diff --git a/CVE-2018-10194.patch b/CVE-2018-10194.patch deleted file mode 100644 index 3b95340..0000000 --- a/CVE-2018-10194.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- devices/vector/gdevpdts.c.orig 2018-03-21 09:48:06.000000000 +0100 -+++ devices/vector/gdevpdts.c 2018-06-05 14:39:39.000000000 +0200 -@@ -103,9 +103,14 @@ append_text_move(pdf_text_state_t *pts, - static int - set_text_distance(gs_point *pdist, double dx, double dy, const gs_matrix *pmat) - { -- int code = gs_distance_transform_inverse(dx, dy, pmat, pdist); -+ int code; - double rounded; - -+ if (dx > 1e38 || dy > 1e38) -+ code = gs_error_undefinedresult; -+ else -+ code = gs_distance_transform_inverse(dx, dy, pmat, pdist); -+ - if (code == gs_error_undefinedresult) { - /* The CTM is degenerate. - Can't know the distance in user space. diff --git a/fix_ln_docdir_gsdatadir.patch b/fix_ln_docdir_gsdatadir.patch deleted file mode 100644 index cdc40bf..0000000 --- a/fix_ln_docdir_gsdatadir.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- base/unixinst.mak.orig 2018-03-07 16:01:52.000000000 +0100 -+++ base/unixinst.mak 2018-03-12 14:06:43.000000000 +0100 -@@ -163,7 +163,7 @@ install-doc: $(PSDOCDIR)/News.htm - $(SH) -c 'for f in $(DOC_PAGES) ;\ - do if ( test -f $(PSDOCDIR)/$$f ); then $(INSTALL_DATA) $(PSDOCDIR)/$$f $(DESTDIR)$(docdir); fi;\ - done' -- ln -s $(DESTDIR)$(docdir) $(DESTDIR)$(gsdatadir)/doc -+ # ln -s $(DESTDIR)$(docdir) $(DESTDIR)$(gsdatadir)/doc - - # install the man pages for each locale - MAN_LCDIRS=. de diff --git a/ghostscript-9.23.tar.gz b/ghostscript-9.23.tar.gz deleted file mode 100644 index cb50b50..0000000 --- a/ghostscript-9.23.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f65964807a3c97a2c0810d4b9806585367e73129e57ae33378cea18e07a1ed9b -size 43208330 diff --git a/ghostscript-9.24.tar.gz b/ghostscript-9.24.tar.gz new file mode 100644 index 0000000..ccffe1f --- /dev/null +++ b/ghostscript-9.24.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e613b2376f01882e82e0cf08f6caa3c5719793c4e31dd7d4a8e87d61d371005f +size 42010597 diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 1117792..768c828 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Thu Sep 13 10:25:21 CEST 2018 - jsmeix@suse.de + +- Version upgrade to 9.24 + Highlights in this release include: + * Security issues have been the primary focus of this release, + including solving several (well publicised) + real and potential exploits. + PLEASE NOTE: + We (i.e. Ghostscript upstream) strongly urge users to upgrade + to this latest release to avoid these issues. + * As well as Ghostscript itself, jbig2dec has had a significant + amount of work improving its robustness in the face of + out specification files. + * IMPORTANT: We (i.e. Ghostscript upstream) are in the process + of forking LittleCMS. LCMS2 is not thread safe, and cannot + be made thread safe without breaking the ABI. Our fork + will be thread safe, and include performance enhancements + (these changes have all be been offered and rejected upstream). + We will maintain compatibility between Ghostscript and LCMS2 + for a time, but not in perpetuity. Our fork will be available + as its own package separately from Ghostscript (and MuPDF). + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + For a release summary see: + http://www.ghostscript.com/doc/9.24/News.htm + For details see the News.htm and History9.htm files. +- fix_ln_docdir_gsdatadir.patch is no longer needed + because the issue is fixed in the upstream sources. +- CVE-2018-10194.patch is no longer needed + because the issue is fixed in the upstream sources. + ------------------------------------------------------------------- Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index 34a3d14..3435f1a 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -39,7 +39,7 @@ Url: http://www.ghostscript.com/ # so that we keep additionally the previous version number to upgrade from the previous version: #Version: 9.22pre23rc1 # Normal version for Ghostscript releases is the upstream version: -Version: 9.23 +Version: 9.24 Release: 0 # tarball_version is used below to specify the directory via "setup -n": # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". @@ -60,30 +60,19 @@ Release: 0 #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.23.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs923/ghostscript-9.23.tar.gz +# wget -O ghostscript-9.24.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/ghostscript-9.24.tar.gz # URL for MD5 checksums: -# wget -O gs923.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs923/MD5SUMS -# MD5 checksum for Source0: 5a47ab47cd22dec1eb5f51c06f1c9d9c +# wget -O gs924.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/MD5SUMS +# MD5 checksum for Source0: c5c3fa8eb737a6540814314a9d9e4995 Source0: ghostscript-%{version}.tar.gz # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: -# Avoid -# ln -s /home/abuild/rpmbuild/BUILDROOT/ghostscript-9.22pre23rc1-104.1.i386/usr/share/doc/ghostscript/9.23 /usr/share/ghostscript/9.23/doc -# ln: failed to create symbolic link '/usr/share/ghostscript/9.23/doc': No such file or directory -# base/unixinst.mak:162: recipe for target 'install-doc' failed -# make[1]: *** [install-doc] Error 1 -Patch12: fix_ln_docdir_gsdatadir.patch # Source100...Source999 is for sources from SUSE which are not intended for upstream: # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch -# Patch101 fixes stack-based buffer overflow in gdevpdts.c -# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 -# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 -# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 -Patch101: CVE-2018-10194.patch # RPM dependencies: Conflicts: ghostscript Conflicts: ghostscript-x11 @@ -142,23 +131,12 @@ This package contains the development files for Minimal Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -# Avoid -# ln -s /home/abuild/rpmbuild/BUILDROOT/ghostscript-9.22pre23rc1-104.1.i386/usr/share/doc/ghostscript/9.23 /usr/share/ghostscript/9.23/doc -# ln: failed to create symbolic link '/usr/share/ghostscript/9.23/doc': No such file or directory -# base/unixinst.mak:162: recipe for target 'install-doc' failed -# make[1]: *** [install-doc] Error 1 -%patch12 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: #patch100 -p1 -b remove-zlib-h-dependency.orig -# Patch101 fixes stack-based buffer overflow in gdevpdts.c -# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 -# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 -# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 -%patch101 -b CVE-2018-10194.orig # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig diff --git a/ghostscript.changes b/ghostscript.changes index d6cf090..268879a 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Thu Sep 13 10:25:21 CEST 2018 - jsmeix@suse.de + +- Version upgrade to 9.24 + Highlights in this release include: + * Security issues have been the primary focus of this release, + including solving several (well publicised) + real and potential exploits. + PLEASE NOTE: + We (i.e. Ghostscript upstream) strongly urge users to upgrade + to this latest release to avoid these issues. + * As well as Ghostscript itself, jbig2dec has had a significant + amount of work improving its robustness in the face of + out specification files. + * IMPORTANT: We (i.e. Ghostscript upstream) are in the process + of forking LittleCMS. LCMS2 is not thread safe, and cannot + be made thread safe without breaking the ABI. Our fork + will be thread safe, and include performance enhancements + (these changes have all be been offered and rejected upstream). + We will maintain compatibility between Ghostscript and LCMS2 + for a time, but not in perpetuity. Our fork will be available + as its own package separately from Ghostscript (and MuPDF). + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + For a release summary see: + http://www.ghostscript.com/doc/9.24/News.htm + For details see the News.htm and History9.htm files. +- fix_ln_docdir_gsdatadir.patch is no longer needed + because the issue is fixed in the upstream sources. +- CVE-2018-10194.patch is no longer needed + because the issue is fixed in the upstream sources. + ------------------------------------------------------------------- Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de diff --git a/ghostscript.spec b/ghostscript.spec index 49e6a96..f2e1045 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -59,7 +59,7 @@ Url: http://www.ghostscript.com/ # so that we keep additionally the previous version number to upgrade from the previous version: #Version: 9.22pre23rc1 # Normal version for Ghostscript releases is the upstream version: -Version: 9.23 +Version: 9.24 Release: 0 # tarball_version is used below to specify the directory via "setup -n": # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". @@ -80,30 +80,19 @@ Release: 0 #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.23.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs923/ghostscript-9.23.tar.gz +# wget -O ghostscript-9.24.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/ghostscript-9.24.tar.gz # URL for MD5 checksums: -# wget -O gs923.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs923/MD5SUMS -# MD5 checksum for Source0: 5a47ab47cd22dec1eb5f51c06f1c9d9c +# wget -O gs924.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/MD5SUMS +# MD5 checksum for Source0: c5c3fa8eb737a6540814314a9d9e4995 Source0: ghostscript-%{version}.tar.gz # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: -# Avoid -# ln -s /home/abuild/rpmbuild/BUILDROOT/ghostscript-9.22pre23rc1-104.1.i386/usr/share/doc/ghostscript/9.23 /usr/share/ghostscript/9.23/doc -# ln: failed to create symbolic link '/usr/share/ghostscript/9.23/doc': No such file or directory -# base/unixinst.mak:162: recipe for target 'install-doc' failed -# make[1]: *** [install-doc] Error 1 -Patch12: fix_ln_docdir_gsdatadir.patch # Source100...Source999 is for sources from SUSE which are not intended for upstream: # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch -# Patch101 fixes stack-based buffer overflow in gdevpdts.c -# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 -# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 -# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 -Patch101: CVE-2018-10194.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -278,23 +267,12 @@ This package contains the development files for Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -# Avoid -# ln -s /home/abuild/rpmbuild/BUILDROOT/ghostscript-9.22pre23rc1-104.1.i386/usr/share/doc/ghostscript/9.23 /usr/share/ghostscript/9.23/doc -# ln: failed to create symbolic link '/usr/share/ghostscript/9.23/doc': No such file or directory -# base/unixinst.mak:162: recipe for target 'install-doc' failed -# make[1]: *** [install-doc] Error 1 -%patch12 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: #patch100 -p1 -b remove-zlib-h-dependency.orig -# Patch101 fixes stack-based buffer overflow in gdevpdts.c -# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 -# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 -# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 -%patch101 -b CVE-2018-10194.orig # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig