diff --git a/apparmor_ghostscript b/apparmor_ghostscript index 6f0d578..386f203 100644 --- a/apparmor_ghostscript +++ b/apparmor_ghostscript @@ -2,8 +2,10 @@ # this profile is mainly intended to prevent easy exploitation of # issues in ghostscript. This is mainly intended as a hardening -# measure and doesn't alleviate the need for regular updates -profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} { +# measure and doesn't alleviate the need for regular updates. +# Currently this profile is in complain mode since it caused regressions +# for tumbleweed users +profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} flags=(complain) { #include #include #include @@ -45,4 +47,15 @@ profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd #include /usr/bin/dirname mr, } + + # for gsbj + /usr/bin/date mrix, + # for ps2epsi + /usr/bin/{gawk,cat,ls,sed,which} mrix, + /usr/bin/{mktemp,rm} Cx -> tempdir, + profile tempdir { + #include + /usr/bin/{mktemp,rm} mr, + owner /tmp/ps2epsi.* rw, + } } diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index d99efe8..f8f32bd 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/ghostscript.changes b/ghostscript.changes index b6fb1cf..827ec32 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com + +- Set AA profile to complain and added fixes for ps2epsi (boo#1134327) + ------------------------------------------------------------------- Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de diff --git a/ghostscript.spec b/ghostscript.spec index 25ff3ad..e1b4fc8 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -218,7 +218,6 @@ For information how to use Ghostscript see %package x11 Summary: X11 library for Ghostscript -Group: Productivity/Publishing/PS # Require the exact matching version-release of the ghostscript main-package because # a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault) # because all Ghostscript software is built from one same Ghostscript source tar ball @@ -226,6 +225,7 @@ Group: Productivity/Publishing/PS # The exact matching version-release of the ghostscript main-package is available # on the same package repository where the ghostscript-x11 sub-package is because # all are built simulaneously from the same Ghostscript source package: +Group: Productivity/Publishing/PS Requires: ghostscript = %{version}-%{release} # Unfortunately ghostscript-library.spec and ghostscript-mini.spec have # an unversioned "Provides: ghostscript" and for RPM this means that both