rc1
-Release:        0
 # Normal version for Ghostscript releases is the upstream version:
-#Version:        9.24
+Version:        9.25
+Release:        0
 # tarball_version is used below to specify the directory via "setup -n":
 # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
 # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
-#define tarball_version %{version}
+%define tarball_version %{version}
-%define tarball_version 9.25rc1
+#define tarball_version 9.25rc1
 # built_version is used below in the install and files sections:
 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
 # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
-#define built_version %{version}
+%define built_version %{version}
-%define built_version 9.25
+#define built_version 9.25
 # Source0...Source9 is for sources from upstream:
 # Special URLs for Ghostscript release candidates:
 # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@@ -79,14 +79,14 @@ Release:        0
 # URL for MD5 checksums:
 # wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS
 # MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz
-Source0:        ghostscript-%{tarball_version}.tar.gz
+#Source0:        ghostscript-%{tarball_version}.tar.gz
 # Normal URLs for Ghostscript releases:
 # URL for Source0:
-# wget -O ghostscript-9.24.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/ghostscript-9.24.tar.gz
+# wget -O ghostscript-9.25.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/ghostscript-9.25.tar.gz
 # URL for MD5 checksums:
-# wget -O gs924.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/MD5SUMS
+# wget -O gs925.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/MD5SUMS
-# MD5 checksum for Source0: c5c3fa8eb737a6540814314a9d9e4995 ghostscript-9.24.tar.gz
+# MD5 checksum for Source0: eebd0fadbfa8e800094422ce65e94d5d ghostscript-9.25.tar.gz
-#Source0:        ghostscript-%{version}.tar.gz
+Source0:        ghostscript-%{version}.tar.gz
 # Patch0...Patch9 is for patches from upstream:
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream: