Accepting request 333702 from home:jsmeix:branches:Printing

Ghostscript version upgrade to 9.18rc1 (first release candidate for 9.18)

OBS-URL: https://build.opensuse.org/request/show/333702
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=55

CVE-2015-3228.patch

@@ -1,11 +0,0 @@
---- base/gsmalloc.c
-+++ base/gsmalloc.c
-@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname)
-     } else {
-         uint added = size + sizeof(gs_malloc_block_t);
- 
--        if (mmem->limit - added < mmem->used)
-+        if (added <= size || mmem->limit - added < mmem->used)
-             set_msg("exceeded limit");
-         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
-             set_msg("failed");

assign_pointer_not_value_in_gximono.c.patch

@@ -0,0 +1,38 @@
+--- base/gximono.c.orig	2015-09-23 16:04:26.000000000 +0200
++++ base/gximono.c	2015-09-24 11:56:42.000000000 +0200
+@@ -1065,7 +1065,7 @@ image_render_mono_ht(gx_image_enum * pen
+                             dda_next(dda_ht);
+                             xn = fixed2int_var_rounded(dda_current(dda_ht));
+                             while (xr < xn) {
+-                                dev_value = color_cache[*psrc * spp_out];
++                                dev_value = &(color_cache[*psrc * spp_out]);
+                                 for (j = 0; j < spp_out; j++) {
+                                     *(devc_contone[j])++ = dev_value[j];
+                                 }
+@@ -1097,7 +1097,7 @@ image_render_mono_ht(gx_image_enum * pen
+                             dda_next(dda_ht);
+                             xn = fixed2int_var_rounded(dda_current(dda_ht));
+                             while (xr > xn) {
+-                                dev_value = color_cache[*psrc * spp_out];
++                                dev_value = &(color_cache[*psrc * spp_out]);
+                                 for (j = 0; j < spp_out; j++) {
+                                     *(devc_contone[j])-- = dev_value[j];
+                                 }
+@@ -1135,7 +1135,7 @@ image_render_mono_ht(gx_image_enum * pen
+                             dda_next(dda_ht);
+                             xn = fixed2int_var_rounded(dda_current(dda_ht));
+                             while (xr > xn) {
+-                                dev_value = color_cache[*psrc * spp_out];
++                                dev_value = &(color_cache[*psrc * spp_out]);
+                                 for (j = 0; j < spp_out; j++) {
+                                     *(devc_contone[j] + position) = dev_value[j];
+                                     position -= LAND_BITS;
+@@ -1172,7 +1172,7 @@ image_render_mono_ht(gx_image_enum * pen
+                             dda_next(dda_ht);
+                             xn = fixed2int_var_rounded(dda_current(dda_ht));
+                             while (xr < xn) {
+-                                dev_value = color_cache[*psrc * spp_out];
++                                dev_value = &(color_cache[*psrc * spp_out]);
+                                 for (j = 0; j < spp_out; j++) {
+                                     *(devc_contone[j] + position) = dev_value[j];
+                                     devc_contone[j] += LAND_BITS;

ghostscript-9.16.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:746d77280cca8afdd3d4c2c1389e332ed9b0605bd107bcaae1d761b061d1a68d
-size 33623036

ghostscript-9.18rc1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cf3c63835c7836ab25b137941e04c6e8d9392057db09a76bb4d01df0adc8ee74
+size 33721556

ghostscript-mini.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Sep 24 10:29:04 CEST 2015 - jsmeix@suse.de
+
+- Version upgrade to 9.18rc1 (first release candidate for 9.18).
+  For details see the News.htm and History9.htm files.
+  Regarding installing packages (in particular release candidates)
+  from the openSUSE build service development project "Printing"
+  see https://build.opensuse.org/project/show/Printing
+- CVE-2015-3228.patch is no longer needed because it is fixed
+  in the upstream sources.
+- assign_pointer_not_value_in_gximono.c.patch attempts to fix a
+  "assignment makes pointer from integer without a cast" compiler
+  warning by assigning the pointer and not the integer value.
+- Removed --disable-compile-inits from configure, see
+  http://bugs.ghostscript.com/show_bug.cgi?id=696223
+  and "Precompiled run-time data" in
+  /usr/share/ghostscript/9.18/doc/Make.htm
+
 -------------------------------------------------------------------
 Wed Jul 29 15:20:46 CEST 2015 - jsmeix@suse.de
 

ghostscript-mini.spec

@@ -35,32 +35,33 @@ Url:            http://www.ghostscript.com/
 # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
 # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
 # so that we keep additionally the previous version number to upgrade from the previous version:
-#Version:        9.15pre16rc2
-# Normal version for Ghostscript releases is the upstream version:
-Version:        9.16
+Version:        9.16pre18rc1
 Release:        0
+# Normal version for Ghostscript releases is the upstream version:
+#Version:        9.16
 # tarball_version is used below to specify the directory via "setup -n":
 # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
 # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
-%define tarball_version %{version}
-#define tarball_version 9.16rc2
+#define tarball_version %{version}
+%define tarball_version 9.18rc1
 # built_version is used below in the install and files sections:
 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
 # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
-%define built_version %{version}
-#define built_version 9.16
+#define built_version %{version}
+%define built_version 9.18
 # Source0...Source9 is for sources from upstream:
 # Special URLs for Ghostscript release candidates:
-# URL for Source0: http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.16rc2.tar.gz
-# URL for MD5 checksums: http://www.ghostscript.com/~chrisl/MD5SUMS or http://www.ghostscript.com/~chrisl/MD5SUM
-# or http://downloads.ghostscript.com/public/.release_candidate/MD5SUMS
-# MD5 checksum for Source0: 17983ee93d97596ffa72fd32be2426a4
-#Source0:        http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.16rc2.tar.gz
+# URL for Source0: http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.18rc1.tar.gz
+# URL for MD5 checksums: http://www.ghostscript.com/~chrisl/MD5SUMS
+#                        or http://www.ghostscript.com/~chrisl/MD5SUM
+#                        or http://downloads.ghostscript.com/public/.release_candidate/MD5SUMS
+# MD5 checksum for Source0: fed5d3b6bd20265c25373310ce37b21f
+Source0:        http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.18rc1.tar.gz
 # Normal URLs for Ghostscript releases:
 # URL for Source0: http://downloads.ghostscript.com/public/ghostscript-9.16.tar.gz
 # URL for MD5 checksums: http://downloads.ghostscript.com/public/MD5SUMS
 # MD5 checksum for Source0: 829319325bbdb83f5c81379a8f86f38f
-Source0:        http://downloads.ghostscript.com/public/ghostscript-%{version}.tar.gz
+#Source0:        http://downloads.ghostscript.com/public/ghostscript-%{version}.tar.gz
 # Patch0...Patch9 is for patches from upstream:
 #
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
@@ -72,13 +73,14 @@ Source0:        http://downloads.ghostscript.com/public/ghostscript-%{version}.t
 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
 # see http://bugs.ghostscript.com/show_bug.cgi?id=695544
 Patch11:        ppc64le-support.patch
+# Patch12 assign_pointer_not_value_in_gximono.c.patch attempts to fix
+# a "assignment makes pointer from integer without a cast" compiler warning
+# by assigning the pointer and not the integer value:
+Patch12:        assign_pointer_not_value_in_gximono.c.patch
 #
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
 #
 # Patch100...Patch999 is for patches from SUSE which are not intended for upstream:
-# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow
-# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
-Patch101:       CVE-2015-3228.patch
 #
 Conflicts:      ghostscript
 Conflicts:      ghostscript-x11
@@ -153,13 +155,14 @@ This package contains the development files for Minimal Ghostscript.
 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
 # see http://bugs.ghostscript.com/show_bug.cgi?id=695544
 %patch11 -p1 -b ppc64le-support.orig
-# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow
-# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
-%patch101 -b .CVE-2015-3228.orig
+# Patch12 assign_pointer_not_value_in_gximono.c.patch attempts to fix
+# a "assignment makes pointer from integer without a cast" compiler warning
+# by assigning the pointer and not the integer value:
+%patch12 -b assign_pointer_not_value_in_gximono.c.orig
 
 %build
 # Set our preferred architecture-specific flags for the compiler and linker:
-export CFLAGS="$RPM_OPT_FLAGS"
+export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 autoreconf -fi
 # --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used.
@@ -202,7 +205,6 @@ export SUSE_ASNEEDED=0
             --with-drivers=FILES \
             --without-x \
             --disable-gtk \
-            --disable-compile-inits \
             --without-omni \
             --without-ufst \
             --without-luratech \
@@ -356,9 +358,7 @@ exit 0
 %dir %{_datadir}/ghostscript/%{built_version}
 %doc %{_datadir}/ghostscript/%{built_version}/doc/
 %{_datadir}/ghostscript/%{built_version}/examples/
-%{_datadir}/ghostscript/%{built_version}/iccprofiles/
 %{_datadir}/ghostscript/%{built_version}/lib/
-%{_datadir}/ghostscript/%{built_version}/Resource/
 %{_libdir}/libgs.so.*
 %{_libdir}/ghostscript/
 %{_libdir}/libijs-0.35.so

ghostscript.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Sep 24 10:29:04 CEST 2015 - jsmeix@suse.de
+
+- Version upgrade to 9.18rc1 (first release candidate for 9.18).
+  For details see the News.htm and History9.htm files.
+  Regarding installing packages (in particular release candidates)
+  from the openSUSE build service development project "Printing"
+  see https://build.opensuse.org/project/show/Printing
+- CVE-2015-3228.patch is no longer needed because it is fixed
+  in the upstream sources.
+- assign_pointer_not_value_in_gximono.c.patch attempts to fix a
+  "assignment makes pointer from integer without a cast" compiler
+  warning by assigning the pointer and not the integer value.
+- Removed --disable-compile-inits from configure, see
+  http://bugs.ghostscript.com/show_bug.cgi?id=696223
+  and "Precompiled run-time data" in
+  /usr/share/ghostscript/9.18/doc/Make.htm
+
 -------------------------------------------------------------------
 Wed Jul 29 15:20:46 CEST 2015 - jsmeix@suse.de
 

ghostscript.spec

@@ -55,32 +55,33 @@ Url:            http://www.ghostscript.com/
 # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
 # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
 # so that we keep additionally the previous version number to upgrade from the previous version:
-#Version:        9.15pre16rc2
-# Normal version for Ghostscript releases is the upstream version:
-Version:        9.16
+Version:        9.16pre18rc1
 Release:        0
+# Normal version for Ghostscript releases is the upstream version:
+#Version:        9.16
 # tarball_version is used below to specify the directory via "setup -n":
 # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
 # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
-%define tarball_version %{version}
-#define tarball_version 9.16rc2
+#define tarball_version %{version}
+%define tarball_version 9.18rc1
 # built_version is used below in the install and files sections:
 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
 # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
-%define built_version %{version}
-#define built_version 9.16
+#define built_version %{version}
+%define built_version 9.18
 # Source0...Source9 is for sources from upstream:
 # Special URLs for Ghostscript release candidates:
-# URL for Source0: http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.16rc2.tar.gz
-# URL for MD5 checksums: http://www.ghostscript.com/~chrisl/MD5SUMS or http://www.ghostscript.com/~chrisl/MD5SUM
-# or http://downloads.ghostscript.com/public/.release_candidate/MD5SUMS
-# MD5 checksum for Source0: 17983ee93d97596ffa72fd32be2426a4
-#Source0:        http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.16rc2.tar.gz
+# URL for Source0: http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.18rc1.tar.gz
+# URL for MD5 checksums: http://www.ghostscript.com/~chrisl/MD5SUMS
+#                        or http://www.ghostscript.com/~chrisl/MD5SUM
+#                        or http://downloads.ghostscript.com/public/.release_candidate/MD5SUMS
+# MD5 checksum for Source0: fed5d3b6bd20265c25373310ce37b21f
+Source0:        http://downloads.ghostscript.com/public/.release_candidate/ghostscript-9.18rc1.tar.gz
 # Normal URLs for Ghostscript releases:
 # URL for Source0: http://downloads.ghostscript.com/public/ghostscript-9.16.tar.gz
 # URL for MD5 checksums: http://downloads.ghostscript.com/public/MD5SUMS
 # MD5 checksum for Source0: 829319325bbdb83f5c81379a8f86f38f
-Source0:        http://downloads.ghostscript.com/public/ghostscript-%{version}.tar.gz
+#Source0:        http://downloads.ghostscript.com/public/ghostscript-%{version}.tar.gz
 # Patch0...Patch9 is for patches from upstream:
 #
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
@@ -92,13 +93,14 @@ Source0:        http://downloads.ghostscript.com/public/ghostscript-%{version}.t
 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
 # see http://bugs.ghostscript.com/show_bug.cgi?id=695544
 Patch11:        ppc64le-support.patch
+# Patch12 assign_pointer_not_value_in_gximono.c.patch attempts to fix
+# a "assignment makes pointer from integer without a cast" compiler warning
+# by assigning the pointer and not the integer value:
+Patch12:        assign_pointer_not_value_in_gximono.c.patch
 #
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
 #
 # Patch100...Patch999 is for patches from SUSE which are not intended for upstream:
-# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow
-# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
-Patch101:       CVE-2015-3228.patch
 #
 # RPM dependencies:
 # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
@@ -290,13 +292,14 @@ This package contains the development files for Ghostscript.
 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
 # see http://bugs.ghostscript.com/show_bug.cgi?id=695544
 %patch11 -p1 -b ppc64le-support.orig
-# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow
-# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
-%patch101 -b .CVE-2015-3228.orig
+# Patch12 assign_pointer_not_value_in_gximono.c.patch attempts to fix
+# a "assignment makes pointer from integer without a cast" compiler warning
+# by assigning the pointer and not the integer value:
+%patch12 -b assign_pointer_not_value_in_gximono.c.orig
 
 %build
 # Set our preferred architecture-specific flags for the compiler and linker:
-export CFLAGS="$RPM_OPT_FLAGS"
+export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 autoreconf -fi
 # --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used.
@@ -339,7 +342,6 @@ export SUSE_ASNEEDED=0
             --with-drivers=ALL \
             --with-x \
             --disable-gtk \
-            --disable-compile-inits \
             --without-omni \
             --without-ufst \
             --without-luratech \
@@ -493,9 +495,7 @@ exit 0
 %dir %{_datadir}/ghostscript/%{built_version}
 %doc %{_datadir}/ghostscript/%{built_version}/doc/
 %{_datadir}/ghostscript/%{built_version}/examples/
-%{_datadir}/ghostscript/%{built_version}/iccprofiles/
 %{_datadir}/ghostscript/%{built_version}/lib/
-%{_datadir}/ghostscript/%{built_version}/Resource/
 %{_libdir}/libgs.so.*
 %{_libdir}/ghostscript/
 %{_libdir}/libijs-0.35.so