Accepting request 843001 from home:jsmeix:branches:Printing

Ghostscript version upgrade to 9.53.3 that fixes boo#1177922 and fixes compilation with FreeType 2.10.3+

OBS-URL: https://build.opensuse.org/request/show/843001
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=130

41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch

@@ -0,0 +1,50 @@
+From 41ef9a0bc36b9db7115fbe9623f989bfb47bbade Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 20 Oct 2020 09:49:45 +0100
+Subject: [PATCH] Bug 702985: drop use of FT_CALLBACK_DEF() def
+
+From 2.10.3, Freetype disappeared the FT_CALLBACK_DEF() macro, which is what
+we used when defining our callbacks from Freetype.
+
+No guidance forthcoming from the Freetype developer who made those changes,
+so change to explicitly declaring the callbacks file static.
+
+Should fix the reported build failures.
+---
+ base/fapi_ft.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/base/fapi_ft.c b/base/fapi_ft.c
+index 65fa6dcf4..21aef2f06 100644
+--- a/base/fapi_ft.c
++++ b/base/fapi_ft.c
+@@ -125,7 +125,7 @@ static void
+ delete_inc_int_info(gs_fapi_server * a_server,
+                     FT_IncrementalRec * a_inc_int_info);
+ 
+-FT_CALLBACK_DEF(void *)
++static void *
+ FF_alloc(FT_Memory memory, long size)
+ {
+     gs_memory_t *mem = (gs_memory_t *) memory->user;
+@@ -133,7 +133,7 @@ FF_alloc(FT_Memory memory, long size)
+     return (gs_malloc(mem, size, 1, "FF_alloc"));
+ }
+ 
+-FT_CALLBACK_DEF(void *)
++static void *
+     FF_realloc(FT_Memory memory, long cur_size, long new_size, void *block)
+ {
+     gs_memory_t *mem = (gs_memory_t *) memory->user;
+@@ -153,7 +153,7 @@ FT_CALLBACK_DEF(void *)
+     return (tmp);
+ }
+ 
+-FT_CALLBACK_DEF(void)
++static void
+     FF_free(FT_Memory memory, void *block)
+ {
+     gs_memory_t *mem = (gs_memory_t *) memory->user;
+-- 
+2.17.1
+

CVE-2020-15900.patch

@@ -1,27 +0,0 @@
---- psi/zstring.c.orig	2020-03-19 09:21:42.000000000 +0100
-+++ psi/zstring.c	2020-07-27 08:25:08.963425295 +0200
-@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forwa
-     return 0;
- found:
-     op->tas.type_attrs = op1->tas.type_attrs;
--    op->value.bytes = ptr;
--    r_set_size(op, size);
-+    op->value.bytes = ptr;				/* match */
-+    op->tas.rsize = size;				/* match */
-     push(2);
--    op[-1] = *op1;
--    r_set_size(op - 1, ptr - op[-1].value.bytes);
--    op1->value.bytes = ptr + size;
--    r_set_size(op1, count + (!forward ? (size - 1) : 0));
-+    op[-1] = *op1;					/* pre */
-+    op[-3].value.bytes = ptr + size;			/* post */
-+    if (forward) {
-+        op[-1].tas.rsize = ptr - op[-1].value.bytes;	/* pre */
-+        op[-3].tas.rsize = count;			/* post */
-+    } else {
-+        op[-1].tas.rsize = count;			/* pre */
-+        op[-3].tas.rsize -= count + size;		/* post */
-+    }
-     make_true(op);
-     return 0;
- }

ghostscript-9.52.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c2501d8e8e0814c4a5aa7e443e230e73d7af7f70287546f7b697e5ef49e32176
-size 49722607

ghostscript-9.53.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6eaf422f26a81854a230b80fd18aaef7e8d94d661485bd2e97e695b9dce7bf7f
+size 52426790

ghostscript-mini.changes

@@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
+  fixes compilation with FreeType 2.10.3+
+  http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
+  c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
+
+-------------------------------------------------------------------
+Tue Oct 20 16:03:48 CEST 2020 - jsmeix@suse.de
+
+- Version upgrade to 9.53.3
+  Highlights in this release include
+  (excerpts from the Ghostscript upstream release summary
+   in https://www.ghostscript.com/doc/9.53.3/News.htm):
+  * The 9.53.3 release is primarily maintenance.
+  * Issues arose with 9.53.0/1/2 that prompted the release
+    of a .3 patch:
+    A crash related to management of ICC profile objects.
+    A parameter type mismatch that would cause Ghostscript
+    to error out during initialisation, which
+    affected 64 big, big endian architectures.
+    An unexpected side effect of another change that prevented
+    multithreaded rendering and background rendering
+    from working correctly.
+  * The most obvious change is the (re-)introduction of the
+    patch level to the version number, this helps facilitate
+    a revised policy on handling security related issues.
+    To clarify: in the event we decide to release a patch revision,
+    it will replace the release with the previous patch number.
+    Release notes, highlights and warnings will remain the same,
+    except for the addition of whatever fix(es) prompted the patch.
+  * Our efforts in code hygiene and maintainability continue.
+  * We have added Python bindings for the gsapi interface, can be
+    found in demos/python. These are experimental, and we welcome
+    feedback from interested developers.
+  * For those integrating Ghostscript/GhostPDL via the gsapi
+    interface, we have added new capabilities to that, specifically
+    in terms of setting and interrogating device parameters. These,
+    along with the existing interface calls, are documented in:
+    Ghostscript Interpreter API at
+    https://www.ghostscript.com/doc/9.53.3/API.htm
+  * The usual round of bug fixes, compatibility changes,
+    and incremental improvements.
+  * For a list of open issues, or to report problems, please visit
+    bugs.ghostscript.com
+  Incompatible changes:
+  * As of 9.53.0, we have (re-)introduced the patch level to the
+    version number, this helps facilitate a revised policy
+    on handling security related issues.
+    Note for GSView Users: The patch level addition breaks
+    GSView 5 (it is hardcoded to check for versions 704-999).
+    It is possible, but not guaranteed that a GSView update might
+    be forthcoming to resolve this. 
+  For a release summary see:
+  https://www.ghostscript.com/doc/9.53.3/News.htm
+  For details see the News.htm and History9.htm files.
+- CVE-2020-15900.patch is no longer needed
+  because it is fixed in the upstream sources.
+- Ghostscript 9.53.3 fixes in particular txtwrite memory issues
+  (boo#1177922).
+
 -------------------------------------------------------------------
 Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de
 

ghostscript-mini.spec

@@ -47,7 +47,7 @@ URL:            https://www.ghostscript.com/
 # so that we keep additionally the previous version number to upgrade from the previous version:
 # Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
 #Version:        9.25pre26rc1
-Version:        9.52
+Version:        9.53.3
 Release:        0
 # Normal version for Ghostscript releases is the upstream version:
 # tarball_version is used below to specify the directory via "setup -n":
@@ -58,8 +58,8 @@ Release:        0
 # built_version is used below in the install and files sections:
 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
 # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
-#define built_version %{version}
-%define built_version 9.52
+%define built_version %{version}
+#define built_version 9.26
 # Source0...Source9 is for sources from upstream:
 # Special URLs for Ghostscript release candidates:
 # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@@ -71,20 +71,17 @@ Release:        0
 #Source0:        ghostscript-%{tarball_version}.tar.gz
 # Normal URLs for Ghostscript releases:
 # URL for Source0:
-# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz
+# wget -O ghostscript-9.53.3.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/ghostscript-9.53.3.tar.gz
 # URL for MD5 checksums:
-# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS
-# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz
+# wget -O gs9533.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/MD5SUMS
+# MD5 checksum for Source0: 807a5c4934a814e8a6cd83eff702f212 ghostscript-9.53.3.tar.gz
 Source0:        ghostscript-%{version}.tar.gz
 Source1:        apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
-# Patch1 CVE-2020-15900.patch is
-# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
-# that fixes CVE-2020-15900 Memory Corruption
-# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
-# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
-# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
-Patch1:         CVE-2020-15900.patch
+# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
+# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
+# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
+Patch2:         41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@@ -153,13 +150,10 @@ This package contains the development files for Minimal Ghostscript.
 # Be quiet when unpacking and
 # use a directory name matching Source0 to make it work also for ghostscript-mini:
 %setup -q -n ghostscript-%{tarball_version}
-# Patch1 CVE-2020-15900.patch is
-# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
-# that fixes CVE-2020-15900 Memory Corruption
-# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
-# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
-# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
-%patch1
+# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
+# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
+# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
+%patch2 -p1
 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
 # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
 # Again use the zlib sources from Ghostscript upstream
@@ -188,6 +182,9 @@ rm -rf jpeg libpng tiff
 %else
 rm -rf freetype jpeg libpng tiff
 %endif
+%if 0%{?suse_version} >= 1550
+rm -rf openjpeg
+%endif
 # In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1
 # because that is what Ghostscript upstream recommends according to
 # https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html
@@ -327,14 +324,15 @@ popd
 # Extract the catalog of devices which are actually built-in in exactly this Ghostscript:
 # If a needed source file is no longer accessible fail intentionally as notification
 # that something changed which needs adaptions here:
-for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
+catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak"
+for F in $catalog_devices_source_files
 do test -r $F || exit 99
 done
 # Do not pollute the build log file with zillions of meaningless messages:
 set +x
 cat /dev/null >catalog.devices
 for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' )
-do for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
+do for F in $catalog_devices_source_files
    do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices
    done
 done

ghostscript.changes

@@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
+  fixes compilation with FreeType 2.10.3+
+  http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
+  c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
+
+-------------------------------------------------------------------
+Tue Oct 20 16:03:48 CEST 2020 - jsmeix@suse.de
+
+- Version upgrade to 9.53.3
+  Highlights in this release include
+  (excerpts from the Ghostscript upstream release summary
+   in https://www.ghostscript.com/doc/9.53.3/News.htm):
+  * The 9.53.3 release is primarily maintenance.
+  * Issues arose with 9.53.0/1/2 that prompted the release
+    of a .3 patch:
+    A crash related to management of ICC profile objects.
+    A parameter type mismatch that would cause Ghostscript
+    to error out during initialisation, which
+    affected 64 big, big endian architectures.
+    An unexpected side effect of another change that prevented
+    multithreaded rendering and background rendering
+    from working correctly.
+  * The most obvious change is the (re-)introduction of the
+    patch level to the version number, this helps facilitate
+    a revised policy on handling security related issues.
+    To clarify: in the event we decide to release a patch revision,
+    it will replace the release with the previous patch number.
+    Release notes, highlights and warnings will remain the same,
+    except for the addition of whatever fix(es) prompted the patch.
+  * Our efforts in code hygiene and maintainability continue.
+  * We have added Python bindings for the gsapi interface, can be
+    found in demos/python. These are experimental, and we welcome
+    feedback from interested developers.
+  * For those integrating Ghostscript/GhostPDL via the gsapi
+    interface, we have added new capabilities to that, specifically
+    in terms of setting and interrogating device parameters. These,
+    along with the existing interface calls, are documented in:
+    Ghostscript Interpreter API at
+    https://www.ghostscript.com/doc/9.53.3/API.htm
+  * The usual round of bug fixes, compatibility changes,
+    and incremental improvements.
+  * For a list of open issues, or to report problems, please visit
+    bugs.ghostscript.com
+  Incompatible changes:
+  * As of 9.53.0, we have (re-)introduced the patch level to the
+    version number, this helps facilitate a revised policy
+    on handling security related issues.
+    Note for GSView Users: The patch level addition breaks
+    GSView 5 (it is hardcoded to check for versions 704-999).
+    It is possible, but not guaranteed that a GSView update might
+    be forthcoming to resolve this. 
+  For a release summary see:
+  https://www.ghostscript.com/doc/9.53.3/News.htm
+  For details see the News.htm and History9.htm files.
+- CVE-2020-15900.patch is no longer needed
+  because it is fixed in the upstream sources.
+- Ghostscript 9.53.3 fixes in particular txtwrite memory issues
+  (boo#1177922).
+
 -------------------------------------------------------------------
 Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de
 

ghostscript.spec

@@ -71,7 +71,7 @@ URL:            https://www.ghostscript.com/
 # so that we keep additionally the previous version number to upgrade from the previous version:
 # Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
 #Version:        9.25pre26rc1
-Version:        9.52
+Version:        9.53.3
 Release:        0
 # Normal version for Ghostscript releases is the upstream version:
 # tarball_version is used below to specify the directory via "setup -n":
@@ -82,8 +82,8 @@ Release:        0
 # built_version is used below in the install and files sections:
 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
 # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
-#define built_version %{version}
-%define built_version 9.52
+%define built_version %{version}
+#define built_version 9.26
 # Source0...Source9 is for sources from upstream:
 # Special URLs for Ghostscript release candidates:
 # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@@ -95,20 +95,17 @@ Release:        0
 #Source0:        ghostscript-%{tarball_version}.tar.gz
 # Normal URLs for Ghostscript releases:
 # URL for Source0:
-# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz
+# wget -O ghostscript-9.53.3.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/ghostscript-9.53.3.tar.gz
 # URL for MD5 checksums:
-# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS
-# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz
+# wget -O gs9533.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/MD5SUMS
+# MD5 checksum for Source0: 807a5c4934a814e8a6cd83eff702f212 ghostscript-9.53.3.tar.gz
 Source0:        ghostscript-%{version}.tar.gz
 Source1:        apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
-# Patch1 CVE-2020-15900.patch is
-# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
-# that fixes CVE-2020-15900 Memory Corruption
-# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
-# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
-# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
-Patch1:         CVE-2020-15900.patch
+# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
+# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
+# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
+Patch2:         41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@@ -290,13 +287,10 @@ This package contains the development files for Ghostscript.
 # Be quiet when unpacking and
 # use a directory name matching Source0 to make it work also for ghostscript-mini:
 %setup -q -n ghostscript-%{tarball_version}
-# Patch1 CVE-2020-15900.patch is
-# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
-# that fixes CVE-2020-15900 Memory Corruption
-# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
-# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
-# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
-%patch1
+# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+
+# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
+# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
+%patch2 -p1
 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
 # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
 # Again use the zlib sources from Ghostscript upstream
@@ -467,14 +461,15 @@ popd
 # Extract the catalog of devices which are actually built-in in exactly this Ghostscript:
 # If a needed source file is no longer accessible fail intentionally as notification
 # that something changed which needs adaptions here:
-for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
+catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak"
+for F in $catalog_devices_source_files
 do test -r $F || exit 99
 done
 # Do not pollute the build log file with zillions of meaningless messages:
 set +x
 cat /dev/null >catalog.devices
 for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' )
-do for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak
+do for F in $catalog_devices_source_files
    do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices
    done
 done