diff --git a/CVE-2021-3781.patch b/CVE-2021-3781.patch deleted file mode 100644 index faa9976..0000000 --- a/CVE-2021-3781.patch +++ /dev/null @@ -1,232 +0,0 @@ -From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Tue, 7 Sep 2021 20:36:12 +0100 -Subject: [PATCH] Bug 704342: Include device specifier strings in access - validation - -for the "%pipe%", %handle%" and %printer% io devices. - -We previously validated only the part after the "%pipe%" Postscript device -specifier, but this proved insufficient. - -This rebuilds the original file name string, and validates it complete. The -slight complication for "%pipe%" is it can be reached implicitly using -"|" so we have to check both prefixes. - -Addresses CVE-2021-3781 ---- - base/gdevpipe.c | 22 +++++++++++++++- - base/gp_mshdl.c | 11 +++++++- - base/gp_msprn.c | 10 ++++++- - base/gp_os2pr.c | 13 +++++++++- - base/gslibctx.c | 69 ++++++++++--------------------------------------- - 5 files changed, 65 insertions(+), 60 deletions(-) - -diff --git a/base/gdevpipe.c b/base/gdevpipe.c -index 96d71f5d8..5bdc485be 100644 ---- a/base/gdevpipe.c -+++ b/base/gdevpipe.c -@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, - #else - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ /* The pipe device can be reached in two ways, explicltly with %pipe% -+ or implicitly with "|", so we have to check for both -+ */ -+ char f[gp_file_name_sizeof]; -+ const char *pipestr = "|"; -+ const size_t pipestrlen = strlen(pipestr); -+ const size_t preflen = strlen(iodev->dname); -+ const size_t nlen = strlen(fname); -+ int code1; -+ -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(f, iodev->dname, preflen); -+ memcpy(f + preflen, fname, nlen + 1); -+ -+ code1 = gp_validate_path(mem, f, access); -+ -+ memcpy(f, pipestr, pipestrlen); -+ memcpy(f + pipestrlen, fname, nlen + 1); - -- if (gp_validate_path(mem, fname, access) != 0) -+ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) - return gs_error_invalidfileaccess; - - /* -diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c -index 2b964ed74..8d87ceadc 100644 ---- a/base/gp_mshdl.c -+++ b/base/gp_mshdl.c -@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, - long hfile; /* Correct for Win32, may be wrong for Win64 */ - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ char f[gp_file_name_sizeof]; -+ const size_t preflen = strlen(iodev->dname); -+ const size_t nlen = strlen(fname); - -- if (gp_validate_path(mem, fname, access) != 0) -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(f, iodev->dname, preflen); -+ memcpy(f + preflen, fname, nlen + 1); -+ -+ if (gp_validate_path(mem, f, access) != 0) - return gs_error_invalidfileaccess; - - /* First we try the open_handle method. */ -diff --git a/base/gp_msprn.c b/base/gp_msprn.c -index ed4827968..746a974f7 100644 ---- a/base/gp_msprn.c -+++ b/base/gp_msprn.c -@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, - uintptr_t *ptid = &((tid_t *)(iodev->state))->tid; - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ const size_t preflen = strlen(iodev->dname); -+ const size_t nlen = strlen(fname); - -- if (gp_validate_path(mem, fname, access) != 0) -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(pname, iodev->dname, preflen); -+ memcpy(pname + preflen, fname, nlen + 1); -+ -+ if (gp_validate_path(mem, pname, access) != 0) - return gs_error_invalidfileaccess; - - /* First we try the open_printer method. */ -diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c -index f852c71fc..ba54cde66 100644 ---- a/base/gp_os2pr.c -+++ b/base/gp_os2pr.c -@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, - FILE ** pfile, char *rfname, uint rnamelen) - { - os2_printer_t *pr = (os2_printer_t *)iodev->state; -- char driver_name[256]; -+ char driver_name[gp_file_name_sizeof]; - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ const size_t preflen = strlen(iodev->dname); -+ const int size_t = strlen(fname); -+ -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(driver_name, iodev->dname, preflen); -+ memcpy(driver_name + preflen, fname, nlen + 1); -+ -+ if (gp_validate_path(mem, driver_name, access) != 0) -+ return gs_error_invalidfileaccess; - - /* First we try the open_printer method. */ - /* Note that the loop condition here ensures we don't -diff --git a/base/gslibctx.c b/base/gslibctx.c -index 6dfed6cd5..318039fad 100644 ---- a/base/gslibctx.c -+++ b/base/gslibctx.c -@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) - int - gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) - { -- char *fp, f[gp_file_name_sizeof]; -- const int pipe = 124; /* ASCII code for '|' */ -- const int len = strlen(fname); -- int i, code; -+ char f[gp_file_name_sizeof]; -+ int code; - - /* Be sure the string copy will fit */ -- if (len >= gp_file_name_sizeof) -+ if (strlen(fname) >= gp_file_name_sizeof) - return gs_error_rangecheck; - strcpy(f, fname); -- fp = f; - /* Try to rewrite any %d (or similar) in the string */ - rewrite_percent_specifiers(f); -- for (i = 0; i < len; i++) { -- if (f[i] == pipe) { -- fp = &f[i + 1]; -- /* Because we potentially have to check file permissions at two levels -- for the output file (gx_device_open_output_file and the low level -- fopen API, if we're using a pipe, we have to add both the full string, -- (including the '|', and just the command to which we pipe - since at -- the pipe_fopen(), the leading '|' has been stripped. -- */ -- code = gs_add_control_path(mem, gs_permit_file_writing, f); -- if (code < 0) -- return code; -- code = gs_add_control_path(mem, gs_permit_file_control, f); -- if (code < 0) -- return code; -- break; -- } -- if (!IS_WHITESPACE(f[i])) -- break; -- } -- code = gs_add_control_path(mem, gs_permit_file_control, fp); -+ -+ code = gs_add_control_path(mem, gs_permit_file_control, f); - if (code < 0) - return code; -- return gs_add_control_path(mem, gs_permit_file_writing, fp); -+ return gs_add_control_path(mem, gs_permit_file_writing, f); - } - - int - gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) - { -- char *fp, f[gp_file_name_sizeof]; -- const int pipe = 124; /* ASCII code for '|' */ -- const int len = strlen(fname); -- int i, code; -+ char f[gp_file_name_sizeof]; -+ int code; - - /* Be sure the string copy will fit */ -- if (len >= gp_file_name_sizeof) -+ if (strlen(fname) >= gp_file_name_sizeof) - return gs_error_rangecheck; - strcpy(f, fname); -- fp = f; - /* Try to rewrite any %d (or similar) in the string */ -- for (i = 0; i < len; i++) { -- if (f[i] == pipe) { -- fp = &f[i + 1]; -- /* Because we potentially have to check file permissions at two levels -- for the output file (gx_device_open_output_file and the low level -- fopen API, if we're using a pipe, we have to add both the full string, -- (including the '|', and just the command to which we pipe - since at -- the pipe_fopen(), the leading '|' has been stripped. -- */ -- code = gs_remove_control_path(mem, gs_permit_file_writing, f); -- if (code < 0) -- return code; -- code = gs_remove_control_path(mem, gs_permit_file_control, f); -- if (code < 0) -- return code; -- break; -- } -- if (!IS_WHITESPACE(f[i])) -- break; -- } -- code = gs_remove_control_path(mem, gs_permit_file_control, fp); -+ rewrite_percent_specifiers(f); -+ -+ code = gs_remove_control_path(mem, gs_permit_file_control, f); - if (code < 0) - return code; -- return gs_remove_control_path(mem, gs_permit_file_writing, fp); -+ return gs_remove_control_path(mem, gs_permit_file_writing, f); - } - - int --- -2.17.1 - diff --git a/CVE-2021-45949.patch b/CVE-2021-45949.patch deleted file mode 100644 index dd17e10..0000000 --- a/CVE-2021-45949.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- psi/zfsample.c.orig 2022-01-12 09:16:07.639604741 +0100 -+++ psi/zfsample.c 2022-01-12 09:21:45.187952236 +0100 -@@ -535,13 +535,16 @@ sampled_data_continue(i_ctx_t *i_ctx_p) - } - pop(num_out); /* Move op to base of result values */ - -+ /* From here on, we have to use ref_stack_pop() rather than pop() -+ so that it handles stack extension blocks properly, before calling -+ sampled_data_sample() which also uses the op stack. -+ */ - /* Check if we are done collecting data. */ -- - if (increment_cube_indexes(params, penum->indexes)) { - if (stack_depth_adjust == 0) -- pop(O_STACK_PAD); /* Remove spare stack space */ -+ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ - else -- pop(stack_depth_adjust - num_out); -+ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); - /* Execute the closing procedure, if given */ - code = 0; - if (esp_finish_proc != 0) -@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) - if ((O_STACK_PAD - stack_depth_adjust) < 0) { - stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); - check_op(stack_depth_adjust); -- pop(stack_depth_adjust); -+ ref_stack_pop(&o_stack, stack_depth_adjust); - } - else { - check_ostack(O_STACK_PAD - stack_depth_adjust); -- push(O_STACK_PAD - stack_depth_adjust); -+ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); - for (i=0;i + mini + diff --git a/ghostscript-9.54.0.tar.gz b/ghostscript-9.54.0.tar.gz deleted file mode 100644 index 5dbeac1..0000000 --- a/ghostscript-9.54.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0646bb97f6f4d10a763f4919c54fa28b4fbdd3dff8e7de3410431c81762cade0 -size 69936541 diff --git a/ghostscript-9.56.1.tar.xz b/ghostscript-9.56.1.tar.xz new file mode 100644 index 0000000..6e0f5ef --- /dev/null +++ b/ghostscript-9.56.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d43406805650009b42c3d5f6dc535233454533c1e27c13a77dd1d462a056b8e4 +size 62589232 diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes deleted file mode 100644 index 9411af8..0000000 --- a/ghostscript-mini.changes +++ /dev/null @@ -1,1441 +0,0 @@ -------------------------------------------------------------------- -Tue Jan 11 13:40:10 CET 2022 - jsmeix@suse.de - -- CVE-2021-45949.patch fixes CVE-2021-45949 - heap-based buffer overflow in sampled_data_finish - cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml - (bsc#1194304) -- CVE-2021-45944 use-after-free in sampled_data_sample - is already fixed in the Ghostscript 9.54.0 upstream sources - (bsc#1194303) - -------------------------------------------------------------------- -Fri Sep 10 09:37:46 CEST 2021 - jsmeix@suse.de - -- CVE-2021-3781.patch fixes CVE-2021-3781 - Trivial -dSAFER bypass - cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 - (bsc#1190381) - -------------------------------------------------------------------- -Fri May 21 13:40:56 CEST 2021 - jsmeix@suse.de - -- Version upgrade to 9.54.0 - Highlights in this release include - (excerpts from the Ghostscript upstream release summary - in https://www.ghostscript.com/doc/9.54.0/News.htm): - * The 9.54.0 release is a maintenance release, - and also adds new functionality. - * Overprint simulation is now available to all output devices, - allowing quality previewing/proofing of PostScript and - PDF jobs that rely on overprint. See the -dOverprint option - documentation in: doc/9.54.0/Use.htm#Overprint - * The "docxwrite" device adds the ability to output - to Microsoft Word "docx" format. - See: doc/9.54.0/VectorDevices.htm#DOCX - * The pdfwrite device is now capable of using the Tesseract OCR - engine when it is built into Ghostscript to improve - searchability and copy and paste functionality when the input - lacks the metadata for that purpose. - See: doc/9.54.0/VectorDevices.htm#UseOCR - * Ghostscript/GhostPDL now includes a "map text to black" - function, where text drawn by an input job (except when drawn - using a Type 3 font) can be forced to draw in solid black. - See: doc/9.54.0/Use.htm#BlackText - * Ghostscript/GhostPDL now supports simple N-up imposition - "internally". See: doc/9.54.0/Use.htm#NupControl - * Our efforts in code hygiene and maintainability continue. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - * For a list of open issues, or to report problems, please visit - bugs.ghostscript.com - For a release summary see: - https://www.ghostscript.com/doc/9.54.0/News.htm - For details see the News.htm and History9.htm files. -- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer - needed because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Wed Apr 14 11:56:22 UTC 2021 - Wolfgang Frisch - -- Hardening: compile with PIC, link as PIE - -------------------------------------------------------------------- -Fri Mar 26 13:42:05 UTC 2021 - Dominique Leuenberger - -- Do not rely on apparmor at all for the -mini flavor: - + Drop apparmor-abstraction and apparmor-rpm-macros - BuildRequires. - + Do not package apparmor files. - -------------------------------------------------------------------- -Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger - -- Do not require apparmor-abstractions: with the mini package being - used only during build (and never on end user workstations), - apparmor is not going to be enabled (build is in chroot/vm). - Keeping the dep-chain of the -mini flavor as small as possible. - -------------------------------------------------------------------- -Fri Mar 5 12:35:16 UTC 2021 - Dominique Leuenberger - -- Provide ghostscript_any by ghostscript-mini: this is a valid - replacement for consumers. - -------------------------------------------------------------------- -Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez - -- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch - fixes compilation with FreeType 2.10.3+ - http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade - c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 - -------------------------------------------------------------------- -Tue Oct 20 16:03:48 CEST 2020 - jsmeix@suse.de - -- Version upgrade to 9.53.3 - Highlights in this release include - (excerpts from the Ghostscript upstream release summary - in https://www.ghostscript.com/doc/9.53.3/News.htm): - * The 9.53.3 release is primarily maintenance. - * Issues arose with 9.53.0/1/2 that prompted the release - of a .3 patch: - A crash related to management of ICC profile objects. - A parameter type mismatch that would cause Ghostscript - to error out during initialisation, which - affected 64 big, big endian architectures. - An unexpected side effect of another change that prevented - multithreaded rendering and background rendering - from working correctly. - * The most obvious change is the (re-)introduction of the - patch level to the version number, this helps facilitate - a revised policy on handling security related issues. - To clarify: in the event we decide to release a patch revision, - it will replace the release with the previous patch number. - Release notes, highlights and warnings will remain the same, - except for the addition of whatever fix(es) prompted the patch. - * Our efforts in code hygiene and maintainability continue. - * We have added Python bindings for the gsapi interface, can be - found in demos/python. These are experimental, and we welcome - feedback from interested developers. - * For those integrating Ghostscript/GhostPDL via the gsapi - interface, we have added new capabilities to that, specifically - in terms of setting and interrogating device parameters. These, - along with the existing interface calls, are documented in: - Ghostscript Interpreter API at - https://www.ghostscript.com/doc/9.53.3/API.htm - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - * For a list of open issues, or to report problems, please visit - bugs.ghostscript.com - Incompatible changes: - * As of 9.53.0, we have (re-)introduced the patch level to the - version number, this helps facilitate a revised policy - on handling security related issues. - Note for GSView Users: The patch level addition breaks - GSView 5 (it is hardcoded to check for versions 704-999). - It is possible, but not guaranteed that a GSView update might - be forthcoming to resolve this. - For a release summary see: - https://www.ghostscript.com/doc/9.53.3/News.htm - For details see the News.htm and History9.htm files. -- CVE-2020-15900.patch is no longer needed - because it is fixed in the upstream sources. -- Ghostscript 9.53.3 fixes in particular txtwrite memory issues - (boo#1177922). - -------------------------------------------------------------------- -Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de - -- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption - cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 - (bsc#1174415) - -------------------------------------------------------------------- -Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de - -- The version upgrade to 9.52 fixes in particular - CVE-2020-12268: jbic2dec: heap-based buffer overflow - in jbig2_image_compose (bsc#1170603) -- Version upgrade to 9.52 - Highlights in this release include: - * The 9.52 release replaces the 9.51 release after a problem - was reported with 9.51 which warranted the quick turnaround. - Thus, like 9.51, 9.52 is primarily a maintenance release, - consolidating the changes we introduced in 9.50. - * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt - (the "mt" indicating "multi-thread"). - LCMS2 is not thread-safe, and cannot be made thread-safe - without breaking the ABI. Our fork will be thread-safe and - include performance enhancements (these changes have all - been offered and rejected upstream). We will maintain - compatibility between Ghostscript and LCMS2 for a time, - but not in perpetuity. If there is sufficient interest, - our fork will be available as its own package separately - from Ghostscript (and MuPDF). - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * New option -dALLOWPSTRANSPARENCY: The transparency compositor - (and related features), whilst we are improving it, remains - sensitive to being driven correctly, and incorrect use - can have unexpected/undefined results. Hence, as part of - improving security, we limited access to these operators, - originally using the -dSAFER feature. As we made "SAFER" - the default mode, that became unacceptable, hence the - new option -dALLOWPSTRANSPARENCY which enables access - to the operators, cf. - https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY - For a release summary see: - https://www.ghostscript.com/doc/9.52/News.htm - For details see the News.htm and History9.htm files. -- Version upgrade to 9.51 - Highlights in this release include: - * 9.51 is primarily a maintainance release, consolidating - the changes we introduced in 9.50. - * We have continued our work on code hygiene for this release, - with a focus on the static analysis tool Coverity - (from Synopsys, Inc) and we are now maintaining a policy of - zero Coverity issues in the Ghostscript/GhostPDL source base. - * IMPORTANT: In consultation with a representative of - OpenPrinting (http://www.openprinting.org/) it is our - intention to deprecate and, in the not distant future, - remove the OpenPrinting Vector/Raster Printer Drivers - (that is, the opvp and oprp devices). - If you rely on either of these devices, please get in touch - with us (i.e. Ghostscript upstream), so we can discuss your - use case, and revise our plans accordingly. - * We (i.e. Ghostscript upstream) are in the process of forking - LittleCMS, cf. the other release notes entries below. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - For a release summary see: - https://www.ghostscript.com/doc/9.51/News.htm - For details see the News.htm and History9.htm files. -- Version upgrade to 9.50 - Highlights in this release include: - * The change to version 9.50 follows recognition - of the extent and importance of the file access control - redesign/reimplementation outlined below. - * The file access control capability (enable with -dSAFER) - has been completely rewritten, with a ground-up rethink - of the design. For more details, see: "SAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#Safer - * It is important to note that -dSAFER now only enables the - file access controls, and no longer applies restrictions - to standard Postscript functionality (specifically, - restrictions on setpagedevice). If your application relies - on these Postscript restrictions, see "OLDSAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer - and please get in touch, as we do plan to remove those - Postscript restrictions unless we have reason not to. - IMPORTANT: File access controls are now enabled by default. - In order to run Ghostscript without these controls, - see "NOSAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer - * We (i.e. Ghostscript upstream) are in the process of forking - LittleCMS, cf. the other release notes entries below. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * There are a couple of subtle incompatibilities between the old - and new SAFER implementations. Firstly, as mentioned above, - SAFER now leaves standard Postcript functionality unchanged - (except for the file access limitations). Secondly, the - interaction with save/restore operations, see "SAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#Safer - * The following is not strictly speaking new to 9.50, - as not much has changed since 9.27 in this area, - but for those who don't upgrade with every release: - The process of "tidying" the Postscript name space should have - removed only non-standard and undocumented operators. - Nevertheless, it is possible that any integrations or utilities - that rely on those non-standard and undocumented operators - may stop working, or may change behaviour. - If you encounter such a case, please contact us - (i.e. Ghostscript upstream, either the #ghostscript IRC channel - or the gs-devel mailing list would be best), and we'll work - with you to either find an alternative solution or return the - previous functionality, if there is genuinely no other option. - One case we know this has occurred is GSView 5 (and earlier). - GSView 5 support for PDF files relied upon internal use only - features which are no longer available. GSView 5 will still - work as previously for Postscript files. For PDF files, - users are encouraged to look at MuPDF https://www.mupdf.com/ - For a release summary see: - https://www.ghostscript.com/doc/9.50/News.htm - For details see the News.htm and History9.htm files. -- CVE-2019-10216.patch - gs-CVE-2019-14811-885444fc.patch - gs-CVE-2019-14817-cd1b1cac.patch - openjpeg4gs-CVE-2018-6616-8ee33522.patch - are fixed in the version 9.52 upstream sources. - -------------------------------------------------------------------- -Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns - -- Use system openjpeg2 on Tumbleweed/Factory. - -------------------------------------------------------------------- -Mon Sep 23 08:24:49 UTC 2019 - Johannes Segitz - -- Made ghostscript profile enforcing and limit it to the ghostscript - binaries (bsc#1150338) - -------------------------------------------------------------------- -Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink - -- Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882 - for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -- Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884 - for CVE-2019-14817 - -------------------------------------------------------------------- -Fri Sep 13 14:15:10 UTC 2019 - Dr. Werner Fink - -- Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359 - for CVE-2019-12973 - -------------------------------------------------------------------- -Thu Aug 22 06:20:43 UTC 2019 - Jan Engelhardt - -- Update RPM groups. - -------------------------------------------------------------------- -Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink - -- Use update-alternatives to get the real ghostscript binary from - /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to - use this with its wrapper script - -------------------------------------------------------------------- -Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink - -- CVE-2019-10216.patch fixes CVE-2019-10216 - forceput/superexec in .buildfont1 is still accessible - https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621 - https://bugs.ghostscript.com/show_bug.cgi?id=701394 - -------------------------------------------------------------------- -Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com - -- Set AA profile to complain and added fixes for ps2epsi (boo#1134327) - -------------------------------------------------------------------- -Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de - -- Version upgrade to 9.27 - Highlights in this release include: - * We (i.e. Ghostscript upstream) have extensively cleaned up - the Postscript name space: removing access to internal and/or - undocumented Postscript operators, procedures and data. - This has benefits for security and maintainability. - Incompatible changes: - The process of "tidying" the Postscript name space should - have removed only non-standard and undocumented operators. - Nevertheless, it is possible that any integrations or - utilities that rely on those non-standard and undocumented - operators may stop working, or may change behaviour. - If you encounter such a case, please contact us (i.e. - Ghostscript upstream) - (either the #ghostscript IRC channel, - or the gs-devel mailing list would be best), and we'll work - with you to either find an alternative solution. - * Fontmap can now reference invidual fonts in a TrueType - Collection for font subsitution. Previously, a Fontmap entry - could only reference a TrueType collection and use the default - (first) font. - Now, the Fontmap syntax allows for specifying a specific index - in a TTC. See the comments at the top of (the default) - Fontmap.GS for details. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - IMPORTANT: It is our intention, within the next 12 months - (ideally sooner, in time for the next release) to make SAFER - the default mode of operation. For many users this will have - no effect, since they use SAFER explicitly, but some niche - uses which rely on SAFER being disabled may need to start - explicitly adding the "-dNOSAFER" option. - IMPORTANT: We (i.e. Ghostscript upstream) are in the process of - forking LittleCMS. LCMS2 is not thread safe, and cannot be made - thread safe without breaking the ABI. Our fork will be thread - safe, and include performance enhancements (these changes have - all be been offered and rejected upstream). We will maintain - compatibility between Ghostscript and LCMS2 for a time, but not - in perpetuity. Our fork will be available as its own package - separately from Ghostscript (and MuPDF). - For a release summary see: - http://www.ghostscript.com/doc/9.27/News.htm - For details see the News.htm and History9.htm files. - The Ghostscript 9.27 release should fix (cf. the entry below - dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means) - in particular those security issues: - * CVE-2019-3838 forceput in DefineResource is still accessible - https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186 - https://bugs.ghostscript.com/show_bug.cgi?id=700576 - * CVE-2019-3835: superexec operator is available - https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180 - https://bugs.ghostscript.com/show_bug.cgi?id=700585 -- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch - is no longer needed because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com - -- Added AA rules for dvips (bsc#1127934) -- Allow execution of dirname (bsc#1128697) -- Allow execution of hpijs (bsc#1128467). For now this is in - complain mode -- Sane profile name "ghostscript", moved profile from - /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript - (bsc#1128607) -- Improved AA packaging (bsc#1128608) - Thanks to Christian Boltz for his help - -------------------------------------------------------------------- -Fri Mar 8 10:49:18 UTC 2019 - Martin Wilck - -- Fix IJS printing problem (bsc#1128467) - * added ijs_exec_server_dont_use_sh.patch - * allow exec'ing hpijs in apparmor profile - -------------------------------------------------------------------- -Thu Feb 7 09:27:44 UTC 2019 - jsegitz@suse.com - -- Added apparmor_usr.bin.gs. This profile prevents execution of - executables to serve as hardening for the binaries that process - ghostscript. This is of limited use but prevents simple exploits. - -------------------------------------------------------------------- -Wed Jan 23 16:52:00 CET 2019 - jsmeix@suse.de - -- Version upgrade to 9.26a - The version 9.26a is a special security bugfix version to fix - * CVE-2019-6116: subroutines within pseudo-operators - must themselves be pseudo-operators - https://bugs.ghostscript.com/show_bug.cgi?id=700317 - https://bugzilla.suse.com/show_bug.cgi?id=1122319 bsc#1122319 - -------------------------------------------------------------------- -Thu Jan 10 17:09:16 UTC 2019 - jweberhofer@weberhofer.at - -- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch - fixes Ghostscript issue #700315 and bsc#1121490 - https://bugs.ghostscript.com/show_bug.cgi?id=700315 - Segfault in GS 9.26 with certain PDFs with -dLastPage=1 - -------------------------------------------------------------------- -Fri Nov 30 09:01:17 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.26 - Highlights in this release include: - * Security issues have been the primary focus of this release, - including solving several (well publicised) real and potential - exploits. - Thanks to Man Yue Mo of Semmle Security Research Team, - Jens Mueller of Ruhr-Universitaet Bochum and - Tavis Ormandy of Google's Project Zero - for their help to identify specific security issues. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - For a release summary see: - http://www.ghostscript.com/doc/9.26/News.htm - For details see the News.htm and History9.htm files. - The Ghostscript 9.26 release should fix (cf. the entry below - dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means) - in particular those security issues (bsc#1117331) - * CVE-2018-19475: psi/zdevice2.c allows attackers to bypass - intended access restrictions - https://bugs.ghostscript.com/show_bug.cgi?id=700153 - https://bugzilla.suse.com/show_bug.cgi?id=1117327 bsc#1117327 - * CVE-2018-19476: psi/zicc.c allows attackers to bypass - intended access restrictions because of a setcolorspace - type confusion - https://bugs.ghostscript.com/show_bug.cgi?id=700169 - https://bugzilla.suse.com/show_bug.cgi?id=1117313 bsc#1117313 - * CVE-2018-19477: psi/zfjbig2.c allows attackers to bypass - intended access restrictions because of a JBIG2Decode - type confusion - https://bugs.ghostscript.com/show_bug.cgi?id=700168 - https://bugzilla.suse.com/show_bug.cgi?id=1117274 bsc#1117274 - * CVE-2018-19409: LockSafetyParams is not checked correctly - if another device is used - https://bugs.ghostscript.com/show_bug.cgi?id=700176 - https://bugzilla.suse.com/show_bug.cgi?id=1117022 bsc#1117022 - and those security issues - * CVE-2018-18284: 1Policy operator gives access to .forceput - https://bugs.ghostscript.com/show_bug.cgi?id=69963 - https://bugzilla.suse.com/show_bug.cgi?id=1112229 bsc#1112229 - * CVE-2018-18073: saved execution stacks can leak operator arrays - https://bugs.ghostscript.com/show_bug.cgi?id=699927 - https://bugzilla.suse.com/show_bug.cgi?id=1111480 bsc#1111480 - * CVE-2018-17961: bypassing executeonly to escape -dSAFER sandbox - https://bugs.ghostscript.com/show_bug.cgi?id=699816 - https://bugzilla.suse.com/show_bug.cgi?id=1111479 bsc#1111479 - * CVE-2018-17183: remote attackers could be able to supply - crafted PostScript to potentially overwrite or replace - error handlers to inject code - https://bugs.ghostscript.com/show_bug.cgi?id=699708 - https://bugzilla.suse.com/show_bug.cgi?id=1109105 bsc#1109105 - -------------------------------------------------------------------- -Fri Nov 9 11:25:19 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.26rc1 (first release candidate for 9.26). - Highlights in this release include: - * Purely security and a few bug fixes, there are no new features, - and no API changes to report. - -------------------------------------------------------------------- -Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de - -- Version upgrade to 9.25 - For the highlights in this release see the highlights in the - 9.25rc1 first release candidate for 9.25 entry below. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - For a release summary see: - http://www.ghostscript.com/doc/9.25/News.htm - For details see the News.htm and History9.htm files. - The Ghostscript 9.25 release should fix (see below) - in particular those security issues: - * CVE-2018-15909: shading_param incomplete type checking - https://bugs.ghostscript.com/show_bug.cgi?id=699660 - https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172 - * CVE-2018-15908: .tempfile file permission issues - https://bugs.ghostscript.com/show_bug.cgi?id=699657 - https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171 - * CVE-2018-15910: LockDistillerParams type confusion - https://bugs.ghostscript.com/show_bug.cgi?id=699656 - https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173 - * CVE-2018-15911: uninitialized memory access in the aesdecode - https://bugs.ghostscript.com/show_bug.cgi?id=699665 - https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195 - * CVE-2018-16513: setcolor missing type check - https://bugs.ghostscript.com/show_bug.cgi?id=699655 - https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412 - * CVE-2018-16509: /invalidaccess bypass after failed restore - https://bugs.ghostscript.com/show_bug.cgi?id=699654 - https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410 - * CVE-2018-16510: Incorrect exec stack handling in the "CS" - and "SC" PDF primitives - https://bugs.ghostscript.com/show_bug.cgi?id=699671 - https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411 - * CVE-2018-16542: .definemodifiedfont memory corruption - if /typecheck is handled - https://bugs.ghostscript.com/show_bug.cgi?id=699668 - https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413 - * CVE-2018-16541 incorrect free logic in pagedevice replacement - https://bugs.ghostscript.com/show_bug.cgi?id=699664 - https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421 - * CVE-2018-16540 use-after-free in copydevice handling - https://bugs.ghostscript.com/show_bug.cgi?id=699661 - https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420 - * CVE-2018-16539: incorrect access checking in temp file - handling to disclose contents of files - https://bugs.ghostscript.com/show_bug.cgi?id=699658 - https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422 - * CVE-2018-16543: gssetresolution and gsgetresolution allow - for unspecified impact - https://bugs.ghostscript.com/show_bug.cgi?id=699670 - https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423 - * CVE-2018-16511: type confusion in "ztype" could be used by - remote attackers able to supply crafted PostScript to crash - the interpreter or possibly have unspecified other impact - https://bugs.ghostscript.com/show_bug.cgi?id=699659 - https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426 - * CVE-2018-16585 .setdistillerkeys PostScript command is - accepted even though it is not intended for use - https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581 - * CVE-2018-16802: Incorrect"restoration of privilege" checking - when running out of stack during exceptionhandling could be - used by attackers able to supply crafted PostScript to execute - code using the "pipe" instruction. This is due to an incomplete - fix for CVE-2018-16509 - https://bugs.ghostscript.com/show_bug.cgi?id=699714 - https://bugs.ghostscript.com/show_bug.cgi?id=699718 - https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027 - Regarding what the above "should fix" means: - PostScript is a general purpose Turing-complete programming - language (cf. https://en.wikipedia.org/wiki/PostScript) - that supports in particular file access on the system disk. - When Ghostscript processes PostScript it runs a PostScript - program as the user who runs Ghostscript. - When Ghostscript processes an arbitrary PostScript file, - the user who runs Ghostscript runs an arbitrary program - which can do anything on the system where Ghostscript runs - that this user is allowed to do on that system. - To make it safer when Ghostscript runs a PostScript program - the Ghostscript command line option '-dSAFER' disables - certain file access functionality, for details see - /usr/share/doc/ghostscript/9.25/Use.htm - Its name 'SAFER' says everything: It makes it 'safer' - to let Ghostscript run a PostScript program, - but it does not make it completely safe. - In theory software is safe against misuse (i.e. has no bugs). - In practice there is an endless sequence of various kind of - security issues (i.e. software can be misused to do more than - what is intended) that get fixed issue by issue ad infinitum. - In the end all that means: - In practice the user who runs Ghostscript must not let it - process arbitrary PostScript files from untrusted origin. - In particular Ghostscript is usually run when printing - documents (with the '-dSAFER' option set), see the part about - "It is crucial to limit access to CUPS to trusted users" in - https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings - -------------------------------------------------------------------- -Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de - -- Version upgrade to 9.25rc1 (first release candidate for 9.25). - Highlights in this release include: - * This release fixes problems with argument handling, some - unintended results of the security fixes to the SAFER file - access restrictions (specifically accessing ICC profile files), - and some additional security issues over the 9.24 release. - * Security issues have been the primary focus of this release, - including solving several (well publicised) real - and potential exploits. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - * Avoid that ps2epsi fails with - 'Error: /undefined in --setpagedevice--' - Recent changes required to harden SAFER mode mean that - it is no longer possible to run ps2epsi in SAFER mode, - because it relies upon unsafe Ghostscript non-standard - extension operators. - Removing SAFER and DELAYSAFER, and the code to reset SAFER, - allow ps2epsi to run as well as it ever did (ie badly). - This program (i.e. ps2epsi) should now be considered unsafe, - you should not use it on untrusted PostScript programs. - Likely we (i.e. Ghostscript upstream) will deprecate and - remove this program in future. - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Thu Sep 13 10:25:21 CEST 2018 - jsmeix@suse.de - -- Version upgrade to 9.24 - Highlights in this release include: - * Security issues have been the primary focus of this release, - including solving several (well publicised) - real and potential exploits. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - * As well as Ghostscript itself, jbig2dec has had a significant - amount of work improving its robustness in the face of - out specification files. - * IMPORTANT: We (i.e. Ghostscript upstream) are in the process - of forking LittleCMS. LCMS2 is not thread safe, and cannot - be made thread safe without breaking the ABI. Our fork - will be thread safe, and include performance enhancements - (these changes have all be been offered and rejected upstream). - We will maintain compatibility between Ghostscript and LCMS2 - for a time, but not in perpetuity. Our fork will be available - as its own package separately from Ghostscript (and MuPDF). - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - For a release summary see: - http://www.ghostscript.com/doc/9.24/News.htm - For details see the News.htm and History9.htm files. -- fix_ln_docdir_gsdatadir.patch is no longer needed - because the issue is fixed in the upstream sources. -- CVE-2018-10194.patch is no longer needed - because the issue is fixed in the upstream sources. - -------------------------------------------------------------------- -Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de - -- CVE-2018-10194.patch fixes stack-based buffer overflow - in gdevpdts.c (bsc#1090099), see - https://bugs.ghostscript.com/show_bug.cgi?id=699255 and - http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 - -------------------------------------------------------------------- -Thu Mar 22 12:51:39 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.23 - Highlights in this release include: - * Ghostscript now has a family of 'pdfimage' devices - (pdfimage8, pdfimage24 and pdfimage32) which produce - rendered output wrapped up as an image in a PDF. - Additionally, there is a 'pclm' device which - produces PCLm format output. - * There is now a ColorAccuracy parameter allowing the user - to decide between speed or accuracy in ICC color transforms. - * JPEG Passthrough: devices which support it can now receive - the 'raw' JPEG stream from the interpreter. - The main use of this is the pdfwrite/ps2write family of devices - that can now take JPEG streams from the input file(s) and write - them unchanged to the output (thus avoiding additional - quantization effects). - * PDF transparency performance improvements - * IMPORTANT: We (i.e. Ghostscript upstream) are in the process - of forking LittleCMS. - LCMS2 is not thread safe, and cannot be made thread safe - without breaking the ABI. Our fork will be thread safe, - and include performance enhancements (these changes have all - be been offered and rejected upstream). We will maintain - compatibility between Ghostscript and LCMS2 for a time, - but not in perpetuity. Our fork will be available as its own - package separately from Ghostscript (and MuPDF). - * We have continued the focus on code hygiene in this release - cleaning up security issues, ignored return values, - and compiler warnings. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes - * The planned device API tidy has, unfortunately, been - indefinitely postponed, until appropriate resources - are available. - For a release summary see: - http://www.ghostscript.com/doc/9.23/News.htm - For details see the News.htm and History9.htm files. - See also the entries below since "Version upgrade to 9.22" - (boo#1082896 and boo#1074266). - -------------------------------------------------------------------- -Fri Mar 16 12:39:36 CET 2018 - jsmeix@suse.de - -- For now use lcms2 from SUSE because that is what currently - Ghostscript upstream recommends according to - https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html - because since Ghostscript 9.23rc1 there is no longer lcms2 - in Ghostscript but now it is lcms2art which is the beginning - of a lcms2 fork, see News.htm that reads in particular - "LCMS2 is not thread safe ... Our fork will be thread safe ... - We will maintain compatibility between Ghostscript and LCMS2 - for a time, but not in perpetuity", see also - https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c14 -- On SLE11 and on SLE12-SP1 there is liblcms2-2-2.5 - which is too old so that configure fails there with - configure: error: lcms2 not found, or too old - but there is no configure option to build it without lcms2 - so that for SLE11 and SLE12-SP1 it is built with - the lcms2art in Ghostscript. -- ppc64le-support.patch is no longer needed because it only - contained a fix for lcms2art/include/lcms2art.h in Ghostscript - but currently lcms2 from SUSE is used instead (see above). -- Do no longer require any fonts packages in particular - neither require ghostscript-fonts-std because the PostScript - Base35 fonts are provided by Ghostscript (in 'Resource') - nor require ghostscript-fonts-other (provides Bitream Charter, - Adobe Utopia, URW Antiqua, URW Grotesq and Hershey fonts where - all but the last are also provided by texlive--fonts) and - those fonts are not required for PostScript compliance, see - https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c13 - -------------------------------------------------------------------- -Thu Mar 15 11:19:33 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.23rc1 (first release candidate for 9.23). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- Adapted ppc64le-support.patch: In Ghostscript 9.23 there is now - lcms2art/include/lcms2art.h (instead of lcms2/include/lcms2.h). -- ghostscript-fix-debug-use.patch is no longer needed - because the issue is fixed in the upstream sources. -- fix_ln_docdir_gsdatadir.patch avoids - "base/unixinst.mak:162: recipe for target 'install-doc' failed" -- Adapted spec file to the new Ghostscript upstream documentation - directory /usr/share/doc/ghostscript/9.23/ - -------------------------------------------------------------------- -Wed Feb 28 00:14:31 UTC 2018 - stefan.bruens@rwth-aachen.de - -- Use -p /sbin/ldconfig instead of shell post(un) scriptlet, drop - explicit Prereq for ldconfig -- Use shared libgs library for gs binary instead of static linked - version -- Use --disable-compile-inits, to allow unbundling of Resource files -- Remove --disable-omni switch, has been removed in GS 9.20 -- Keep patch ordering in full/mini consistent -- Remove patch backup files to avoid packaging - -------------------------------------------------------------------- -Tue Feb 27 14:55:51 CET 2018 - novell@mirell.de - -- Add ghostscript-fix-debug-use.patch from upstream to fix broken - printing with some drivers (especially Dell Printers) from - https://bugs.ghostscript.com/show_bug.cgi?id=698837 -- Fix build for SLE targets - -------------------------------------------------------------------- -Wed Nov 29 16:04:48 CET 2017 - jsmeix@suse.de - -- Version upgrade to 9.22. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * Ghostscript can now consume and produce (via the pdfwrite - device) PDF 2.0 compliant files. - * The main focus of this release has been security and code - cleanliness. Hence many AddressSanitizer, Valgrind and - Coverity issues have been addressed. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes - * The planned device API tidy (still!) did not happen for - this release, due to time pressures, but we still intend - to undertake the following: We plan to somewhat tidy up - the device API. We intend to remove deprecated device procs - (methods/function pointers) and change the device API - so every device proc takes a graphics state parameter - (rather than the current scheme where only a very few procs - take an imager state parameter). This should serve as notice - to anyone maintaining a Ghostscript device outside the - canonical source tree that you may (probably will) need - to update your device(s) when these changes happen. - Devices using only the non-deprecated procs should be - trivial to update. -- Up to 9.22rc1 it "just built" for all openSUSE versions but - since 9.22rc2 the libijs part does no longer buid for any - released openSUSE version where if fails with messages like - libtool: Version mismatch error. - This is libtool 2.4.6 Debian-2.4.6-2, but the - definition of this LT_INIT comes from libtool 2.4.2. - You should recreate aclocal.m4 with macros from - libtool 2.4.6 Debian-2.4.6-2 and run autoconf again. - Makefile: recipe for target 'ijs.lo' failed - so that currently it only builds for Tumbleweed/Factory. - Presumably it is not too complicated to make it build again - also for released openSUSE versions but currently I have - less than zero energy to fix such "latest breaking changes" - so that for now Ghostscript 9.22 is only provided for - openSUSE Tumbleweed/Factory and the upcoming SLE15/Leap15. - -------------------------------------------------------------------- -Fri Sep 29 09:12:06 CEST 2017 - jsmeix@suse.de - -- Version upgrade to 9.22rc2 (second release candidate for 9.22). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Thu Sep 14 15:19:40 CEST 2017 - jsmeix@suse.de - -- Version upgrade to 9.22rc1 (first release candidate for 9.22). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- Since Ghostscript 9.22rc1 font2c and wftopfa are removed. -- CVE-2017-5951.patch CVE-2017-7207.patch - CVE-2017-8291.patch and CVE-2017-9216.patch - are fixed in the version 9.22rc1 upstream sources. - -------------------------------------------------------------------- -Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com - -- CVE-2017-7207.patch fixes a NULL pointer dereference - in mem_get_bits_rectangle - see https://bugs.ghostscript.com/show_bug.cgi?id=697676 - (bsc#1030263) -- CVE-2017-9216.patch fixes a NULL pointer dereference - in jbig2_huffman_get - see https://bugs.ghostscript.com/show_bug.cgi?id=697934 - (bsc#1040643) - -------------------------------------------------------------------- -Tue May 2 14:27:22 CEST 2017 - jsmeix@suse.de - -- CVE-2017-8291.patch fixes - a type confusion in .rsdparams and .eqproc - see https://bugs.ghostscript.com/show_bug.cgi?id=697808 - and https://bugs.ghostscript.com/show_bug.cgi?id=697799 - (bsc#1036453). - -------------------------------------------------------------------- -Wed Apr 12 11:12:27 CEST 2017 - jsmeix@suse.de - -- CVE-2016-10317 (bsc#1032230) - heap buffer overflow in fill_threshhold_buffer() - is not yet fixed because there is no fix available at - https://bugs.ghostscript.com/show_bug.cgi?id=697459 -- CVE-2016-10219 (bsc#1032138) - divide by zero in intersect() - https://bugs.ghostscript.com/show_bug.cgi?id=697453 - is fixed in the version 9.21 upstream sources -- CVE-2016-10218 (bsc#1032135) - null pointer dereference in pdf14_pop_transparency_group() - https://bugs.ghostscript.com/show_bug.cgi?id=697444 - is fixed in the version 9.21 upstream sources. -- CVE-2016-10217 (bsc#1032130) - use-after-free in pdf14_cleanup_parent_color_profiles() - that is related to pdf14_open() in base/gdevp14.c - https://bugs.ghostscript.com/show_bug.cgi?id=697456 - is fixed in the version 9.21 upstream sources. -- CVE-2016-10220 (bsc#1032120) - null pointer dereference in gx_device_finalize() that is - related to gs_makewordimagedevice() in base/gsdevmem.c - https://bugs.ghostscript.com/show_bug.cgi?id=697450 - is fixed in the version 9.21 upstream sources. -- CVE-2017-5951.patch fixes - null pointer dereference in ref_stack_index() that is - related to mem_get_bits_rectangle() in base/gdevmem.c - https://bugs.ghostscript.com/show_bug.cgi?id=697548 - (bsc#1032114) - -------------------------------------------------------------------- -Mon Apr 10 14:06:09 CEST 2017 - jsmeix@suse.de - -- Version upgrade to 9.21. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * pdfwrite now preserves annotations from - input PDFs (where possible). - * The GhostXPS interpreter now provides the pdfwrite device - with the data it requires to emit a ToUnicode CMap: thus - allowing fully searchable PDFs to be created from XPS - input (in the vast majority of cases). - * Ghostscript now allows the default color space - for PDF transparency blends. - * The Ghostscript/GhostPDL configure script now has much - better/fuller support for cross compiling. - * The tiffscaled and tiffscaled4 devices can now - use ETS (Even Tone Screening) - * The toolbin/pdf_info.ps utility can now emit - the PDF XML metadata. - * Ghostscript has a new scan converter available - (currently optional, but will become the default in a near - future release). It can be enabled by using the command line - option: '-dSCANCONVERTERTYPE=2'. This new implementation - provides vastly improved performance with large and complex - paths. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * The planned device API tidy (still!) did not happen for - this release, due to time pressures, but we still intend - to undertake the following: We plan to somewhat tidy up - the device API. We intend to remove deprecated device - procs (methods/function pointers) and change the device API - so every device proc takes a graphics state parameter - (rather than the current scheme where only a very few procs - take an imager state parameter). This should serve as notice - to anyone maintaining a Ghostscript device outside the - canonical source tree that you may (probably will) need to - update your device(s) when these changes happen. Devices using - only the non-deprecated procs should be trivial to update. -- CVE-2016-7976.patch and CVE-2016-7977.patch and - CVE-2016-7978.patch and CVE-2016-7979.patch and - CVE-2016-8602.patch are no longer needed because - those issues are fixed in the upstream sources. -- 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch - and - 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch - are no longer needed because both are included - in the upstream sources, see the upstream issue - https://bugs.ghostscript.com/show_bug.cgi?id=697484 -- Again use the zlib sources from Ghostscript upstream - and disable remove-zlib-h-dependency.patch because - Ghostscript 9.21 does no longer build this way, - cf. the entry below dated "Wed Nov 18 11:46:58 UTC 2015" - -------------------------------------------------------------------- -Thu Jan 12 17:13:58 UTC 2017 - stefan.bruens@rwth-aachen.de - -- Set SOURCE_DATE_EPOCH based on changelog head -- Add 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch - * Use SOURCE_DATE_EPOCH for mkromfs output for reproducible build -- Add 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch - * Sort ROM contents for deterministic output - -------------------------------------------------------------------- -Mon Oct 17 13:36:57 CEST 2016 - jsmeix@suse.de - -- CVE-2013-5653 (getenv and filenameforall ignore -dSAFER) - is fixed in the Ghostscript 9.20 upstream sources - see http://bugs.ghostscript.com/show_bug.cgi?id=694724 - (bsc#1001951). -- CVE-2016-7976.patch fixes that - various userparams allow %pipe% in paths, allowing - remote shell command execution - see http://bugs.ghostscript.com/show_bug.cgi?id=697178 - (bsc#1001951). -- CVE-2016-7977.patch fixes that - .libfile doesn't check PermitFileReading array, allowing - remote file disclosure - see http://bugs.ghostscript.com/show_bug.cgi?id=697169 - (bsc#1001951). -- CVE-2016-7978.patch fixes that - reference leak in .setdevice allows - use-after-free and remote code execution - see http://bugs.ghostscript.com/show_bug.cgi?id=697179 - (bsc#1001951). -- CVE-2016-7979.patch fixes that - type confusion in .initialize_dsc_parser allows - remote code execution - see http://bugs.ghostscript.com/show_bug.cgi?id=697190 - (bsc#1001951). -- CVE-2016-8602.patch fixes a NULL dereference in .sethalftone5 - see http://bugs.ghostscript.com/show_bug.cgi?id=697203 - (bsc#1004237). - -------------------------------------------------------------------- -Thu Sep 29 14:40:38 CEST 2016 - jsmeix@suse.de - -- Version upgrade to 9.20. Purely a maintenance release. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * The planned device API tidy did not happen for this release, - due to time pressures, but we still intend to undertake the - following: We plan to somewhat tidy up the device API. - We intend to remove deprecated device procs - (methods/function pointers) and change the device API - so every device proc takes a graphics state parameter (rather - than the current scheme where only a very few procs take an - imager state parameter). This should serve as notice to anyone - maintaining a Ghostscript device outside the canonical source - tree that you may (probably will) need to update your - device(s) when these changes happen. Devices using only - the non-deprecated procs should be trivial to update. - -------------------------------------------------------------------- -Thu Sep 15 10:12:03 CEST 2016 - jsmeix@suse.de - -- Version upgrade to 9.20rc1 (first release candidate for 9.20). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Wed Mar 23 15:43:27 CET 2016 - jsmeix@suse.de - -- Version upgrade to 9.19. Mainly a maintenance release. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * Metadata pdfmark is now implemented. This allows the user - to specify an XMP stream which will be written to the - Catalog of the PDF file. A new pdfmark 'Ext_Metadata' has - been defined. This takes a string parameter which contains - XML to be add to the XMP normally created by pdfwrite. - See "pdfwrite pdfmark extensions" for more information. - * An experimental, rudimentary raster trapping implementation - has been added to the Ghostscript graphics library. - See "Trapping" for details. - Incompatible changes: - * (Minor) API change: copy_alpha now supports 8 bit depth - (as well as the previous 2 and 4). - * The gs man pages are woefully out of date and basically - unmaintained. With the release following 9.19, we intend - to replace their contents with a very limited summary - of (unlikely to ever change aspects of) calling - Ghostscript, and a pointer to the (maintained) HTML - documentation. That is, unless a volunteer is willing - to update, and commit to maintaining the man pages. - * ijs-config is no longer provided - Planned incompatible changes: - * We plan (ideally for the release following 9.19) to somewhat - tidy up the device API. We plan to remove deprecated device - procs (methods/function pointers). We also intend to merge - the imager state and graphics state (thus eliminating the - imager state), and change the device API so every device proc - takes a graphics state parameter (rather than the current - scheme where only a very few procs take an imager state - parameter). This should serve as notice to anyone maintaining - a Ghostscript device outside the canonical source tree that - you may (probably will) need to update your device(s) when - these changes happen. Devices using only the non-deprecated - procs should be trivial to update. -- fix_make_install.patch fixes and - add_brackets_for_old_autoconf.patch are no longer needed - because both issues are fixed in the upstream sources. - -------------------------------------------------------------------- -Fri Mar 18 10:13:23 CET 2016 - jsmeix@suse.de - -- Version upgrade to 9.19rc1 (first release candidate for 9.19). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- ijs-config is no longer provided -- fix_make_install.patch fixes an install error and - add_brackets_for_old_autoconf.patch fixes an autoconf error - see http://bugs.ghostscript.com/show_bug.cgi?id=696665 -- fix_ijs_and_x11_for_FirstPage_and_LastPage.patch is no longer - needed because it is fixed in the upstream sources. -- install_gserrors.h.patch is no longer needed because it is fixed - in the upstream sources. - -------------------------------------------------------------------- -Wed Nov 18 11:46:58 UTC 2015 - schwab@suse.de - -- Do not use library sources for freetype jpeg libpng tiff zlib - from the Ghostscript upstream tarball because we prefer to use - for long-established standard libraries the ones from SUSE - in particular to automatically get SUSE security updates - for standard libraries. - In contrast we use e.g. lcms2 from the Ghostscript upstream - tarball because this one is specially modified to work with - Ghostscript so that we cannot use lcms2 from SUSE. -- remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h - in makefiles as we do not use the zlib sources from the - Ghostscript upstream tarball. - -------------------------------------------------------------------- -Thu Nov 5 13:33:14 CET 2015 - jsmeix@suse.de - -- An incompatible change appeared when building other software - with Ghostscript 9.18. - Since version 9.18 Ghostscript does no longer provide - e_ (e.g. e_NeedInput) in its header files - (gserrors.h and ierrors.h). - When building other software with Ghostscript 9.18 - gs_error_ (e.g. gs_error_NeedInput) - must be used, see boo#953149 and - http://bugs.ghostscript.com/show_bug.cgi?id=696317 - -------------------------------------------------------------------- -Fri Oct 30 11:28:14 CET 2015 - jsmeix@suse.de - -- install_gserrors.h.patch installs gserrors.h to fix - http://bugs.ghostscript.com/show_bug.cgi?id=696301 - because without gserrors.h several other packages fail to build - (in particular texlive, libspectre, gimp,...). - -------------------------------------------------------------------- -Mon Oct 12 10:26:52 CEST 2015 - jsmeix@suse.de - -- fix_ijs_and_x11_for_FirstPage_and_LastPage.patch - fixes the Ghostscript device ijs and the x11* devices - so that they also work when -dFirstPage/-dLastPage is used, - see http://bugs.ghostscript.com/show_bug.cgi?id=696246 - -------------------------------------------------------------------- -Tue Oct 6 10:21:22 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.18. A maintenance release. - There are no recorded incompatible changes (as of this writing). - Highlights in this release include: - * A substantial revision of the build system and GhostPDL - directory structure. Ghostscript-only users should - not be affected by this change. - * A new method of internally inserting devices into the device - chain has been developed, named "device subclassing". - This allows suitably written devices to be more easily and - consistently as "filter" devices. - The first fruit of this is a new implementation of - the "-dFirstPage"/"-dLastPage" feature which functions - a device filter in the Ghostscript graphics library, meaning - it works consistently with all input languages. - * Plus the usual round of bug fixes, compatibility changes, - and incremental improvements. - See http://www.ghostscript.com/doc/9.18/News.htm - For details see the News.htm and History9.htm files. - -------------------------------------------------------------------- -Tue Sep 29 11:05:48 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.18rc2 (second release candidate for 9.18). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- assign_pointer_not_value_in_gximono.c.patch is no longer needed - because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Thu Sep 24 10:29:04 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.18rc1 (first release candidate for 9.18). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- CVE-2015-3228.patch is no longer needed because it is fixed - in the upstream sources. -- assign_pointer_not_value_in_gximono.c.patch attempts to fix a - "assignment makes pointer from integer without a cast" compiler - warning by assigning the pointer and not the integer value. -- Removed --disable-compile-inits from configure, see - http://bugs.ghostscript.com/show_bug.cgi?id=696223 - and "Precompiled run-time data" in - /usr/share/ghostscript/9.18/doc/Make.htm - -------------------------------------------------------------------- -Wed Jul 29 15:20:46 CEST 2015 - jsmeix@suse.de - -- CVE-2015-3228.patch fixes out of bound read/write cause - by integer overflow in gsmalloc.c (boo#939342). - -------------------------------------------------------------------- -Tue Mar 31 10:18:06 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.16. Primarily a maintenance release. - There are no recorded incompatible changes (as of this writing). - Highlights in this release include: - * "LockColorants" command line option for tiffsep and psdcmyk - devices. - * Improved high level devices handling of Forms. - See http://www.ghostscript.com/doc/9.16/News.htm - For details see the News.htm and History9.htm files. -- fix.including.pread.pwrite.pthread_mutexattr_settype.diff - is no longer needed because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Wed Mar 25 12:38:16 CET 2015 - jsmeix@suse.de - -- fix.including.pread.pwrite.pthread_mutexattr_settype.diff - fixes on SLE11 implicit declaration of function warnings - for 'pread' 'pwrite' 'pthread_mutexattr_settype' see - http://bugs.ghostscript.com/show_bug.cgi?id=695882 -- ppc64le-support.patch is a remainder of the previous patch - now the hunk for LCMS (lcms/include/lcms.h) is removed - because LCMS 1.x is removed since Ghostscript 9.16 - but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed - see http://bugs.ghostscript.com/show_bug.cgi?id=695544 - -------------------------------------------------------------------- -Fri Mar 20 17:12:34 CET 2015 - jsmeix@suse.de - -- Version upgrade to 9.16rc2 (second release candidate for 9.16). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Sun Sep 28 18:00:37 CEST 2014 - ro@suse.de - -- readd ppc64le patch ppc64le-support.patch (adapted for lcms2 in - Ghostscript version 9.15): the tests in lcms2.h cannot work - without "include " that is now added and - regardless that lcms is not used by default (unless the - configure option --with-lcms is set), lcms is again fixed - (see http://bugs.ghostscript.com/show_bug.cgi?id=695544). - -------------------------------------------------------------------- -Tue Sep 23 10:14:28 CEST 2014 - jsmeix@suse.de - -- Version upgrade to 9.15. Primarily a maintenance release. - There are no recorded incompatible changes (as of this writing). - Highlights in this release include: - * Ghostscript now supports the PDF security handler revision 6. - * The pdfwrite and ps2write (and related) devices can now be - forced to "flatten" glyphs into "basic" marking operations - (rather than writing fonts to the output), by giving - the -dNoOutputFonts command line option (defaults to "false"). - * PostScript programs can now use get_params or get_param to - determine if a page contains color markings by reading the - pageneutralcolor state from the device (so whether the page - is "color" or "mono"). Note that this is only accurate when in - clist mode, so -dMaxBitmap=0 and -dGrayDetection=true should - both be used. - * The pdfwrite device now supports Link annotations with GoTo - and GoToR actions. - * The pdfwrite device now supports BMC/BDC/EMC pdfmarks - * Regarding the new color management for the pdfwrite device - introduced in the previous release, the proscription on using - the new color management when producing PDF/A-1 compliant files - is now lifted. To reiterate, also, with the new color - management implementation, using the UseCIEColor option is - strongly discouraged. For further information on the new - pdfwrite color management, see in Ps2pdf.htm the - "Color Conversion and Management" section. - * Plus the usual round of bug fixes, compatibility changes, - and incremental improvements. - For details see the News.htm and History9.htm files. - -------------------------------------------------------------------- -Wed Sep 17 12:17:47 CEST 2014 - jsmeix@suse.de - -- Version upgrade to 9.15rc2 (second release candidate for 9.15). - Ghostscript upstream QA highlighted a couple of issues - that they felt warranted a fresh release candidate. - For details see the History9.htm file. - -------------------------------------------------------------------- -Tue Sep 9 16:06:31 CEST 2014 - jsmeix@suse.de - -- Version upgrade to 9.15rc1 (first release candidate for 9.15). - For details see the News.htm and History9.htm files. -- ppc64le-support.patch is no longer needed because - it is fixed in the upstream sources. -- Removed trailing whitespaces in spec file and changes file. - -------------------------------------------------------------------- -Mon Aug 18 15:12:28 UTC 2014 - meissner@suse.com - -- gs does not seem to require libopenssl-devel for building. - -------------------------------------------------------------------- -Thu Mar 27 12:21:55 CET 2014 - jsmeix@suse.de - -- Version upgrade to 9.14. Primarily a maintenance release. - Highlights in this release include (excerpt): - * pdfwrite now uses the same color management engine as - Ghostscript rendering devices (by default LCMS2). For - the duration of this release a new switch -dPDFUseOldCMS - is available which will restore the old color management. - See: "Color Conversion and Management" in Ps2pdf.htm - Due to constraints of the PDF/A-1 specification, the new color - management does not yet apply when producing PDF/A files. - * A new device 'eps2write' has been added which allows for the - creation of EPS files using the ps2write device instead of - the deprecated and removed pswrite device. The epswrite device - is now also deprecated and will be removed in a future release. - * Ghostscript has a new "pwgraster" output device for PWG Raster - output. - * The CUPS device now has improved support for PPD-less printing. - For details see the News.htm and History9.htm files. - -------------------------------------------------------------------- -Fri Dec 13 19:09:12 UTC 2013 - uweigand@de.ibm.com - -- ppc64le-support.patch from IBM fixes endianness - in lcms (the Little-CMS library) to support the new - architecture ppc64le (IBM Power PC Little Endian architecture) - because ppc64 is big-endian and ppc64le is little-endian - and lcms has a hard-coded check that assumes PowerPC - is always big-endian which is incorrect on ppc64le. - The fix is already in the main Little-CMS repository - by this Git commit - https://github.com/mm2/Little-CMS/commit/b4f5c91a2c1582bd284f0d0f49cb43e2c2235a79 - (There are some cosmetic changes in the upstream patch.) - It is not yet in the imported copy in Ghostscript. - IBM will work with upstream to get the fix imported too. - -------------------------------------------------------------------- -Tue Sep 3 16:26:46 CEST 2013 - jsmeix@suse.de - -- Version upgrade to 9.10. Primarily a maintenance release. - Highlights in this release include: - * LittleCMS2 and libpng have both been updated to the - latest versions. - * The URW Postscript font set has been updated to the - latest version, fixing many compatibility problems - with the Adobe fonts. - * The CUPS filters gstoraster and gstopxl have been - removed from Ghostscript. Those filters are now provided by - cups-filters (a free software package hosted by OpenPrinting) - that contains all CUPS filters needed by CUPS under Linux - (see also the openSUSE issue bnc#735404 comment#44 at - https://bugzilla.novell.com/show_bug.cgi?id=735404#c44). - For details see the News.htm and History9.htm files. -- fix-undefined-operation.patch is no longer needed because - it is fixed in the upstream sources. - -------------------------------------------------------------------- -Thu Aug 29 15:06:13 CEST 2013 - jsmeix@suse.de - -- Version upgrade to 9.10rc1 (release candidate for the 9.10 version). - For details see the News.htm and History9.htm files. -- Prepare spec files to build both releases and release candidates - easily in the future by using special different version strings. -- fix-undefined-operation.patch fixes - http://bugs.ghostscript.com/show_bug.cgi?id=694546 -- Removed BuildRequires for liblcms-devel because it is not needed - when we build Ghostscript that works in compliance with upstream - (see https://bugzilla.novell.com/show_bug.cgi?id=828751#c5). - -------------------------------------------------------------------- -Wed Mar 27 07:58:08 UTC 2013 - mmeister@suse.com - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -------------------------------------------------------------------- -Tue Feb 19 13:51:06 CET 2013 - jsmeix@suse.de - -- Version upgrade to 9.07. - * As of this release (9.07), Ghostscript is distributed - under the GNU Affero General Public License (AGPL). - * Ghostscript has been extended to support file sizes >4Gb - in particular reading and writing PDF files. - * Color management enhancements. Full details of the color - management features can be found in: GS9_Color_Management.pdf - * The pdfwrite devices now supports linearized (or optimized - for fast web view) output directly ("-dFastWebView"). - * With the addition of linearisation to pdfwrite, pdfopt.ps - has become redundant. Since it is difficult to maintain, - has a number of bugs, and is believed not to work properly - anyway, it is removed. Accordingly the pdfopt shell script - that used pdfopt.ps is also removed. - -------------------------------------------------------------------- -Thu Jan 3 11:58:51 CET 2013 - jsmeix@suse.de - -- Provide libijs (that is not done via "configure --with-ijs") - because libijs is needed by the pdftoijs filter in the - cups-filters package (see the README file in cups-filters). - -------------------------------------------------------------------- -Thu Sep 27 12:02:51 UTC 2012 - mmeister@suse.com - -- Version upgrade to 9.06. Mainly a bugfix release. - * pdfwrite announcements: - pdfwrite now supports the creation of PDF/A-2 files. - For further details see the NEWS file. - * removed moribund dumphint tool, see History9.htm and - http://bugs.ghostscript.com/show_bug.cgi?id=693223 - -------------------------------------------------------------------- -Mon Sep 24 10:44:57 UTC 2012 - idonmez@suse.com - -- "export SUSE_ASNEEDED=0" disables -Wl,--as-needed linker flags, - see http://bugs.ghostscript.com/show_bug.cgi?id=693100 - -------------------------------------------------------------------- -Thu May 10 15:49:33 CEST 2012 - jsmeix@suse.de - -- Require Ghostscript's font packages because the - Ghostscript package provides the "Fontmap" file - /usr/share/ghostscript//Resource/Init/Fontmap.GS - which lists Ghostscript's fonts but the fonts itself - are provided in the separated packages ghostscript-fonts-std - and ghostscript-fonts-other so that a RPM requirement - is needed to make sure that Ghostscript has its fonts. -- Extract the catalog of devices which are actually built-in - in exactly this Ghostscript and provide it as catalog.devices - in the Ghostscript package. - -------------------------------------------------------------------- -Tue Apr 24 14:30:45 CEST 2012 - jsmeix@suse.de - -- Install documentation which is not installed by default - (LICENSE doc/AUTHORS doc/COPYING doc/thirdparty.htm - doc/WhatIsGS.htm doc/GS9_Color_Management.pdf - doc/gs-vms.hlp doc/Ps2ps2.htm). -- Add a link from SUSE's usual documentation directory - (/usr/share/doc/packages/ghostscript/) to Ghostscript's - documentation directory (/usr/share/ghostscript/9.05/doc/) - because "configure --docdir=..." does not work. -- Let ghostscript-mini "Conflicts: ghostscript-library". - -------------------------------------------------------------------- -Wed Mar 28 10:59:21 CEST 2012 - jsmeix@suse.de - -- Require only the basic fonts for Ghostscript - (package ghostscript-fonts-std) but do not recommend - optional fonts (package ghostscript-fonts-other). - -------------------------------------------------------------------- -Fri Mar 23 11:32:28 CET 2012 - jsmeix@suse.de - -- Cleaned up BuildRequires. -- Explicitly specify configure --with-* versus --without-* - in ghostscript.spec versus ghostscript-mini.spec - to make the differences clear. - -------------------------------------------------------------------- -Tue Mar 20 16:07:56 CET 2012 - jsmeix@suse.de - -- Initial ghostscript-mini package. - diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec deleted file mode 100644 index 897e9f1..0000000 --- a/ghostscript-mini.spec +++ /dev/null @@ -1,469 +0,0 @@ -# -# spec file for package ghostscript-mini -# -# Copyright (c) 2022 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - - -Name: ghostscript-mini -BuildRequires: freetype2-devel -BuildRequires: libjpeg-devel -BuildRequires: liblcms2-devel -BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libtool -BuildRequires: pkg-config -BuildRequires: update-alternatives -BuildRequires: zlib-devel -Requires(post): update-alternatives -Requires(preun):update-alternatives -Summary: Minimal Ghostscript for minimal build requirements -License: AGPL-3.0-only -Group: Productivity/Office/Other -URL: https://www.ghostscript.com/ -# Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1). -# Version 9.15rc1 would be newer than 9.15 (run "zypper vcmp 9.15rc1 9.15") because the rpmvercmp algorithm -# would treat 9.15rc1 as 9.15.rc.1 (alphabetic and numeric sections get separated into different elements) -# and 9.15.rc.1 is newer than 9.15 (it has one more element in the list while previous elements are equal) -# so that we use an alphabetic prefix 'pre' to make it older than 9.15 (numbers are considered newer than letters). -# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" -# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers -# so that we keep additionally the previous version number to upgrade from the previous version: -# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. -#Version: 9.25pre26rc1 -Version: 9.54.0 -Release: 0 -# Normal version for Ghostscript releases is the upstream version: -# tarball_version is used below to specify the directory via "setup -n": -# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". -# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): -%define tarball_version %{version} -#define tarball_version 9.26rc1 -# built_version is used below in the install and files sections: -# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". -# For Ghostscript releases built_version and version are the same (i.e. the upstream version): -%define built_version %{version} -#define built_version 9.26 -# Source0...Source9 is for sources from upstream: -# Special URLs for Ghostscript release candidates: -# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases -# URL for Source0: -# wget -O ghostscript-9.26rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/ghostscript-9.26rc1.tar.gz -# URL for MD5 checksums: -# wget -O gs9.26rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/MD5SUMS -# MD5 checksum for Source0: 6539d5b270721938936d721f279a3520 ghostscript-9.26rc1.tar.gz -#Source0: ghostscript-%{tarball_version}.tar.gz -# Normal URLs for Ghostscript releases: -# URL for Source0: -# wget -O ghostscript-9.54.0.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/ghostscript-9.54.0.tar.gz -# URL for MD5 checksums: -# wget -O gs9540.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/MD5SUMS -# MD5 checksum for Source0: 5d571792a8eb826c9f618fb69918d9fc ghostscript-9.54.0.tar.gz -Source0: ghostscript-%{version}.tar.gz -Source1: apparmor_ghostscript -# Patch0...Patch9 is for patches from upstream: -# Source10...Source99 is for sources from SUSE which are intended for upstream: -# Patch10...Patch99 is for patches from SUSE which are intended for upstream: -# Source100...Source999 is for sources from SUSE which are not intended for upstream: -# Patch100...Patch999 is for patches from SUSE which are not intended for upstream: -# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h -# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: -Patch100: remove-zlib-h-dependency.patch -# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem -# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): -Patch101: ijs_exec_server_dont_use_sh.patch -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -Patch102: CVE-2021-3781.patch -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -Patch103: CVE-2021-45949.patch -# RPM dependencies: -# The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" -# so other packages can build with any available Ghostscript implementation, -# either ghostscript or ghostscript-mini ("BuildRequires: ghostscript-mini" should not -# be used because ghostscript-mini does not exist outside of OBS so other packages that -# use "BuildRequires: ghostscript-mini" could not be built in published products). -# The "Provides: ghostscript_any" does not affect end-users who should not get -# ghostscript-mini installed (but only the full featured ghostscript package) -# because ghostscript-mini (and ghostscript-mini-devel) are not published -# in openSUSE products, cf. https://build.opensuse.org/request/show/877083 -Provides: ghostscript_any = %{version} -Conflicts: ghostscript -Conflicts: ghostscript-devel -Conflicts: ghostscript-library -Conflicts: ghostscript-x11 -# Install into this non-root directory (required when norootforbuild is used): -BuildRoot: %{_tmppath}/%{name}-%{version}-build - -%description -Crippled Minimal Ghostscript which is not meant -to be used by end-users. - -Minimal Ghostscript provides only the file format drivers -in particular to output JPEG PNG PostScript and PDF files -but no printer drivers (in particular neither 'cups' -nor 'ijs') and no X11 drivers. - -The ghostscript-mini package is only meant to be used -by the openSUSE build service to avoid possible loops -in the build dependencies because ghostscript-mini -has minimal build dependencies (in particular -neither CUPS nor X11 build dependencies). - -For most packages which need to only run -Ghostscript during build, a single line -"BuildRequires: ghostscript-mini" -should be sufficient in the RPM spec file. - -For most packages which need Ghostscript -development files to build, a single line -"BuildRequires: ghostscript-mini-devel" -should be sufficient in the RPM spec file. - -The ghostscript-mini package in the openSUSE build -service contains no sources and it must not contain -any source files. The ghostscript-mini package is only -a link to its matching ghostscript "parent" package. -Only that ghostscript package must contain all sources -and any changes must happen only for that ghostscript -package. This means any changes for the ghostscript-mini -package will be rejected in the openSUSE build service. - -%package devel -Summary: Development files for Minimal Ghostscript -Group: Development/Libraries/C and C++ -Requires: ghostscript-mini = %{version} -Conflicts: ghostscript -Conflicts: ghostscript-devel -Conflicts: ghostscript-library -Conflicts: ghostscript-x11 - -%description devel -This package contains the development files for Minimal Ghostscript. - -%prep -# Be quiet when unpacking and -# use a directory name matching Source0 to make it work also for ghostscript-mini: -%setup -q -n ghostscript-%{tarball_version} -# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h -# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. -# Again use the zlib sources from Ghostscript upstream -# and disable remove-zlib-h-dependency.patch because -# Ghostscript 9.21 does no longer build this way: -#patch100 -p1 -b remove-zlib-h-dependency.orig -# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem -# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): -%patch101 -p1 -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -%patch102 -p1 -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -%patch103 -# Remove patch backup files to avoid packaging -# cf. https://build.opensuse.org/request/show/581052 -rm -f Resource/Init/*.ps.orig -# Do not use the freetype jpeg libpng tiff zlib sources from the Ghostscript upstream tarball -# because we prefer to use for long-established standard libraries the ones from SUSE -# in particular to automatically get SUSE security updates for standard libraries. -# In contrast we use e.g. lcms2 from the Ghostscript upstream tarball because this one -# is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE: -#rm -rf freetype jpeg libpng tiff zlib -# Again use the zlib sources from Ghostscript upstream -# and disable remove-zlib-h-dependency.patch because -# Ghostscript 9.21 does no longer build this way: -%if 0%{?suse_version} == 1315 -# Again use the freetype sources from Ghostscript upstream because -# Ghostscript 9.27 does no longer build this way for SLE12: -rm -rf jpeg libpng tiff -%else -rm -rf freetype jpeg libpng tiff -%endif -%if 0%{?suse_version} >= 1550 -rm -rf openjpeg -%endif -# In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1 -# because that is what Ghostscript upstream recommends according to -# https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html -# because singe Ghostscript 9.23rc1 there is no longer lcms2 in Ghostscript -# but now it is lcms2art (the beginning of a lcms2 fork - see News.htm). -# On SLE11 and on SLE12-SP1 there is liblcms2-2-2.5 -# which is too old so that configure fails there with -# checking for local lcms2 library source... no -# checking for system lcms2 library... checking for _cmsCreateMutex in -llcms2... no -# configure: error: lcms2 not found, or too old -# (on SLE12-SP2 there is liblcms2-2-2.7 which is not too old) -# but there is no configure option to build it without lcms2 -# so that for SLE11 and SLE12-SP1 it is built with lcms2art in Ghostscript -# i.e. lcms2art in Ghostscript is only removed when not SLE11 or SLE12-SP1 -# cf. https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto -%if 0%{?suse_version} == 1110 || 0%{?sle_version} == 120100 -echo "Building it with lcms2art in Ghostscript" -%else -rm -rf lcms2art -%endif - -%build -# Derive build timestamp from latest changelog entry -export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) -# Set our preferred architecture-specific flags for the compiler and linker: -export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC" -export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC" -export LDFLAGS="-pie" -autoreconf -fi -# --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used. -# --disable-cups and --without-pdftoraster -# to have nothing related to CUPS in the minimal Ghostscript. -# --disable-dbus to have nothing related to D-Bus in the minimal Ghostscript. -# --without-ijs to disable IJS printer driver support in the minimal Ghostscript. -# --with-drivers=FILES to have only the file format drivers -# but no printer drivers in the minimal Ghostscript. -# --without-x to not use the X Window System. -# --enable-openjpeg because since Ghostscript 9.05 JasPer is deprecated -# (--without-jasper is now an unrecognized option by configure) -# and Ghostscript now ships modified OpenJPEG sources for JPEG2000 decoding -# (replacing JasPer - although JasPer is still included for this release) -# Performance, reliability and memory use whilst decoding JPX streams are all improved. -# see also http://bugs.ghostscript.com/show_bug.cgi?id=691430 -# --without-ufst and --without-luratech because those are relevant to commercial releases only -# which would require a commercial license. -# --disable-compile-inits to disable compiling of resources (Fonts, init postscript files, ...) -# into the library, which is the upstream recommendation for distributions. This also allows -# unbundling the 35 Postscript Standard fonts, provided by the URW font package -# --without-libpaper disables libpaper support because SUSE does not have libpaper. -%define gs_font_path /usr/share/fonts/truetype:/usr/share/fonts/Type1:/usr/share/fonts/CID:/usr/share/fonts/URW -# See http://bugs.ghostscript.com/show_bug.cgi?id=693100 -export SUSE_ASNEEDED=0 -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --with-fontpath=%{gs_font_path} \ - --with-libiconv=maybe \ - --enable-freetype \ - --with-jbig2dec \ - --enable-openjpeg \ - --enable-dynamic \ - --disable-compile-inits \ - --without-ijs \ - --disable-cups \ - --disable-dbus \ - --without-pdftoraster \ - --with-drivers=FILES \ - --without-x \ - --disable-gtk \ - --without-ufst \ - --without-luratech \ - --without-libpaper - -# Make libgs.so and two programs which use it, gsx and gsc: -# With --disable-gtk, gsx and gsc are identical. It provides a command line -# frontend to libgs equivalent (functional and command line arguments) to -# the gs binary, but uses the shared libgs instead of static linking -make so -# Configure and make libijs (that is not done regardless whether or not --with-ijs is used above): -pushd ijs -./autogen.sh -autoreconf -fi -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --enable-shared \ - --disable-static -make -popd - -%install -# Install libgs.so gsx gsc and some header files: -make soinstall DESTDIR=%{buildroot} -# Use gsc instead of gs, and remove duplicate gsx (see above) -mv %{buildroot}/%{_bindir}/{gsc,gs} -rm %{buildroot}/%{_bindir}/gsx -# Install libijs and its header files: -pushd ijs -make install DESTDIR=%{buildroot} -popd -# Remove installed ijs example client and server and its .la file: -rm %{buildroot}%{_bindir}/ijs_client_example -rm %{buildroot}%{_bindir}/ijs_server_example -rm %{buildroot}%{_libdir}/libijs.la -# Install examples: -EXAMPLESDIR=%{buildroot}%{_datadir}/ghostscript/%{built_version}/examples -test -d $EXAMPLESDIR || install -d $EXAMPLESDIR -for E in examples/* -do install -m 644 $E $EXAMPLESDIR || : -done -test -d $EXAMPLESDIR/cjk || install -d $EXAMPLESDIR/cjk -for E in examples/cjk/* -do install -m 644 $E $EXAMPLESDIR/cjk || : -done -# Install documentation which is not installed by default -# see http://bugs.ghostscript.com/show_bug.cgi?id=693002 -# and fail intentionally as notification if something changed: -DOCDIR=%{buildroot}%{_datadir}/doc/ghostscript/%{built_version} -for D in LICENSE -do test -e $DOCDIR/$( basename $D ) && exit 99 - install -m 644 $D $DOCDIR -done -# Add a link named 'ghostscript' from SUSE's usual documentation directory /usr/share/doc/packages -# with link target Ghostscript's documentation directory e.g. /usr/share/doc/ghostscript/9.23 -# as relative link to get the link independent of the buildroot prefix -# i.e. in /usr/share/doc/packages add the link ghostscript -> ../ghostscript/9.23 -# because "configure --docdir=%%{_defaultdocdir}/%%{name}" does not work (see above): -install -d -m 755 %{buildroot}%{_defaultdocdir} -pushd %{buildroot}%{_defaultdocdir} -ln -s ../ghostscript/%{built_version} ghostscript -popd -# Extract the catalog of devices which are actually built-in in exactly this Ghostscript: -# If a needed source file is no longer accessible fail intentionally as notification -# that something changed which needs adaptions here: -catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak" -for F in $catalog_devices_source_files -do test -r $F || exit 99 -done -# Do not pollute the build log file with zillions of meaningless messages: -set +x -cat /dev/null >catalog.devices -for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' ) -do for F in $catalog_devices_source_files - do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices - done -done -# Switch back to the usual build log messages: -set -x -install -m 644 catalog.devices $DOCDIR - -# Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives -install -d %buildroot%{_sysconfdir}/alternatives -mv %{buildroot}%{_bindir}/gs %{buildroot}%{_bindir}/gs.bin -ln -sf %{_bindir}/gs.bin %{buildroot}%{_sysconfdir}/alternatives/gs -ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs - -%post -/sbin/ldconfig -%{_sbindir}/update-alternatives \ - --install %{_bindir}/gs gs %{_bindir}/gs.bin 15 - -%postun -p /sbin/ldconfig - -%preun -if test $1 -eq 0 ; then - %{_sbindir}/update-alternatives \ - --remove gs %{_bindir}/gs.bin -fi - -%files -%defattr(-, root, root) -%ghost %config %{_sysconfdir}/alternatives/gs -%{_bindir}/dvipdf -%{_bindir}/eps2eps -%{_bindir}/gs -%{_bindir}/gs.bin -%{_bindir}/gsbj -%{_bindir}/gsdj -%{_bindir}/gsdj500 -%{_bindir}/gslj -%{_bindir}/gslp -%{_bindir}/gsnd -%{_bindir}/lprsetup.sh -%{_bindir}/pdf2dsc -%{_bindir}/pdf2ps -%{_bindir}/pf2afm -%{_bindir}/pfbtopfa -%{_bindir}/pphs -%{_bindir}/printafm -%{_bindir}/ps2ascii -%{_bindir}/ps2epsi -%{_bindir}/ps2pdf -%{_bindir}/ps2pdf12 -%{_bindir}/ps2pdf13 -%{_bindir}/ps2pdf14 -%{_bindir}/ps2pdfwr -%{_bindir}/ps2ps -%{_bindir}/ps2ps2 -%{_bindir}/unix-lpr.sh -%doc %{_mandir}/man1/dvipdf.1.gz -%doc %{_mandir}/man1/eps2eps.1.gz -%doc %{_mandir}/man1/gs.1.gz -%doc %{_mandir}/man1/gsbj.1.gz -%doc %{_mandir}/man1/gsdj.1.gz -%doc %{_mandir}/man1/gsdj500.1.gz -%doc %{_mandir}/man1/gslj.1.gz -%doc %{_mandir}/man1/gslp.1.gz -%doc %{_mandir}/man1/gsnd.1.gz -%doc %{_mandir}/man1/pdf2dsc.1.gz -%doc %{_mandir}/man1/pdf2ps.1.gz -%doc %{_mandir}/man1/pf2afm.1.gz -%doc %{_mandir}/man1/pfbtopfa.1.gz -%doc %{_mandir}/man1/printafm.1.gz -%doc %{_mandir}/man1/ps2ascii.1.gz -%doc %{_mandir}/man1/ps2epsi.1.gz -%doc %{_mandir}/man1/ps2pdf.1.gz -%doc %{_mandir}/man1/ps2pdf12.1.gz -%doc %{_mandir}/man1/ps2pdf13.1.gz -%doc %{_mandir}/man1/ps2pdf14.1.gz -%doc %{_mandir}/man1/ps2pdfwr.1.gz -%doc %{_mandir}/man1/ps2ps.1.gz -%doc %{_mandir}/de/man1/dvipdf.1.gz -%doc %{_mandir}/de/man1/eps2eps.1.gz -%doc %{_mandir}/de/man1/gsnd.1.gz -%doc %{_mandir}/de/man1/pdf2dsc.1.gz -%doc %{_mandir}/de/man1/pdf2ps.1.gz -%doc %{_mandir}/de/man1/printafm.1.gz -%doc %{_mandir}/de/man1/ps2ascii.1.gz -%doc %{_mandir}/de/man1/ps2pdf.1.gz -%doc %{_mandir}/de/man1/ps2pdf12.1.gz -%doc %{_mandir}/de/man1/ps2pdf13.1.gz -%doc %{_mandir}/de/man1/ps2pdf14.1.gz -%doc %{_mandir}/de/man1/ps2ps.1.gz -%doc %{_defaultdocdir}/ghostscript -%dir %{_datadir}/doc/ghostscript -%doc %{_datadir}/doc/ghostscript/%{built_version} -%dir %{_datadir}/ghostscript -%dir %{_datadir}/ghostscript/%{built_version} -%{_datadir}/ghostscript/%{built_version}/Resource -%{_datadir}/ghostscript/%{built_version}/iccprofiles -%{_datadir}/ghostscript/%{built_version}/examples/ -%{_datadir}/ghostscript/%{built_version}/lib/ -%{_libdir}/libgs.so.* -%{_libdir}/ghostscript/ -%{_libdir}/libijs-0.35.so - -%files devel -%defattr(-,root,root) -%{_includedir}/ghostscript/ -%{_libdir}/libgs.so -%{_includedir}/ijs/ -%{_libdir}/libijs.so -%{_libdir}/pkgconfig/ijs.pc - -%changelog diff --git a/ghostscript.changes b/ghostscript.changes index 6dcf9ff..a7211b5 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Mon Jul 18 07:28:54 UTC 2022 - Dirk Müller + +- update to 9.56.1: + * New PDF Interpreter: This is an entirely new implementation written in C + (rather than PostScript, as before) + * Calling Ghostscript via the GS API is now thread safe. The one limitation + is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, + x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be + made thread safe, due to their interaction with the X11 server, those + devices have been modified to only allow one instance in an executable. + * The PSD output device now writes ICC profiles to their output files, for + improved color fidelity. + * Our efforts in code hygiene and maintainability continue. + * The usual round of bug fixes, compatibility changes, and incremental + improvements. + * We have added the capability to build with the Tesseract OCR + engine. In such a build, new devices are available (pdfocr8/pdfocr24/ + pdfocr32) which render the output file to an image, OCR that image, and + output the image "wrapped" up as a PDF file, with the OCR generated text + information included as "invisible" text (in PDF terms, text rendering mode + 3). +- drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream + +------------------------------------------------------------------- +Mon Jul 18 06:38:01 UTC 2022 - Dirk Müller + +- use _multibuild + ------------------------------------------------------------------- Wed Apr 13 11:12:39 UTC 2022 - Dirk Müller diff --git a/ghostscript.spec b/ghostscript.spec index bf24cfa..9291ead 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,5 +1,5 @@ # -# spec file for package ghostscript +# spec file # # Copyright (c) 2022 SUSE LLC # @@ -16,90 +16,26 @@ # -Name: ghostscript -# SLE12 needs special BuildRequires. -# For suse_version values see https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto -%if 0%{?suse_version} == 1315 -# For SLE12 by default CUPS 1.7.5 is provided and alternatively CUPS 1.5.4 is provided in the "legacy" module. -# For SLE12 build it with traditional CUPS 1.5.4 to ensure it works on SLE12 both with CUPS 1.7.5 and CUPS 1.5.4 -# because libcups and libcupsimage in CUPS 1.7.5 are backward compatible with CUPS 1.5.4 so that applications -# that have been built with CUPS 1.5.4 also work under CUPS 1.7.5 but the libraries in CUPS 1.7.5 provide -# some additional functions so that applications that have been built with CUPS 1.7.5 and use those -# additional functions would not work under CUPS 1.7.5. -# Only in the Printing project for SLE12 use cups154-ddk (a sub package of the cups154-SLE12 source package): -BuildRequires: cups154-devel +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "mini" +%global psuffix -mini %else -# Anything what is not SLE12 (i.e. SLE11 and all openSUSE versions) have "normal" BuildRequires: -BuildRequires: cups-devel +%global psuffix %{nil} %endif -# dbus-1-devel is needed for "configure --enable-dbus" (see below): -BuildRequires: dbus-1-devel -BuildRequires: freetype2-devel -BuildRequires: libexpat-devel -BuildRequires: libjpeg-devel -BuildRequires: liblcms2-devel -BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libtool -BuildRequires: pkg-config -BuildRequires: update-alternatives -BuildRequires: xorg-x11-devel -BuildRequires: xorg-x11-fonts -BuildRequires: zlib-devel -# Always check if latest version of penjpeg becomes compatible with ghostscript -%if 0%{?suse_version} >= 1550 -BuildRequires: pkgconfig(libopenjp2) >= 2.3.1 -%endif -%if 0%{?suse_version} >= 1500 -BuildRequires: apparmor-abstractions -BuildRequires: apparmor-rpm-macros -%endif -Requires(post): update-alternatives -Requires(preun):update-alternatives -Summary: The Ghostscript interpreter for PostScript and PDF -License: AGPL-3.0-only -Group: Productivity/Office/Other -URL: https://www.ghostscript.com/ -# Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1). -# Version 9.15rc1 would be newer than 9.15 (run "zypper vcmp 9.15rc1 9.15") because the rpmvercmp algorithm -# would treat 9.15rc1 as 9.15.rc.1 (alphabetic and numeric sections get separated into different elements) -# and 9.15.rc.1 is newer than 9.15 (it has one more element in the list while previous elements are equal) -# so that we use an alphabetic prefix 'pre' to make it older than 9.15 (numbers are considered newer than letters). -# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" -# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers -# so that we keep additionally the previous version number to upgrade from the previous version: -# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. -#Version: 9.25pre26rc1 -Version: 9.54.0 -Release: 0 -# Normal version for Ghostscript releases is the upstream version: -# tarball_version is used below to specify the directory via "setup -n": -# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". -# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): -%define tarball_version %{version} -#define tarball_version 9.26rc1 # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): %define built_version %{version} -#define built_version 9.26 -# Source0...Source9 is for sources from upstream: -# Special URLs for Ghostscript release candidates: -# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases -# URL for Source0: -# wget -O ghostscript-9.26rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/ghostscript-9.26rc1.tar.gz -# URL for MD5 checksums: -# wget -O gs9.26rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/MD5SUMS -# MD5 checksum for Source0: 6539d5b270721938936d721f279a3520 ghostscript-9.26rc1.tar.gz -#Source0: ghostscript-%{tarball_version}.tar.gz -# Normal URLs for Ghostscript releases: -# URL for Source0: -# wget -O ghostscript-9.54.0.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/ghostscript-9.54.0.tar.gz -# URL for MD5 checksums: -# wget -O gs9540.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/MD5SUMS -# MD5 checksum for Source0: 5d571792a8eb826c9f618fb69918d9fc ghostscript-9.54.0.tar.gz -Source0: ghostscript-%{version}.tar.gz -Source1: apparmor_ghostscript +Name: ghostscript%{psuffix} +Version: 9.56.1 +Release: 0 +Summary: The Ghostscript interpreter for PostScript and PDF +License: AGPL-3.0-only +Group: Productivity/Office/Other +URL: https://www.ghostscript.com/ +# sha512:fe5a5103c081dd87cf8b3e0bbbd0df004c0e4e04e41bded7c70372916e6e26249a0e8fa434b561292964c5f3820ee6c60ef1557827a6efb5676012ccb73ded85 +Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9561/ghostscript-%{version}.tar.xz +Source10: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: @@ -111,18 +47,17 @@ Patch100: remove-zlib-h-dependency.patch # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -Patch102: CVE-2021-3781.patch -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -Patch103: CVE-2021-45949.patch +BuildRequires: freetype2-devel +BuildRequires: libjpeg-devel +BuildRequires: liblcms2-devel +BuildRequires: libpng-devel +BuildRequires: libtiff-devel +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: update-alternatives +BuildRequires: zlib-devel +Requires(post): update-alternatives +Requires(preun):update-alternatives # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -170,54 +105,49 @@ Patch103: CVE-2021-45949.patch # ghostscript-mini installed (but only the full featured ghostscript package) # because ghostscript-mini (and ghostscript-mini-devel) are not published # in openSUSE products, cf. https://build.opensuse.org/request/show/877083 -Provides: ghostscript_any -Provides: gs -Provides: gs_lib +Provides: ghostscript_any = %{version} +%if "%{flavor}" != "mini" +BuildRequires: dbus-1-devel +BuildRequires: libexpat-devel +BuildRequires: xorg-x11-devel +BuildRequires: xorg-x11-fonts +%if 0%{?suse_version} == 1315 +BuildRequires: cups154-devel +%else +BuildRequires: cups-devel +%endif +%if 0%{?suse_version} >= 1500 +BuildRequires: apparmor-abstractions +BuildRequires: apparmor-rpm-macros +%endif +%endif +# Always check if latest version of openjpeg becomes compatible with ghostscript +%if 0%{?suse_version} >= 1550 +BuildRequires: pkgconfig(libopenjp2) >= 2.3.1 +%endif +%if "%{flavor}" == "mini" +Conflicts: ghostscript +Conflicts: ghostscript-devel +Conflicts: ghostscript-library +Conflicts: ghostscript-x11 +%else +Recommends: ghostscript-x11 = %{version}-%{release} +Conflicts: ghostscript-x11 < %{version}-%{release} +Provides: gs = %{version} +Provides: gs_lib = %{version} # There is a needless requirement for pstoraster in gutenprint up to openSUSE 11.4. # Satisfy it to be backward compatible with installed gutenprint packages: Provides: pstoraster -# Replace any version of the packages ghostscript-library and ghostscript-mini silently. -# The "Obsoletes: ghostscript-mini" is intentionally unversioned because -# this package ghostscript should replace any version of ghostscript-mini. -# There is intentionally no "Provides: ghostscript-mini" here because this -# would cause a conflict when this package ghostscript should be re-replaced -# by ghostscript-library because ghostscript-library conflicts with ghostscript-mini -# so that there would be no easy way back from ghostscript to ghostscript-library. -# Different versions must be explicitly specified in Provides and Obsoletes -# to avoid a RPMLINT warning that the package obsoletes itself -# because an unversioned RPM dependency means "all versions". -# The RPM documentation http://www.rpm.org/max-rpm/s1-rpm-depend-manual-dependencies.html -# and /usr/share/doc/packages/rpm/manual/dependencies (in rpm-4.8.0 in openSUSE 11.4) -# does not show a comparison operator for "not equal" so that two obsoletes are used: +Provides: %{version} Provides: ghostscript-library = %{version} Obsoletes: ghostscript-library < %{version} -Obsoletes: ghostscript-library > %{version} +# The "Obsoletes: ghostscript-mini" is intentionally unversioned because +# this package ghostscript should replace any version of ghostscript-mini. Obsoletes: ghostscript-mini -# The ghostscript-x11 sub-package requires the exact matching version-release -# of the ghostscript main-package (see below) so that the ghostscript main-package -# should conflict with a non-matching ghostscript-x11 package to make sure -# that the ghostscript main-package is not changed without changing -# the ghostscript-x11 sub-package accordingly. -# The RPM documentation http://www.rpm.org/max-rpm/s1-rpm-depend-manual-dependencies.html -# and /usr/share/doc/packages/rpm/manual/dependencies (in rpm-4.8.0 in openSUSE 11.4) -# does not show a comparison operator for "not equal" so that two conflicts are used: -Conflicts: ghostscript-x11 < %{version}-%{release} -Conflicts: ghostscript-x11 > %{version}-%{release} -# When the ghostscript main-package is installed, usually the exact matching -# version-release of the ghostscript-x11 sub-package should be also installed: -Recommends: ghostscript-x11 = %{version}-%{release} -# When the ghostscript main-package is installed, usually the CUPS filters gstoraster and gstopxl -# should be also installed. Since version 9.10 those CUPS filters are removed from Ghostscript -# and are now provided by the binary RPM sub-package cups-filters-ghostscript -# (see the cups-filters-ghostscript sub-package description). -# No RPM requirement because Ghostscript can be used without those CUPS filters -# and cups-filters-ghostscript is only available for newer openSUSE versions -# (currently since openSUSE 12.2) but in particular not for SLE11: %if 0%{?suse_version} > 1210 Recommends: cups-filters-ghostscript %endif -# Install into this non-root directory (required when norootforbuild is used): -BuildRoot: %{_tmppath}/%{name}-%{version}-build +%endif %description Ghostscript is a package of software that provides: @@ -241,7 +171,7 @@ capabilities that appear as primitive operations in the PostScript language and in PDF. For information how to use Ghostscript see -/usr/share/ghostscript/%{version}/doc/Use.htm +%{_datadir}/ghostscript/%{version}/doc/Use.htm %package x11 Summary: X11 library for Ghostscript @@ -268,8 +198,7 @@ Requires: ghostscript = %{version}-%{release} Conflicts: ghostscript-library < %{version} Conflicts: ghostscript-library > %{version} Conflicts: ghostscript-mini -# In openSUSE:Factory (dated 22 Feb. 2012) ghostview gv and texlive-bin require ghostscript_x11 (see above): -Provides: ghostscript_x11 +Provides: ghostscript_x11 = %{version} %description x11 This package contains the X11 library which is needed @@ -300,9 +229,8 @@ Conflicts: ghostscript-mini-devel This package contains the development files for Ghostscript. %prep -# Be quiet when unpacking and -# use a directory name matching Source0 to make it work also for ghostscript-mini: -%setup -q -n ghostscript-%{tarball_version} +%setup -q -n ghostscript-%{version} + # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream @@ -312,18 +240,6 @@ This package contains the development files for Ghostscript. # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -%patch102 -p1 -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -%patch103 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig @@ -370,7 +286,7 @@ rm -rf lcms2art %build # Derive build timestamp from latest changelog entry -export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) +export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%{s}) # Set our preferred architecture-specific flags for the compiler and linker: export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC" export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC" @@ -398,50 +314,47 @@ autoreconf -fi # into the library, which is the upstream recommendation for distributions. This also allows # unbundling the 35 Postscript Standard fonts, provided by the URW font package # --without-libpaper disables libpaper support because SUSE does not have libpaper. -%define gs_font_path /usr/share/fonts/truetype:/usr/share/fonts/Type1:/usr/share/fonts/CID:/usr/share/fonts/URW +%define gs_font_path %{_datadir}/fonts/truetype:%{_datadir}/fonts/Type1:%{_datadir}/fonts/CID:%{_datadir}/fonts/URW # See http://bugs.ghostscript.com/show_bug.cgi?id=693100 export SUSE_ASNEEDED=0 -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --with-fontpath=%{gs_font_path} \ - --with-libiconv=maybe \ - --enable-freetype \ - --with-jbig2dec \ - --enable-openjpeg \ - --enable-dynamic \ - --disable-compile-inits \ - --without-local-zlib \ - --with-ijs \ - --enable-cups \ - --with-drivers=ALL \ - --with-x \ - --disable-gtk \ - --without-ufst \ - --without-luratech \ - --without-libpaper +%configure \ + --with-fontpath=%{gs_font_path} \ + --with-libiconv=maybe \ + --enable-freetype \ + --with-jbig2dec \ + --enable-openjpeg \ + --enable-dynamic \ + --disable-compile-inits \ +%if "%{flavor}" == "mini" + --without-ijs \ + --disable-cups \ + --disable-dbus \ + --without-pdftoraster \ + --with-drivers=FILES \ + --without-x \ +%else + --without-local-zlib \ + --with-ijs \ + --enable-cups \ + --with-drivers=ALL \ + --with-x \ +%endif + --disable-gtk \ + --without-ufst \ + --without-luratech \ + --without-libpaper # Make libgs.so and two programs which use it, gsx and gsc: # With --disable-gtk, gsx and gsc are identical. It provides a command line # frontend to libgs equivalent (functional and command line arguments) to # the gs binary, but uses the shared libgs instead of static linking -make so +%make_build so # Configure and make libijs (that is not done regardless whether or not --with-ijs is used above): pushd ijs ./autogen.sh autoreconf -fi -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --enable-shared \ - --disable-static -make +%configure --enable-shared --disable-static +%make_build popd %install @@ -452,7 +365,7 @@ mv %{buildroot}/%{_bindir}/{gsc,gs} rm %{buildroot}/%{_bindir}/gsx # Install libijs and its header files: pushd ijs -make install DESTDIR=%{buildroot} +%make_install popd # Remove installed ijs example client and server and its .la file: rm %{buildroot}%{_bindir}/ijs_client_example @@ -495,7 +408,7 @@ done # Do not pollute the build log file with zillions of meaningless messages: set +x cat /dev/null >catalog.devices -for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' ) +for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}%{_bindir}/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | grep -E -v '^Available devices:|^Search path:' ) do for F in $catalog_devices_source_files do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices done @@ -503,18 +416,22 @@ done # Switch back to the usual build log messages: set -x install -m 644 catalog.devices $DOCDIR -install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript +%if "%{flavor}" != "mini" +install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript +%endif # Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives -install -d %buildroot%{_sysconfdir}/alternatives +install -d %{buildroot}%{_sysconfdir}/alternatives mv %{buildroot}%{_bindir}/gs %{buildroot}%{_bindir}/gs.bin ln -sf %{_bindir}/gs.bin %{buildroot}%{_sysconfdir}/alternatives/gs ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs %post /sbin/ldconfig +%if "%{flavor}" != "mini" %if 0%{?suse_version} >= 1500 -%apparmor_reload /etc/apparmor.d/ghostscript +%apparmor_reload %{_sysconfdir}/apparmor.d/ghostscript +%endif %endif %{_sbindir}/update-alternatives \ --install %{_bindir}/gs gs %{_bindir}/gs.bin 15 @@ -528,7 +445,6 @@ if test $1 -eq 0 ; then fi %files -%defattr(-, root, root) %ghost %config %{_sysconfdir}/alternatives/gs %{_bindir}/dvipdf %{_bindir}/eps2eps @@ -557,40 +473,40 @@ fi %{_bindir}/ps2ps %{_bindir}/ps2ps2 %{_bindir}/unix-lpr.sh -%doc %{_mandir}/man1/dvipdf.1.gz -%doc %{_mandir}/man1/eps2eps.1.gz -%doc %{_mandir}/man1/gs.1.gz -%doc %{_mandir}/man1/gsbj.1.gz -%doc %{_mandir}/man1/gsdj.1.gz -%doc %{_mandir}/man1/gsdj500.1.gz -%doc %{_mandir}/man1/gslj.1.gz -%doc %{_mandir}/man1/gslp.1.gz -%doc %{_mandir}/man1/gsnd.1.gz -%doc %{_mandir}/man1/pdf2dsc.1.gz -%doc %{_mandir}/man1/pdf2ps.1.gz -%doc %{_mandir}/man1/pf2afm.1.gz -%doc %{_mandir}/man1/pfbtopfa.1.gz -%doc %{_mandir}/man1/printafm.1.gz -%doc %{_mandir}/man1/ps2ascii.1.gz -%doc %{_mandir}/man1/ps2epsi.1.gz -%doc %{_mandir}/man1/ps2pdf.1.gz -%doc %{_mandir}/man1/ps2pdf12.1.gz -%doc %{_mandir}/man1/ps2pdf13.1.gz -%doc %{_mandir}/man1/ps2pdf14.1.gz -%doc %{_mandir}/man1/ps2pdfwr.1.gz -%doc %{_mandir}/man1/ps2ps.1.gz -%doc %{_mandir}/de/man1/dvipdf.1.gz -%doc %{_mandir}/de/man1/eps2eps.1.gz -%doc %{_mandir}/de/man1/gsnd.1.gz -%doc %{_mandir}/de/man1/pdf2dsc.1.gz -%doc %{_mandir}/de/man1/pdf2ps.1.gz -%doc %{_mandir}/de/man1/printafm.1.gz -%doc %{_mandir}/de/man1/ps2ascii.1.gz -%doc %{_mandir}/de/man1/ps2pdf.1.gz -%doc %{_mandir}/de/man1/ps2pdf12.1.gz -%doc %{_mandir}/de/man1/ps2pdf13.1.gz -%doc %{_mandir}/de/man1/ps2pdf14.1.gz -%doc %{_mandir}/de/man1/ps2ps.1.gz +%{_mandir}/man1/dvipdf.1%{?ext_man} +%{_mandir}/man1/eps2eps.1%{?ext_man} +%{_mandir}/man1/gs.1%{?ext_man} +%{_mandir}/man1/gsbj.1%{?ext_man} +%{_mandir}/man1/gsdj.1%{?ext_man} +%{_mandir}/man1/gsdj500.1%{?ext_man} +%{_mandir}/man1/gslj.1%{?ext_man} +%{_mandir}/man1/gslp.1%{?ext_man} +%{_mandir}/man1/gsnd.1%{?ext_man} +%{_mandir}/man1/pdf2dsc.1%{?ext_man} +%{_mandir}/man1/pdf2ps.1%{?ext_man} +%{_mandir}/man1/pf2afm.1%{?ext_man} +%{_mandir}/man1/pfbtopfa.1%{?ext_man} +%{_mandir}/man1/printafm.1%{?ext_man} +%{_mandir}/man1/ps2ascii.1%{?ext_man} +%{_mandir}/man1/ps2epsi.1%{?ext_man} +%{_mandir}/man1/ps2pdf.1%{?ext_man} +%{_mandir}/man1/ps2pdf12.1%{?ext_man} +%{_mandir}/man1/ps2pdf13.1%{?ext_man} +%{_mandir}/man1/ps2pdf14.1%{?ext_man} +%{_mandir}/man1/ps2pdfwr.1%{?ext_man} +%{_mandir}/man1/ps2ps.1%{?ext_man} +%{_mandir}/de/man1/dvipdf.1%{?ext_man} +%{_mandir}/de/man1/eps2eps.1%{?ext_man} +%{_mandir}/de/man1/gsnd.1%{?ext_man} +%{_mandir}/de/man1/pdf2dsc.1%{?ext_man} +%{_mandir}/de/man1/pdf2ps.1%{?ext_man} +%{_mandir}/de/man1/printafm.1%{?ext_man} +%{_mandir}/de/man1/ps2ascii.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf12.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf13.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf14.1%{?ext_man} +%{_mandir}/de/man1/ps2ps.1%{?ext_man} %doc %{_defaultdocdir}/ghostscript %dir %{_datadir}/doc/ghostscript %doc %{_datadir}/doc/ghostscript/%{built_version} @@ -603,6 +519,7 @@ fi %{_libdir}/libgs.so.* %{_libdir}/ghostscript/ %{_libdir}/libijs-0.35.so +%if "%{flavor}" != "mini" %exclude %{_libdir}/ghostscript/%{built_version}/X11.so %if 0%{?suse_version} < 1500 %dir %{_sysconfdir}/apparmor.d @@ -610,11 +527,10 @@ fi %{_sysconfdir}/apparmor.d/ghostscript %files x11 -%defattr(-,root,root) %{_libdir}/ghostscript/%{built_version}/X11.so +%endif %files devel -%defattr(-,root,root) %{_includedir}/ghostscript/ %{_libdir}/libgs.so %{_includedir}/ijs/