Accepting request 1184313 from Printing

Security fixes for CVE-2024-33869 bsc#1226946 and CVE-2023-52722 bsc#1223852 and CVE-2024-33870 bsc#1226944 and CVE-2024-33871 bsc#1225491 and CVE-2024-29510 bsc#1226945 for ghostscript and ghostscript-mini (forwarded request 1184312 from jsmeix) OBS-URL: https://build.opensuse.org/request/show/1184313 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=67
2024-07-03 18:28:11 +00:00 · 2024-07-03 18:28:11 +00:00 · 4aa7577cf1
commit 4aa7577cf1
parent 8d44605609 36bbd7a6ad
4 changed files with 34 additions and 5 deletions
--- a/ghostscript-10.03.0.tar.xz
+++ b/ghostscript-10.03.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f25ff491a726d883f0b0f9c8af9b895c674cf77cddd814aa3824b3223f439ee5
-size 68041176
--- a/ghostscript-10.03.1.tar.gz
+++ b/ghostscript-10.03.1.tar.gz
--- a/ghostscript.changes
+++ b/ghostscript.changes
@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Mon Jul  1 11:56:34 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.03.1:
+  Highlights in this release include:
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
+  * Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
+    CVE-2024-33871 and CVE-2024-29510
+- Regarding CVE-2024-33869 see bsc#1226946 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
+  https://bugs.ghostscript.com/show_bug.cgi?id=707691
+- Regarding CVE-2023-52722 see bsc#1223852 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
+- Regarding CVE-2024-33870 see bsc#1226944 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
+  https://bugs.ghostscript.com/show_bug.cgi?id=707686
+- Regarding CVE-2024-33871 see bsc#1225491 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
+- Regarding CVE-2024-29510 see bsc#1226945 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
+
 -------------------------------------------------------------------
 Tue Mar 26 08:21:08 UTC 2024 - Johannes Meixner <jsmeix@suse.com>

--- a/ghostscript.spec
+++ b/ghostscript.spec
@ -24,13 +24,19 @@
 %bcond_without  apparmor
 %endif
 Name:           ghostscript%{psuffix}
-Version:        10.03.0
+Version:        10.03.1
 Release:        0
 Summary:        The Ghostscript interpreter for PostScript and PDF
 License:        AGPL-3.0-only
 Group:          Productivity/Office/Other
 URL:            https://www.ghostscript.com/
-Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10030/ghostscript-10.03.0.tar.xz
+# How to manually get Source0:
+# Go to https://www.ghostscript.com
+# -> "The current Ghostscript release 10.03.1 can be downloaded here" https://www.ghostscript.com/releases/index.html
+# -> "Ghostscript" https://www.ghostscript.com/releases/gsdnld.html
+# -> "Ghostscript 10.03.1 Source for all platforms / GNU Affero General Public License" = "Ghostscript AGPL Release"
+# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
 Source10:       apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
 # Source10...Source99 is for sources from SUSE which are intended for upstream: