pool/ghostscript
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 843002 from Printing

Browse Source 
Ghostscript version upgrade to 9.53.3 that fixes boo#1177922 and fixes compilation with FreeType 2.10.3+ (forwarded request 843001 from jsmeix)

OBS-URL: https://build.opensuse.org/request/show/843002
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=47
This commit is contained in:
Dominique Leuenberger 2020-10-23 10:19:09 +00:00 committed by Git OBS Bridge
commit 112ea62c59
8 changed files with 214 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch Normal file
View File

@ -0,0 +1,50 @@
From 41ef9a0bc36b9db7115fbe9623f989bfb47bbade Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Tue, 20 Oct 2020 09:49:45 +0100
Subject: [PATCH] Bug 702985: drop use of FT_CALLBACK_DEF() def
From 2.10.3, Freetype disappeared the FT_CALLBACK_DEF() macro, which is what
we used when defining our callbacks from Freetype.
No guidance forthcoming from the Freetype developer who made those changes,
so change to explicitly declaring the callbacks file static.
Should fix the reported build failures.
---
base/fapi_ft.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/base/fapi_ft.c b/base/fapi_ft.c
index 65fa6dcf4..21aef2f06 100644
--- a/base/fapi_ft.c
+++ b/base/fapi_ft.c
@@ -125,7 +125,7 @@ static void
delete_inc_int_info(gs_fapi_server * a_server,
FT_IncrementalRec * a_inc_int_info);
-FT_CALLBACK_DEF(void *)
+static void *
FF_alloc(FT_Memory memory, long size)
{
gs_memory_t *mem = (gs_memory_t *) memory->user;
@@ -133,7 +133,7 @@ FF_alloc(FT_Memory memory, long size)
return (gs_malloc(mem, size, 1, "FF_alloc"));
}
-FT_CALLBACK_DEF(void *)
+static void *
FF_realloc(FT_Memory memory, long cur_size, long new_size, void *block)
{
gs_memory_t *mem = (gs_memory_t *) memory->user;
@@ -153,7 +153,7 @@ FT_CALLBACK_DEF(void *)
return (tmp);
}
-FT_CALLBACK_DEF(void)
+static void
FF_free(FT_Memory memory, void *block)
{
gs_memory_t *mem = (gs_memory_t *) memory->user;
--
2.17.1

27
CVE-2020-15900.patch
View File

@ -1,27 +0,0 @@
--- psi/zstring.c.orig 2020-03-19 09:21:42.000000000 +0100
+++ psi/zstring.c 2020-07-27 08:25:08.963425295 +0200
@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forwa
return 0;
found:
op->tas.type_attrs = op1->tas.type_attrs;
- op->value.bytes = ptr;
- r_set_size(op, size);
+ op->value.bytes = ptr; /* match */
+ op->tas.rsize = size; /* match */
push(2);
- op[-1] = *op1;
- r_set_size(op - 1, ptr - op[-1].value.bytes);
- op1->value.bytes = ptr + size;
- r_set_size(op1, count + (!forward ? (size - 1) : 0));
+ op[-1] = *op1; /* pre */
+ op[-3].value.bytes = ptr + size; /* post */
+ if (forward) {
+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
+ op[-3].tas.rsize = count; /* post */
+ } else {
+ op[-1].tas.rsize = count; /* pre */
+ op[-3].tas.rsize -= count + size; /* post */
+ }
make_true(op);
return 0;
}

3
ghostscript-9.52.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c2501d8e8e0814c4a5aa7e443e230e73d7af7f70287546f7b697e5ef49e32176
size 49722607

3
ghostscript-9.53.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6eaf422f26a81854a230b80fd18aaef7e8d94d661485bd2e97e695b9dce7bf7f
size 52426790

62
ghostscript-mini.changes
View File

@ -1,3 +1,65 @@
-------------------------------------------------------------------
Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez <idonmez@suse.com>
- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
fixes compilation with FreeType 2.10.3+
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
-------------------------------------------------------------------
Tue Oct 20 16:03:48 CEST 2020 - jsmeix@suse.de
- Version upgrade to 9.53.3
Highlights in this release include
(excerpts from the Ghostscript upstream release summary
in https://www.ghostscript.com/doc/9.53.3/News.htm):
* The 9.53.3 release is primarily maintenance.
* Issues arose with 9.53.0/1/2 that prompted the release
of a .3 patch:
A crash related to management of ICC profile objects.
A parameter type mismatch that would cause Ghostscript
to error out during initialisation, which
affected 64 big, big endian architectures.
An unexpected side effect of another change that prevented
multithreaded rendering and background rendering
from working correctly.
* The most obvious change is the (re-)introduction of the
patch level to the version number, this helps facilitate
a revised policy on handling security related issues.
To clarify: in the event we decide to release a patch revision,
it will replace the release with the previous patch number.
Release notes, highlights and warnings will remain the same,
except for the addition of whatever fix(es) prompted the patch.
* Our efforts in code hygiene and maintainability continue.
* We have added Python bindings for the gsapi interface, can be
found in demos/python. These are experimental, and we welcome
feedback from interested developers.
* For those integrating Ghostscript/GhostPDL via the gsapi
interface, we have added new capabilities to that, specifically
in terms of setting and interrogating device parameters. These,
along with the existing interface calls, are documented in:
Ghostscript Interpreter API at
https://www.ghostscript.com/doc/9.53.3/API.htm
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
* For a list of open issues, or to report problems, please visit
bugs.ghostscript.com
Incompatible changes:
* As of 9.53.0, we have (re-)introduced the patch level to the
version number, this helps facilitate a revised policy
on handling security related issues.
Note for GSView Users: The patch level addition breaks
GSView 5 (it is hardcoded to check for versions 704-999).
It is possible, but not guaranteed that a GSView update might
be forthcoming to resolve this.
For a release summary see:
https://www.ghostscript.com/doc/9.53.3/News.htm
For details see the News.htm and History9.htm files.
- CVE-2020-15900.patch is no longer needed
because it is fixed in the upstream sources.
- Ghostscript 9.53.3 fixes in particular txtwrite memory issues
(boo#1177922).
-------------------------------------------------------------------
Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de

42
ghostscript-mini.spec
View File

@ -47,7 +47,7 @@ URL: https://www.ghostscript.com/
# so that we keep additionally the previous version number to upgrade from the previous version:
# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
#Version: 9.25pre26rc1
Version: 9.52
Version: 9.53.3
Release: 0
# Normal version for Ghostscript releases is the upstream version:
# tarball_version is used below to specify the directory via "setup -n":
@ -58,8 +58,8 @@ Release: 0
# built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
#define built_version %{version}
%define built_version 9.52
%define built_version %{version}
#define built_version 9.26
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@ -71,20 +71,17 @@ Release: 0
#Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0:
# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz
# wget -O ghostscript-9.53.3.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/ghostscript-9.53.3.tar.gz
# URL for MD5 checksums:
# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS
# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz
# wget -O gs9533.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/MD5SUMS
# MD5 checksum for Source0: 807a5c4934a814e8a6cd83eff702f212 ghostscript-9.53.3.tar.gz
Source0: ghostscript-%{version}.tar.gz
Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream:
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
Patch1: CVE-2020-15900.patch
# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
Patch2: 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
@ -153,13 +150,10 @@ This package contains the development files for Minimal Ghostscript.
# Be quiet when unpacking and
# use a directory name matching Source0 to make it work also for ghostscript-mini:
%setup -q -n ghostscript-%{tarball_version}
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
%patch1
# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
%patch2 -p1
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
# Again use the zlib sources from Ghostscript upstream
@ -188,6 +182,9 @@ rm -rf jpeg libpng tiff
%else
rm -rf freetype jpeg libpng tiff
%endif
%if 0%{?suse_version} >= 1550
rm -rf openjpeg
%endif
# In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1
# because that is what Ghostscript upstream recommends according to
# https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html
@ -327,14 +324,15 @@ popd
# Extract the catalog of devices which are actually built-in in exactly this Ghostscript:
# If a needed source file is no longer accessible fail intentionally as notification
# that something changed which needs adaptions here:
for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak"
for F in $catalog_devices_source_files
do test -r $F || exit 99
done
# Do not pollute the build log file with zillions of meaningless messages:
set +x
cat /dev/null >catalog.devices
for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' )
do for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
do for F in $catalog_devices_source_files
do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices
done
done

62
ghostscript.changes
View File

@ -1,3 +1,65 @@
-------------------------------------------------------------------
Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez <idonmez@suse.com>
- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
fixes compilation with FreeType 2.10.3+
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
-------------------------------------------------------------------
Tue Oct 20 16:03:48 CEST 2020 - jsmeix@suse.de
- Version upgrade to 9.53.3
Highlights in this release include
(excerpts from the Ghostscript upstream release summary
in https://www.ghostscript.com/doc/9.53.3/News.htm):
* The 9.53.3 release is primarily maintenance.
* Issues arose with 9.53.0/1/2 that prompted the release
of a .3 patch:
A crash related to management of ICC profile objects.
A parameter type mismatch that would cause Ghostscript
to error out during initialisation, which
affected 64 big, big endian architectures.
An unexpected side effect of another change that prevented
multithreaded rendering and background rendering
from working correctly.
* The most obvious change is the (re-)introduction of the
patch level to the version number, this helps facilitate
a revised policy on handling security related issues.
To clarify: in the event we decide to release a patch revision,
it will replace the release with the previous patch number.
Release notes, highlights and warnings will remain the same,
except for the addition of whatever fix(es) prompted the patch.
* Our efforts in code hygiene and maintainability continue.
* We have added Python bindings for the gsapi interface, can be
found in demos/python. These are experimental, and we welcome
feedback from interested developers.
* For those integrating Ghostscript/GhostPDL via the gsapi
interface, we have added new capabilities to that, specifically
in terms of setting and interrogating device parameters. These,
along with the existing interface calls, are documented in:
Ghostscript Interpreter API at
https://www.ghostscript.com/doc/9.53.3/API.htm
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
* For a list of open issues, or to report problems, please visit
bugs.ghostscript.com
Incompatible changes:
* As of 9.53.0, we have (re-)introduced the patch level to the
version number, this helps facilitate a revised policy
on handling security related issues.
Note for GSView Users: The patch level addition breaks
GSView 5 (it is hardcoded to check for versions 704-999).
It is possible, but not guaranteed that a GSView update might
be forthcoming to resolve this.
For a release summary see:
https://www.ghostscript.com/doc/9.53.3/News.htm
For details see the News.htm and History9.htm files.
- CVE-2020-15900.patch is no longer needed
because it is fixed in the upstream sources.
- Ghostscript 9.53.3 fixes in particular txtwrite memory issues
(boo#1177922).
-------------------------------------------------------------------
Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de

39
ghostscript.spec
View File

@ -71,7 +71,7 @@ URL: https://www.ghostscript.com/
# so that we keep additionally the previous version number to upgrade from the previous version:
# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
#Version: 9.25pre26rc1
Version: 9.52
Version: 9.53.3
Release: 0
# Normal version for Ghostscript releases is the upstream version:
# tarball_version is used below to specify the directory via "setup -n":
@ -82,8 +82,8 @@ Release: 0
# built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
#define built_version %{version}
%define built_version 9.52
%define built_version %{version}
#define built_version 9.26
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@ -95,20 +95,17 @@ Release: 0
#Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0:
# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz
# wget -O ghostscript-9.53.3.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/ghostscript-9.53.3.tar.gz
# URL for MD5 checksums:
# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS
# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz
# wget -O gs9533.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/MD5SUMS
# MD5 checksum for Source0: 807a5c4934a814e8a6cd83eff702f212 ghostscript-9.53.3.tar.gz
Source0: ghostscript-%{version}.tar.gz
Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream:
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
Patch1: CVE-2020-15900.patch
# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
Patch2: 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
@ -290,13 +287,10 @@ This package contains the development files for Ghostscript.
# Be quiet when unpacking and
# use a directory name matching Source0 to make it work also for ghostscript-mini:
%setup -q -n ghostscript-%{tarball_version}
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
%patch1
# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
%patch2 -p1
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
# Again use the zlib sources from Ghostscript upstream
@ -467,14 +461,15 @@ popd
# Extract the catalog of devices which are actually built-in in exactly this Ghostscript:
# If a needed source file is no longer accessible fail intentionally as notification
# that something changed which needs adaptions here:
for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak"
for F in $catalog_devices_source_files
do test -r $F || exit 99
done
# Do not pollute the build log file with zillions of meaningless messages:
set +x
cat /dev/null >catalog.devices
for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' )
do for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
do for F in $catalog_devices_source_files
do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices
done
done