From a5e7be73bb975ac500a137f10124f2ad88322a0781f7e877604f41496f7dcf6e Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 18 Jul 2022 14:12:49 +0000 Subject: [PATCH] Accepting request 989807 from home:dirkmueller:Factory - update to 9.56.1: * New PDF Interpreter: This is an entirely new implementation written in C (rather than PostScript, as before) * Calling Ghostscript via the GS API is now thread safe. The one limitation is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be made thread safe, due to their interaction with the X11 server, those devices have been modified to only allow one instance in an executable. * The PSD output device now writes ICC profiles to their output files, for improved color fidelity. * Our efforts in code hygiene and maintainability continue. * The usual round of bug fixes, compatibility changes, and incremental improvements. * We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/ pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3). - drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream - use _multibuild OBS-URL: https://build.opensuse.org/request/show/989807 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=155 --- CVE-2021-3781.patch | 232 ------ CVE-2021-45949.patch | 36 - _multibuild | 3 + ghostscript-9.54.0.tar.gz | 3 - ghostscript-9.56.1.tar.xz | 3 + ghostscript-mini.changes | 1441 ------------------------------------- ghostscript-mini.spec | 469 ------------ ghostscript.changes | 29 + ghostscript.spec | 364 ++++------ 9 files changed, 175 insertions(+), 2405 deletions(-) delete mode 100644 CVE-2021-3781.patch delete mode 100644 CVE-2021-45949.patch create mode 100644 _multibuild delete mode 100644 ghostscript-9.54.0.tar.gz create mode 100644 ghostscript-9.56.1.tar.xz delete mode 100644 ghostscript-mini.changes delete mode 100644 ghostscript-mini.spec diff --git a/CVE-2021-3781.patch b/CVE-2021-3781.patch deleted file mode 100644 index faa9976..0000000 --- a/CVE-2021-3781.patch +++ /dev/null @@ -1,232 +0,0 @@ -From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Tue, 7 Sep 2021 20:36:12 +0100 -Subject: [PATCH] Bug 704342: Include device specifier strings in access - validation - -for the "%pipe%", %handle%" and %printer% io devices. - -We previously validated only the part after the "%pipe%" Postscript device -specifier, but this proved insufficient. - -This rebuilds the original file name string, and validates it complete. The -slight complication for "%pipe%" is it can be reached implicitly using -"|" so we have to check both prefixes. - -Addresses CVE-2021-3781 ---- - base/gdevpipe.c | 22 +++++++++++++++- - base/gp_mshdl.c | 11 +++++++- - base/gp_msprn.c | 10 ++++++- - base/gp_os2pr.c | 13 +++++++++- - base/gslibctx.c | 69 ++++++++++--------------------------------------- - 5 files changed, 65 insertions(+), 60 deletions(-) - -diff --git a/base/gdevpipe.c b/base/gdevpipe.c -index 96d71f5d8..5bdc485be 100644 ---- a/base/gdevpipe.c -+++ b/base/gdevpipe.c -@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, - #else - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ /* The pipe device can be reached in two ways, explicltly with %pipe% -+ or implicitly with "|", so we have to check for both -+ */ -+ char f[gp_file_name_sizeof]; -+ const char *pipestr = "|"; -+ const size_t pipestrlen = strlen(pipestr); -+ const size_t preflen = strlen(iodev->dname); -+ const size_t nlen = strlen(fname); -+ int code1; -+ -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(f, iodev->dname, preflen); -+ memcpy(f + preflen, fname, nlen + 1); -+ -+ code1 = gp_validate_path(mem, f, access); -+ -+ memcpy(f, pipestr, pipestrlen); -+ memcpy(f + pipestrlen, fname, nlen + 1); - -- if (gp_validate_path(mem, fname, access) != 0) -+ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) - return gs_error_invalidfileaccess; - - /* -diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c -index 2b964ed74..8d87ceadc 100644 ---- a/base/gp_mshdl.c -+++ b/base/gp_mshdl.c -@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, - long hfile; /* Correct for Win32, may be wrong for Win64 */ - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ char f[gp_file_name_sizeof]; -+ const size_t preflen = strlen(iodev->dname); -+ const size_t nlen = strlen(fname); - -- if (gp_validate_path(mem, fname, access) != 0) -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(f, iodev->dname, preflen); -+ memcpy(f + preflen, fname, nlen + 1); -+ -+ if (gp_validate_path(mem, f, access) != 0) - return gs_error_invalidfileaccess; - - /* First we try the open_handle method. */ -diff --git a/base/gp_msprn.c b/base/gp_msprn.c -index ed4827968..746a974f7 100644 ---- a/base/gp_msprn.c -+++ b/base/gp_msprn.c -@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, - uintptr_t *ptid = &((tid_t *)(iodev->state))->tid; - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ const size_t preflen = strlen(iodev->dname); -+ const size_t nlen = strlen(fname); - -- if (gp_validate_path(mem, fname, access) != 0) -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(pname, iodev->dname, preflen); -+ memcpy(pname + preflen, fname, nlen + 1); -+ -+ if (gp_validate_path(mem, pname, access) != 0) - return gs_error_invalidfileaccess; - - /* First we try the open_printer method. */ -diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c -index f852c71fc..ba54cde66 100644 ---- a/base/gp_os2pr.c -+++ b/base/gp_os2pr.c -@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, - FILE ** pfile, char *rfname, uint rnamelen) - { - os2_printer_t *pr = (os2_printer_t *)iodev->state; -- char driver_name[256]; -+ char driver_name[gp_file_name_sizeof]; - gs_lib_ctx_t *ctx = mem->gs_lib_ctx; - gs_fs_list_t *fs = ctx->core->fs; -+ const size_t preflen = strlen(iodev->dname); -+ const int size_t = strlen(fname); -+ -+ if (preflen + nlen >= gp_file_name_sizeof) -+ return_error(gs_error_invalidaccess); -+ -+ memcpy(driver_name, iodev->dname, preflen); -+ memcpy(driver_name + preflen, fname, nlen + 1); -+ -+ if (gp_validate_path(mem, driver_name, access) != 0) -+ return gs_error_invalidfileaccess; - - /* First we try the open_printer method. */ - /* Note that the loop condition here ensures we don't -diff --git a/base/gslibctx.c b/base/gslibctx.c -index 6dfed6cd5..318039fad 100644 ---- a/base/gslibctx.c -+++ b/base/gslibctx.c -@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) - int - gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) - { -- char *fp, f[gp_file_name_sizeof]; -- const int pipe = 124; /* ASCII code for '|' */ -- const int len = strlen(fname); -- int i, code; -+ char f[gp_file_name_sizeof]; -+ int code; - - /* Be sure the string copy will fit */ -- if (len >= gp_file_name_sizeof) -+ if (strlen(fname) >= gp_file_name_sizeof) - return gs_error_rangecheck; - strcpy(f, fname); -- fp = f; - /* Try to rewrite any %d (or similar) in the string */ - rewrite_percent_specifiers(f); -- for (i = 0; i < len; i++) { -- if (f[i] == pipe) { -- fp = &f[i + 1]; -- /* Because we potentially have to check file permissions at two levels -- for the output file (gx_device_open_output_file and the low level -- fopen API, if we're using a pipe, we have to add both the full string, -- (including the '|', and just the command to which we pipe - since at -- the pipe_fopen(), the leading '|' has been stripped. -- */ -- code = gs_add_control_path(mem, gs_permit_file_writing, f); -- if (code < 0) -- return code; -- code = gs_add_control_path(mem, gs_permit_file_control, f); -- if (code < 0) -- return code; -- break; -- } -- if (!IS_WHITESPACE(f[i])) -- break; -- } -- code = gs_add_control_path(mem, gs_permit_file_control, fp); -+ -+ code = gs_add_control_path(mem, gs_permit_file_control, f); - if (code < 0) - return code; -- return gs_add_control_path(mem, gs_permit_file_writing, fp); -+ return gs_add_control_path(mem, gs_permit_file_writing, f); - } - - int - gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) - { -- char *fp, f[gp_file_name_sizeof]; -- const int pipe = 124; /* ASCII code for '|' */ -- const int len = strlen(fname); -- int i, code; -+ char f[gp_file_name_sizeof]; -+ int code; - - /* Be sure the string copy will fit */ -- if (len >= gp_file_name_sizeof) -+ if (strlen(fname) >= gp_file_name_sizeof) - return gs_error_rangecheck; - strcpy(f, fname); -- fp = f; - /* Try to rewrite any %d (or similar) in the string */ -- for (i = 0; i < len; i++) { -- if (f[i] == pipe) { -- fp = &f[i + 1]; -- /* Because we potentially have to check file permissions at two levels -- for the output file (gx_device_open_output_file and the low level -- fopen API, if we're using a pipe, we have to add both the full string, -- (including the '|', and just the command to which we pipe - since at -- the pipe_fopen(), the leading '|' has been stripped. -- */ -- code = gs_remove_control_path(mem, gs_permit_file_writing, f); -- if (code < 0) -- return code; -- code = gs_remove_control_path(mem, gs_permit_file_control, f); -- if (code < 0) -- return code; -- break; -- } -- if (!IS_WHITESPACE(f[i])) -- break; -- } -- code = gs_remove_control_path(mem, gs_permit_file_control, fp); -+ rewrite_percent_specifiers(f); -+ -+ code = gs_remove_control_path(mem, gs_permit_file_control, f); - if (code < 0) - return code; -- return gs_remove_control_path(mem, gs_permit_file_writing, fp); -+ return gs_remove_control_path(mem, gs_permit_file_writing, f); - } - - int --- -2.17.1 - diff --git a/CVE-2021-45949.patch b/CVE-2021-45949.patch deleted file mode 100644 index dd17e10..0000000 --- a/CVE-2021-45949.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- psi/zfsample.c.orig 2022-01-12 09:16:07.639604741 +0100 -+++ psi/zfsample.c 2022-01-12 09:21:45.187952236 +0100 -@@ -535,13 +535,16 @@ sampled_data_continue(i_ctx_t *i_ctx_p) - } - pop(num_out); /* Move op to base of result values */ - -+ /* From here on, we have to use ref_stack_pop() rather than pop() -+ so that it handles stack extension blocks properly, before calling -+ sampled_data_sample() which also uses the op stack. -+ */ - /* Check if we are done collecting data. */ -- - if (increment_cube_indexes(params, penum->indexes)) { - if (stack_depth_adjust == 0) -- pop(O_STACK_PAD); /* Remove spare stack space */ -+ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ - else -- pop(stack_depth_adjust - num_out); -+ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); - /* Execute the closing procedure, if given */ - code = 0; - if (esp_finish_proc != 0) -@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) - if ((O_STACK_PAD - stack_depth_adjust) < 0) { - stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); - check_op(stack_depth_adjust); -- pop(stack_depth_adjust); -+ ref_stack_pop(&o_stack, stack_depth_adjust); - } - else { - check_ostack(O_STACK_PAD - stack_depth_adjust); -- push(O_STACK_PAD - stack_depth_adjust); -+ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); - for (i=0;i + mini + diff --git a/ghostscript-9.54.0.tar.gz b/ghostscript-9.54.0.tar.gz deleted file mode 100644 index 5dbeac1..0000000 --- a/ghostscript-9.54.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0646bb97f6f4d10a763f4919c54fa28b4fbdd3dff8e7de3410431c81762cade0 -size 69936541 diff --git a/ghostscript-9.56.1.tar.xz b/ghostscript-9.56.1.tar.xz new file mode 100644 index 0000000..6e0f5ef --- /dev/null +++ b/ghostscript-9.56.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d43406805650009b42c3d5f6dc535233454533c1e27c13a77dd1d462a056b8e4 +size 62589232 diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes deleted file mode 100644 index 9411af8..0000000 --- a/ghostscript-mini.changes +++ /dev/null @@ -1,1441 +0,0 @@ -------------------------------------------------------------------- -Tue Jan 11 13:40:10 CET 2022 - jsmeix@suse.de - -- CVE-2021-45949.patch fixes CVE-2021-45949 - heap-based buffer overflow in sampled_data_finish - cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml - (bsc#1194304) -- CVE-2021-45944 use-after-free in sampled_data_sample - is already fixed in the Ghostscript 9.54.0 upstream sources - (bsc#1194303) - -------------------------------------------------------------------- -Fri Sep 10 09:37:46 CEST 2021 - jsmeix@suse.de - -- CVE-2021-3781.patch fixes CVE-2021-3781 - Trivial -dSAFER bypass - cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 - (bsc#1190381) - -------------------------------------------------------------------- -Fri May 21 13:40:56 CEST 2021 - jsmeix@suse.de - -- Version upgrade to 9.54.0 - Highlights in this release include - (excerpts from the Ghostscript upstream release summary - in https://www.ghostscript.com/doc/9.54.0/News.htm): - * The 9.54.0 release is a maintenance release, - and also adds new functionality. - * Overprint simulation is now available to all output devices, - allowing quality previewing/proofing of PostScript and - PDF jobs that rely on overprint. See the -dOverprint option - documentation in: doc/9.54.0/Use.htm#Overprint - * The "docxwrite" device adds the ability to output - to Microsoft Word "docx" format. - See: doc/9.54.0/VectorDevices.htm#DOCX - * The pdfwrite device is now capable of using the Tesseract OCR - engine when it is built into Ghostscript to improve - searchability and copy and paste functionality when the input - lacks the metadata for that purpose. - See: doc/9.54.0/VectorDevices.htm#UseOCR - * Ghostscript/GhostPDL now includes a "map text to black" - function, where text drawn by an input job (except when drawn - using a Type 3 font) can be forced to draw in solid black. - See: doc/9.54.0/Use.htm#BlackText - * Ghostscript/GhostPDL now supports simple N-up imposition - "internally". See: doc/9.54.0/Use.htm#NupControl - * Our efforts in code hygiene and maintainability continue. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - * For a list of open issues, or to report problems, please visit - bugs.ghostscript.com - For a release summary see: - https://www.ghostscript.com/doc/9.54.0/News.htm - For details see the News.htm and History9.htm files. -- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer - needed because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Wed Apr 14 11:56:22 UTC 2021 - Wolfgang Frisch - -- Hardening: compile with PIC, link as PIE - -------------------------------------------------------------------- -Fri Mar 26 13:42:05 UTC 2021 - Dominique Leuenberger - -- Do not rely on apparmor at all for the -mini flavor: - + Drop apparmor-abstraction and apparmor-rpm-macros - BuildRequires. - + Do not package apparmor files. - -------------------------------------------------------------------- -Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger - -- Do not require apparmor-abstractions: with the mini package being - used only during build (and never on end user workstations), - apparmor is not going to be enabled (build is in chroot/vm). - Keeping the dep-chain of the -mini flavor as small as possible. - -------------------------------------------------------------------- -Fri Mar 5 12:35:16 UTC 2021 - Dominique Leuenberger - -- Provide ghostscript_any by ghostscript-mini: this is a valid - replacement for consumers. - -------------------------------------------------------------------- -Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez - -- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch - fixes compilation with FreeType 2.10.3+ - http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade - c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 - -------------------------------------------------------------------- -Tue Oct 20 16:03:48 CEST 2020 - jsmeix@suse.de - -- Version upgrade to 9.53.3 - Highlights in this release include - (excerpts from the Ghostscript upstream release summary - in https://www.ghostscript.com/doc/9.53.3/News.htm): - * The 9.53.3 release is primarily maintenance. - * Issues arose with 9.53.0/1/2 that prompted the release - of a .3 patch: - A crash related to management of ICC profile objects. - A parameter type mismatch that would cause Ghostscript - to error out during initialisation, which - affected 64 big, big endian architectures. - An unexpected side effect of another change that prevented - multithreaded rendering and background rendering - from working correctly. - * The most obvious change is the (re-)introduction of the - patch level to the version number, this helps facilitate - a revised policy on handling security related issues. - To clarify: in the event we decide to release a patch revision, - it will replace the release with the previous patch number. - Release notes, highlights and warnings will remain the same, - except for the addition of whatever fix(es) prompted the patch. - * Our efforts in code hygiene and maintainability continue. - * We have added Python bindings for the gsapi interface, can be - found in demos/python. These are experimental, and we welcome - feedback from interested developers. - * For those integrating Ghostscript/GhostPDL via the gsapi - interface, we have added new capabilities to that, specifically - in terms of setting and interrogating device parameters. These, - along with the existing interface calls, are documented in: - Ghostscript Interpreter API at - https://www.ghostscript.com/doc/9.53.3/API.htm - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - * For a list of open issues, or to report problems, please visit - bugs.ghostscript.com - Incompatible changes: - * As of 9.53.0, we have (re-)introduced the patch level to the - version number, this helps facilitate a revised policy - on handling security related issues. - Note for GSView Users: The patch level addition breaks - GSView 5 (it is hardcoded to check for versions 704-999). - It is possible, but not guaranteed that a GSView update might - be forthcoming to resolve this. - For a release summary see: - https://www.ghostscript.com/doc/9.53.3/News.htm - For details see the News.htm and History9.htm files. -- CVE-2020-15900.patch is no longer needed - because it is fixed in the upstream sources. -- Ghostscript 9.53.3 fixes in particular txtwrite memory issues - (boo#1177922). - -------------------------------------------------------------------- -Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de - -- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption - cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 - (bsc#1174415) - -------------------------------------------------------------------- -Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de - -- The version upgrade to 9.52 fixes in particular - CVE-2020-12268: jbic2dec: heap-based buffer overflow - in jbig2_image_compose (bsc#1170603) -- Version upgrade to 9.52 - Highlights in this release include: - * The 9.52 release replaces the 9.51 release after a problem - was reported with 9.51 which warranted the quick turnaround. - Thus, like 9.51, 9.52 is primarily a maintenance release, - consolidating the changes we introduced in 9.50. - * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt - (the "mt" indicating "multi-thread"). - LCMS2 is not thread-safe, and cannot be made thread-safe - without breaking the ABI. Our fork will be thread-safe and - include performance enhancements (these changes have all - been offered and rejected upstream). We will maintain - compatibility between Ghostscript and LCMS2 for a time, - but not in perpetuity. If there is sufficient interest, - our fork will be available as its own package separately - from Ghostscript (and MuPDF). - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * New option -dALLOWPSTRANSPARENCY: The transparency compositor - (and related features), whilst we are improving it, remains - sensitive to being driven correctly, and incorrect use - can have unexpected/undefined results. Hence, as part of - improving security, we limited access to these operators, - originally using the -dSAFER feature. As we made "SAFER" - the default mode, that became unacceptable, hence the - new option -dALLOWPSTRANSPARENCY which enables access - to the operators, cf. - https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY - For a release summary see: - https://www.ghostscript.com/doc/9.52/News.htm - For details see the News.htm and History9.htm files. -- Version upgrade to 9.51 - Highlights in this release include: - * 9.51 is primarily a maintainance release, consolidating - the changes we introduced in 9.50. - * We have continued our work on code hygiene for this release, - with a focus on the static analysis tool Coverity - (from Synopsys, Inc) and we are now maintaining a policy of - zero Coverity issues in the Ghostscript/GhostPDL source base. - * IMPORTANT: In consultation with a representative of - OpenPrinting (http://www.openprinting.org/) it is our - intention to deprecate and, in the not distant future, - remove the OpenPrinting Vector/Raster Printer Drivers - (that is, the opvp and oprp devices). - If you rely on either of these devices, please get in touch - with us (i.e. Ghostscript upstream), so we can discuss your - use case, and revise our plans accordingly. - * We (i.e. Ghostscript upstream) are in the process of forking - LittleCMS, cf. the other release notes entries below. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - For a release summary see: - https://www.ghostscript.com/doc/9.51/News.htm - For details see the News.htm and History9.htm files. -- Version upgrade to 9.50 - Highlights in this release include: - * The change to version 9.50 follows recognition - of the extent and importance of the file access control - redesign/reimplementation outlined below. - * The file access control capability (enable with -dSAFER) - has been completely rewritten, with a ground-up rethink - of the design. For more details, see: "SAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#Safer - * It is important to note that -dSAFER now only enables the - file access controls, and no longer applies restrictions - to standard Postscript functionality (specifically, - restrictions on setpagedevice). If your application relies - on these Postscript restrictions, see "OLDSAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer - and please get in touch, as we do plan to remove those - Postscript restrictions unless we have reason not to. - IMPORTANT: File access controls are now enabled by default. - In order to run Ghostscript without these controls, - see "NOSAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer - * We (i.e. Ghostscript upstream) are in the process of forking - LittleCMS, cf. the other release notes entries below. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * There are a couple of subtle incompatibilities between the old - and new SAFER implementations. Firstly, as mentioned above, - SAFER now leaves standard Postcript functionality unchanged - (except for the file access limitations). Secondly, the - interaction with save/restore operations, see "SAFER" at - https://www.ghostscript.com/doc/9.50/Use.htm#Safer - * The following is not strictly speaking new to 9.50, - as not much has changed since 9.27 in this area, - but for those who don't upgrade with every release: - The process of "tidying" the Postscript name space should have - removed only non-standard and undocumented operators. - Nevertheless, it is possible that any integrations or utilities - that rely on those non-standard and undocumented operators - may stop working, or may change behaviour. - If you encounter such a case, please contact us - (i.e. Ghostscript upstream, either the #ghostscript IRC channel - or the gs-devel mailing list would be best), and we'll work - with you to either find an alternative solution or return the - previous functionality, if there is genuinely no other option. - One case we know this has occurred is GSView 5 (and earlier). - GSView 5 support for PDF files relied upon internal use only - features which are no longer available. GSView 5 will still - work as previously for Postscript files. For PDF files, - users are encouraged to look at MuPDF https://www.mupdf.com/ - For a release summary see: - https://www.ghostscript.com/doc/9.50/News.htm - For details see the News.htm and History9.htm files. -- CVE-2019-10216.patch - gs-CVE-2019-14811-885444fc.patch - gs-CVE-2019-14817-cd1b1cac.patch - openjpeg4gs-CVE-2018-6616-8ee33522.patch - are fixed in the version 9.52 upstream sources. - -------------------------------------------------------------------- -Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns - -- Use system openjpeg2 on Tumbleweed/Factory. - -------------------------------------------------------------------- -Mon Sep 23 08:24:49 UTC 2019 - Johannes Segitz - -- Made ghostscript profile enforcing and limit it to the ghostscript - binaries (bsc#1150338) - -------------------------------------------------------------------- -Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink - -- Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882 - for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -- Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884 - for CVE-2019-14817 - -------------------------------------------------------------------- -Fri Sep 13 14:15:10 UTC 2019 - Dr. Werner Fink - -- Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359 - for CVE-2019-12973 - -------------------------------------------------------------------- -Thu Aug 22 06:20:43 UTC 2019 - Jan Engelhardt - -- Update RPM groups. - -------------------------------------------------------------------- -Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink - -- Use update-alternatives to get the real ghostscript binary from - /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to - use this with its wrapper script - -------------------------------------------------------------------- -Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink - -- CVE-2019-10216.patch fixes CVE-2019-10216 - forceput/superexec in .buildfont1 is still accessible - https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621 - https://bugs.ghostscript.com/show_bug.cgi?id=701394 - -------------------------------------------------------------------- -Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com - -- Set AA profile to complain and added fixes for ps2epsi (boo#1134327) - -------------------------------------------------------------------- -Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de - -- Version upgrade to 9.27 - Highlights in this release include: - * We (i.e. Ghostscript upstream) have extensively cleaned up - the Postscript name space: removing access to internal and/or - undocumented Postscript operators, procedures and data. - This has benefits for security and maintainability. - Incompatible changes: - The process of "tidying" the Postscript name space should - have removed only non-standard and undocumented operators. - Nevertheless, it is possible that any integrations or - utilities that rely on those non-standard and undocumented - operators may stop working, or may change behaviour. - If you encounter such a case, please contact us (i.e. - Ghostscript upstream) - (either the #ghostscript IRC channel, - or the gs-devel mailing list would be best), and we'll work - with you to either find an alternative solution. - * Fontmap can now reference invidual fonts in a TrueType - Collection for font subsitution. Previously, a Fontmap entry - could only reference a TrueType collection and use the default - (first) font. - Now, the Fontmap syntax allows for specifying a specific index - in a TTC. See the comments at the top of (the default) - Fontmap.GS for details. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - IMPORTANT: It is our intention, within the next 12 months - (ideally sooner, in time for the next release) to make SAFER - the default mode of operation. For many users this will have - no effect, since they use SAFER explicitly, but some niche - uses which rely on SAFER being disabled may need to start - explicitly adding the "-dNOSAFER" option. - IMPORTANT: We (i.e. Ghostscript upstream) are in the process of - forking LittleCMS. LCMS2 is not thread safe, and cannot be made - thread safe without breaking the ABI. Our fork will be thread - safe, and include performance enhancements (these changes have - all be been offered and rejected upstream). We will maintain - compatibility between Ghostscript and LCMS2 for a time, but not - in perpetuity. Our fork will be available as its own package - separately from Ghostscript (and MuPDF). - For a release summary see: - http://www.ghostscript.com/doc/9.27/News.htm - For details see the News.htm and History9.htm files. - The Ghostscript 9.27 release should fix (cf. the entry below - dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means) - in particular those security issues: - * CVE-2019-3838 forceput in DefineResource is still accessible - https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186 - https://bugs.ghostscript.com/show_bug.cgi?id=700576 - * CVE-2019-3835: superexec operator is available - https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180 - https://bugs.ghostscript.com/show_bug.cgi?id=700585 -- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch - is no longer needed because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com - -- Added AA rules for dvips (bsc#1127934) -- Allow execution of dirname (bsc#1128697) -- Allow execution of hpijs (bsc#1128467). For now this is in - complain mode -- Sane profile name "ghostscript", moved profile from - /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript - (bsc#1128607) -- Improved AA packaging (bsc#1128608) - Thanks to Christian Boltz for his help - -------------------------------------------------------------------- -Fri Mar 8 10:49:18 UTC 2019 - Martin Wilck - -- Fix IJS printing problem (bsc#1128467) - * added ijs_exec_server_dont_use_sh.patch - * allow exec'ing hpijs in apparmor profile - -------------------------------------------------------------------- -Thu Feb 7 09:27:44 UTC 2019 - jsegitz@suse.com - -- Added apparmor_usr.bin.gs. This profile prevents execution of - executables to serve as hardening for the binaries that process - ghostscript. This is of limited use but prevents simple exploits. - -------------------------------------------------------------------- -Wed Jan 23 16:52:00 CET 2019 - jsmeix@suse.de - -- Version upgrade to 9.26a - The version 9.26a is a special security bugfix version to fix - * CVE-2019-6116: subroutines within pseudo-operators - must themselves be pseudo-operators - https://bugs.ghostscript.com/show_bug.cgi?id=700317 - https://bugzilla.suse.com/show_bug.cgi?id=1122319 bsc#1122319 - -------------------------------------------------------------------- -Thu Jan 10 17:09:16 UTC 2019 - jweberhofer@weberhofer.at - -- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch - fixes Ghostscript issue #700315 and bsc#1121490 - https://bugs.ghostscript.com/show_bug.cgi?id=700315 - Segfault in GS 9.26 with certain PDFs with -dLastPage=1 - -------------------------------------------------------------------- -Fri Nov 30 09:01:17 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.26 - Highlights in this release include: - * Security issues have been the primary focus of this release, - including solving several (well publicised) real and potential - exploits. - Thanks to Man Yue Mo of Semmle Security Research Team, - Jens Mueller of Ruhr-Universitaet Bochum and - Tavis Ormandy of Google's Project Zero - for their help to identify specific security issues. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - For a release summary see: - http://www.ghostscript.com/doc/9.26/News.htm - For details see the News.htm and History9.htm files. - The Ghostscript 9.26 release should fix (cf. the entry below - dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means) - in particular those security issues (bsc#1117331) - * CVE-2018-19475: psi/zdevice2.c allows attackers to bypass - intended access restrictions - https://bugs.ghostscript.com/show_bug.cgi?id=700153 - https://bugzilla.suse.com/show_bug.cgi?id=1117327 bsc#1117327 - * CVE-2018-19476: psi/zicc.c allows attackers to bypass - intended access restrictions because of a setcolorspace - type confusion - https://bugs.ghostscript.com/show_bug.cgi?id=700169 - https://bugzilla.suse.com/show_bug.cgi?id=1117313 bsc#1117313 - * CVE-2018-19477: psi/zfjbig2.c allows attackers to bypass - intended access restrictions because of a JBIG2Decode - type confusion - https://bugs.ghostscript.com/show_bug.cgi?id=700168 - https://bugzilla.suse.com/show_bug.cgi?id=1117274 bsc#1117274 - * CVE-2018-19409: LockSafetyParams is not checked correctly - if another device is used - https://bugs.ghostscript.com/show_bug.cgi?id=700176 - https://bugzilla.suse.com/show_bug.cgi?id=1117022 bsc#1117022 - and those security issues - * CVE-2018-18284: 1Policy operator gives access to .forceput - https://bugs.ghostscript.com/show_bug.cgi?id=69963 - https://bugzilla.suse.com/show_bug.cgi?id=1112229 bsc#1112229 - * CVE-2018-18073: saved execution stacks can leak operator arrays - https://bugs.ghostscript.com/show_bug.cgi?id=699927 - https://bugzilla.suse.com/show_bug.cgi?id=1111480 bsc#1111480 - * CVE-2018-17961: bypassing executeonly to escape -dSAFER sandbox - https://bugs.ghostscript.com/show_bug.cgi?id=699816 - https://bugzilla.suse.com/show_bug.cgi?id=1111479 bsc#1111479 - * CVE-2018-17183: remote attackers could be able to supply - crafted PostScript to potentially overwrite or replace - error handlers to inject code - https://bugs.ghostscript.com/show_bug.cgi?id=699708 - https://bugzilla.suse.com/show_bug.cgi?id=1109105 bsc#1109105 - -------------------------------------------------------------------- -Fri Nov 9 11:25:19 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.26rc1 (first release candidate for 9.26). - Highlights in this release include: - * Purely security and a few bug fixes, there are no new features, - and no API changes to report. - -------------------------------------------------------------------- -Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de - -- Version upgrade to 9.25 - For the highlights in this release see the highlights in the - 9.25rc1 first release candidate for 9.25 entry below. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - For a release summary see: - http://www.ghostscript.com/doc/9.25/News.htm - For details see the News.htm and History9.htm files. - The Ghostscript 9.25 release should fix (see below) - in particular those security issues: - * CVE-2018-15909: shading_param incomplete type checking - https://bugs.ghostscript.com/show_bug.cgi?id=699660 - https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172 - * CVE-2018-15908: .tempfile file permission issues - https://bugs.ghostscript.com/show_bug.cgi?id=699657 - https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171 - * CVE-2018-15910: LockDistillerParams type confusion - https://bugs.ghostscript.com/show_bug.cgi?id=699656 - https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173 - * CVE-2018-15911: uninitialized memory access in the aesdecode - https://bugs.ghostscript.com/show_bug.cgi?id=699665 - https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195 - * CVE-2018-16513: setcolor missing type check - https://bugs.ghostscript.com/show_bug.cgi?id=699655 - https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412 - * CVE-2018-16509: /invalidaccess bypass after failed restore - https://bugs.ghostscript.com/show_bug.cgi?id=699654 - https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410 - * CVE-2018-16510: Incorrect exec stack handling in the "CS" - and "SC" PDF primitives - https://bugs.ghostscript.com/show_bug.cgi?id=699671 - https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411 - * CVE-2018-16542: .definemodifiedfont memory corruption - if /typecheck is handled - https://bugs.ghostscript.com/show_bug.cgi?id=699668 - https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413 - * CVE-2018-16541 incorrect free logic in pagedevice replacement - https://bugs.ghostscript.com/show_bug.cgi?id=699664 - https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421 - * CVE-2018-16540 use-after-free in copydevice handling - https://bugs.ghostscript.com/show_bug.cgi?id=699661 - https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420 - * CVE-2018-16539: incorrect access checking in temp file - handling to disclose contents of files - https://bugs.ghostscript.com/show_bug.cgi?id=699658 - https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422 - * CVE-2018-16543: gssetresolution and gsgetresolution allow - for unspecified impact - https://bugs.ghostscript.com/show_bug.cgi?id=699670 - https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423 - * CVE-2018-16511: type confusion in "ztype" could be used by - remote attackers able to supply crafted PostScript to crash - the interpreter or possibly have unspecified other impact - https://bugs.ghostscript.com/show_bug.cgi?id=699659 - https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426 - * CVE-2018-16585 .setdistillerkeys PostScript command is - accepted even though it is not intended for use - https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581 - * CVE-2018-16802: Incorrect"restoration of privilege" checking - when running out of stack during exceptionhandling could be - used by attackers able to supply crafted PostScript to execute - code using the "pipe" instruction. This is due to an incomplete - fix for CVE-2018-16509 - https://bugs.ghostscript.com/show_bug.cgi?id=699714 - https://bugs.ghostscript.com/show_bug.cgi?id=699718 - https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027 - Regarding what the above "should fix" means: - PostScript is a general purpose Turing-complete programming - language (cf. https://en.wikipedia.org/wiki/PostScript) - that supports in particular file access on the system disk. - When Ghostscript processes PostScript it runs a PostScript - program as the user who runs Ghostscript. - When Ghostscript processes an arbitrary PostScript file, - the user who runs Ghostscript runs an arbitrary program - which can do anything on the system where Ghostscript runs - that this user is allowed to do on that system. - To make it safer when Ghostscript runs a PostScript program - the Ghostscript command line option '-dSAFER' disables - certain file access functionality, for details see - /usr/share/doc/ghostscript/9.25/Use.htm - Its name 'SAFER' says everything: It makes it 'safer' - to let Ghostscript run a PostScript program, - but it does not make it completely safe. - In theory software is safe against misuse (i.e. has no bugs). - In practice there is an endless sequence of various kind of - security issues (i.e. software can be misused to do more than - what is intended) that get fixed issue by issue ad infinitum. - In the end all that means: - In practice the user who runs Ghostscript must not let it - process arbitrary PostScript files from untrusted origin. - In particular Ghostscript is usually run when printing - documents (with the '-dSAFER' option set), see the part about - "It is crucial to limit access to CUPS to trusted users" in - https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings - -------------------------------------------------------------------- -Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de - -- Version upgrade to 9.25rc1 (first release candidate for 9.25). - Highlights in this release include: - * This release fixes problems with argument handling, some - unintended results of the security fixes to the SAFER file - access restrictions (specifically accessing ICC profile files), - and some additional security issues over the 9.24 release. - * Security issues have been the primary focus of this release, - including solving several (well publicised) real - and potential exploits. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - * Avoid that ps2epsi fails with - 'Error: /undefined in --setpagedevice--' - Recent changes required to harden SAFER mode mean that - it is no longer possible to run ps2epsi in SAFER mode, - because it relies upon unsafe Ghostscript non-standard - extension operators. - Removing SAFER and DELAYSAFER, and the code to reset SAFER, - allow ps2epsi to run as well as it ever did (ie badly). - This program (i.e. ps2epsi) should now be considered unsafe, - you should not use it on untrusted PostScript programs. - Likely we (i.e. Ghostscript upstream) will deprecate and - remove this program in future. - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Thu Sep 13 10:25:21 CEST 2018 - jsmeix@suse.de - -- Version upgrade to 9.24 - Highlights in this release include: - * Security issues have been the primary focus of this release, - including solving several (well publicised) - real and potential exploits. - PLEASE NOTE: - We (i.e. Ghostscript upstream) strongly urge users to upgrade - to this latest release to avoid these issues. - * As well as Ghostscript itself, jbig2dec has had a significant - amount of work improving its robustness in the face of - out specification files. - * IMPORTANT: We (i.e. Ghostscript upstream) are in the process - of forking LittleCMS. LCMS2 is not thread safe, and cannot - be made thread safe without breaking the ABI. Our fork - will be thread safe, and include performance enhancements - (these changes have all be been offered and rejected upstream). - We will maintain compatibility between Ghostscript and LCMS2 - for a time, but not in perpetuity. Our fork will be available - as its own package separately from Ghostscript (and MuPDF). - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - For a release summary see: - http://www.ghostscript.com/doc/9.24/News.htm - For details see the News.htm and History9.htm files. -- fix_ln_docdir_gsdatadir.patch is no longer needed - because the issue is fixed in the upstream sources. -- CVE-2018-10194.patch is no longer needed - because the issue is fixed in the upstream sources. - -------------------------------------------------------------------- -Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de - -- CVE-2018-10194.patch fixes stack-based buffer overflow - in gdevpdts.c (bsc#1090099), see - https://bugs.ghostscript.com/show_bug.cgi?id=699255 and - http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 - -------------------------------------------------------------------- -Thu Mar 22 12:51:39 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.23 - Highlights in this release include: - * Ghostscript now has a family of 'pdfimage' devices - (pdfimage8, pdfimage24 and pdfimage32) which produce - rendered output wrapped up as an image in a PDF. - Additionally, there is a 'pclm' device which - produces PCLm format output. - * There is now a ColorAccuracy parameter allowing the user - to decide between speed or accuracy in ICC color transforms. - * JPEG Passthrough: devices which support it can now receive - the 'raw' JPEG stream from the interpreter. - The main use of this is the pdfwrite/ps2write family of devices - that can now take JPEG streams from the input file(s) and write - them unchanged to the output (thus avoiding additional - quantization effects). - * PDF transparency performance improvements - * IMPORTANT: We (i.e. Ghostscript upstream) are in the process - of forking LittleCMS. - LCMS2 is not thread safe, and cannot be made thread safe - without breaking the ABI. Our fork will be thread safe, - and include performance enhancements (these changes have all - be been offered and rejected upstream). We will maintain - compatibility between Ghostscript and LCMS2 for a time, - but not in perpetuity. Our fork will be available as its own - package separately from Ghostscript (and MuPDF). - * We have continued the focus on code hygiene in this release - cleaning up security issues, ignored return values, - and compiler warnings. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes - * The planned device API tidy has, unfortunately, been - indefinitely postponed, until appropriate resources - are available. - For a release summary see: - http://www.ghostscript.com/doc/9.23/News.htm - For details see the News.htm and History9.htm files. - See also the entries below since "Version upgrade to 9.22" - (boo#1082896 and boo#1074266). - -------------------------------------------------------------------- -Fri Mar 16 12:39:36 CET 2018 - jsmeix@suse.de - -- For now use lcms2 from SUSE because that is what currently - Ghostscript upstream recommends according to - https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html - because since Ghostscript 9.23rc1 there is no longer lcms2 - in Ghostscript but now it is lcms2art which is the beginning - of a lcms2 fork, see News.htm that reads in particular - "LCMS2 is not thread safe ... Our fork will be thread safe ... - We will maintain compatibility between Ghostscript and LCMS2 - for a time, but not in perpetuity", see also - https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c14 -- On SLE11 and on SLE12-SP1 there is liblcms2-2-2.5 - which is too old so that configure fails there with - configure: error: lcms2 not found, or too old - but there is no configure option to build it without lcms2 - so that for SLE11 and SLE12-SP1 it is built with - the lcms2art in Ghostscript. -- ppc64le-support.patch is no longer needed because it only - contained a fix for lcms2art/include/lcms2art.h in Ghostscript - but currently lcms2 from SUSE is used instead (see above). -- Do no longer require any fonts packages in particular - neither require ghostscript-fonts-std because the PostScript - Base35 fonts are provided by Ghostscript (in 'Resource') - nor require ghostscript-fonts-other (provides Bitream Charter, - Adobe Utopia, URW Antiqua, URW Grotesq and Hershey fonts where - all but the last are also provided by texlive--fonts) and - those fonts are not required for PostScript compliance, see - https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c13 - -------------------------------------------------------------------- -Thu Mar 15 11:19:33 CET 2018 - jsmeix@suse.de - -- Version upgrade to 9.23rc1 (first release candidate for 9.23). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- Adapted ppc64le-support.patch: In Ghostscript 9.23 there is now - lcms2art/include/lcms2art.h (instead of lcms2/include/lcms2.h). -- ghostscript-fix-debug-use.patch is no longer needed - because the issue is fixed in the upstream sources. -- fix_ln_docdir_gsdatadir.patch avoids - "base/unixinst.mak:162: recipe for target 'install-doc' failed" -- Adapted spec file to the new Ghostscript upstream documentation - directory /usr/share/doc/ghostscript/9.23/ - -------------------------------------------------------------------- -Wed Feb 28 00:14:31 UTC 2018 - stefan.bruens@rwth-aachen.de - -- Use -p /sbin/ldconfig instead of shell post(un) scriptlet, drop - explicit Prereq for ldconfig -- Use shared libgs library for gs binary instead of static linked - version -- Use --disable-compile-inits, to allow unbundling of Resource files -- Remove --disable-omni switch, has been removed in GS 9.20 -- Keep patch ordering in full/mini consistent -- Remove patch backup files to avoid packaging - -------------------------------------------------------------------- -Tue Feb 27 14:55:51 CET 2018 - novell@mirell.de - -- Add ghostscript-fix-debug-use.patch from upstream to fix broken - printing with some drivers (especially Dell Printers) from - https://bugs.ghostscript.com/show_bug.cgi?id=698837 -- Fix build for SLE targets - -------------------------------------------------------------------- -Wed Nov 29 16:04:48 CET 2017 - jsmeix@suse.de - -- Version upgrade to 9.22. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * Ghostscript can now consume and produce (via the pdfwrite - device) PDF 2.0 compliant files. - * The main focus of this release has been security and code - cleanliness. Hence many AddressSanitizer, Valgrind and - Coverity issues have been addressed. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes - * The planned device API tidy (still!) did not happen for - this release, due to time pressures, but we still intend - to undertake the following: We plan to somewhat tidy up - the device API. We intend to remove deprecated device procs - (methods/function pointers) and change the device API - so every device proc takes a graphics state parameter - (rather than the current scheme where only a very few procs - take an imager state parameter). This should serve as notice - to anyone maintaining a Ghostscript device outside the - canonical source tree that you may (probably will) need - to update your device(s) when these changes happen. - Devices using only the non-deprecated procs should be - trivial to update. -- Up to 9.22rc1 it "just built" for all openSUSE versions but - since 9.22rc2 the libijs part does no longer buid for any - released openSUSE version where if fails with messages like - libtool: Version mismatch error. - This is libtool 2.4.6 Debian-2.4.6-2, but the - definition of this LT_INIT comes from libtool 2.4.2. - You should recreate aclocal.m4 with macros from - libtool 2.4.6 Debian-2.4.6-2 and run autoconf again. - Makefile: recipe for target 'ijs.lo' failed - so that currently it only builds for Tumbleweed/Factory. - Presumably it is not too complicated to make it build again - also for released openSUSE versions but currently I have - less than zero energy to fix such "latest breaking changes" - so that for now Ghostscript 9.22 is only provided for - openSUSE Tumbleweed/Factory and the upcoming SLE15/Leap15. - -------------------------------------------------------------------- -Fri Sep 29 09:12:06 CEST 2017 - jsmeix@suse.de - -- Version upgrade to 9.22rc2 (second release candidate for 9.22). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Thu Sep 14 15:19:40 CEST 2017 - jsmeix@suse.de - -- Version upgrade to 9.22rc1 (first release candidate for 9.22). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- Since Ghostscript 9.22rc1 font2c and wftopfa are removed. -- CVE-2017-5951.patch CVE-2017-7207.patch - CVE-2017-8291.patch and CVE-2017-9216.patch - are fixed in the version 9.22rc1 upstream sources. - -------------------------------------------------------------------- -Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com - -- CVE-2017-7207.patch fixes a NULL pointer dereference - in mem_get_bits_rectangle - see https://bugs.ghostscript.com/show_bug.cgi?id=697676 - (bsc#1030263) -- CVE-2017-9216.patch fixes a NULL pointer dereference - in jbig2_huffman_get - see https://bugs.ghostscript.com/show_bug.cgi?id=697934 - (bsc#1040643) - -------------------------------------------------------------------- -Tue May 2 14:27:22 CEST 2017 - jsmeix@suse.de - -- CVE-2017-8291.patch fixes - a type confusion in .rsdparams and .eqproc - see https://bugs.ghostscript.com/show_bug.cgi?id=697808 - and https://bugs.ghostscript.com/show_bug.cgi?id=697799 - (bsc#1036453). - -------------------------------------------------------------------- -Wed Apr 12 11:12:27 CEST 2017 - jsmeix@suse.de - -- CVE-2016-10317 (bsc#1032230) - heap buffer overflow in fill_threshhold_buffer() - is not yet fixed because there is no fix available at - https://bugs.ghostscript.com/show_bug.cgi?id=697459 -- CVE-2016-10219 (bsc#1032138) - divide by zero in intersect() - https://bugs.ghostscript.com/show_bug.cgi?id=697453 - is fixed in the version 9.21 upstream sources -- CVE-2016-10218 (bsc#1032135) - null pointer dereference in pdf14_pop_transparency_group() - https://bugs.ghostscript.com/show_bug.cgi?id=697444 - is fixed in the version 9.21 upstream sources. -- CVE-2016-10217 (bsc#1032130) - use-after-free in pdf14_cleanup_parent_color_profiles() - that is related to pdf14_open() in base/gdevp14.c - https://bugs.ghostscript.com/show_bug.cgi?id=697456 - is fixed in the version 9.21 upstream sources. -- CVE-2016-10220 (bsc#1032120) - null pointer dereference in gx_device_finalize() that is - related to gs_makewordimagedevice() in base/gsdevmem.c - https://bugs.ghostscript.com/show_bug.cgi?id=697450 - is fixed in the version 9.21 upstream sources. -- CVE-2017-5951.patch fixes - null pointer dereference in ref_stack_index() that is - related to mem_get_bits_rectangle() in base/gdevmem.c - https://bugs.ghostscript.com/show_bug.cgi?id=697548 - (bsc#1032114) - -------------------------------------------------------------------- -Mon Apr 10 14:06:09 CEST 2017 - jsmeix@suse.de - -- Version upgrade to 9.21. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * pdfwrite now preserves annotations from - input PDFs (where possible). - * The GhostXPS interpreter now provides the pdfwrite device - with the data it requires to emit a ToUnicode CMap: thus - allowing fully searchable PDFs to be created from XPS - input (in the vast majority of cases). - * Ghostscript now allows the default color space - for PDF transparency blends. - * The Ghostscript/GhostPDL configure script now has much - better/fuller support for cross compiling. - * The tiffscaled and tiffscaled4 devices can now - use ETS (Even Tone Screening) - * The toolbin/pdf_info.ps utility can now emit - the PDF XML metadata. - * Ghostscript has a new scan converter available - (currently optional, but will become the default in a near - future release). It can be enabled by using the command line - option: '-dSCANCONVERTERTYPE=2'. This new implementation - provides vastly improved performance with large and complex - paths. - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * The planned device API tidy (still!) did not happen for - this release, due to time pressures, but we still intend - to undertake the following: We plan to somewhat tidy up - the device API. We intend to remove deprecated device - procs (methods/function pointers) and change the device API - so every device proc takes a graphics state parameter - (rather than the current scheme where only a very few procs - take an imager state parameter). This should serve as notice - to anyone maintaining a Ghostscript device outside the - canonical source tree that you may (probably will) need to - update your device(s) when these changes happen. Devices using - only the non-deprecated procs should be trivial to update. -- CVE-2016-7976.patch and CVE-2016-7977.patch and - CVE-2016-7978.patch and CVE-2016-7979.patch and - CVE-2016-8602.patch are no longer needed because - those issues are fixed in the upstream sources. -- 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch - and - 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch - are no longer needed because both are included - in the upstream sources, see the upstream issue - https://bugs.ghostscript.com/show_bug.cgi?id=697484 -- Again use the zlib sources from Ghostscript upstream - and disable remove-zlib-h-dependency.patch because - Ghostscript 9.21 does no longer build this way, - cf. the entry below dated "Wed Nov 18 11:46:58 UTC 2015" - -------------------------------------------------------------------- -Thu Jan 12 17:13:58 UTC 2017 - stefan.bruens@rwth-aachen.de - -- Set SOURCE_DATE_EPOCH based on changelog head -- Add 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch - * Use SOURCE_DATE_EPOCH for mkromfs output for reproducible build -- Add 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch - * Sort ROM contents for deterministic output - -------------------------------------------------------------------- -Mon Oct 17 13:36:57 CEST 2016 - jsmeix@suse.de - -- CVE-2013-5653 (getenv and filenameforall ignore -dSAFER) - is fixed in the Ghostscript 9.20 upstream sources - see http://bugs.ghostscript.com/show_bug.cgi?id=694724 - (bsc#1001951). -- CVE-2016-7976.patch fixes that - various userparams allow %pipe% in paths, allowing - remote shell command execution - see http://bugs.ghostscript.com/show_bug.cgi?id=697178 - (bsc#1001951). -- CVE-2016-7977.patch fixes that - .libfile doesn't check PermitFileReading array, allowing - remote file disclosure - see http://bugs.ghostscript.com/show_bug.cgi?id=697169 - (bsc#1001951). -- CVE-2016-7978.patch fixes that - reference leak in .setdevice allows - use-after-free and remote code execution - see http://bugs.ghostscript.com/show_bug.cgi?id=697179 - (bsc#1001951). -- CVE-2016-7979.patch fixes that - type confusion in .initialize_dsc_parser allows - remote code execution - see http://bugs.ghostscript.com/show_bug.cgi?id=697190 - (bsc#1001951). -- CVE-2016-8602.patch fixes a NULL dereference in .sethalftone5 - see http://bugs.ghostscript.com/show_bug.cgi?id=697203 - (bsc#1004237). - -------------------------------------------------------------------- -Thu Sep 29 14:40:38 CEST 2016 - jsmeix@suse.de - -- Version upgrade to 9.20. Purely a maintenance release. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * The usual round of bug fixes, compatibility changes, - and incremental improvements. - Incompatible changes: - * The planned device API tidy did not happen for this release, - due to time pressures, but we still intend to undertake the - following: We plan to somewhat tidy up the device API. - We intend to remove deprecated device procs - (methods/function pointers) and change the device API - so every device proc takes a graphics state parameter (rather - than the current scheme where only a very few procs take an - imager state parameter). This should serve as notice to anyone - maintaining a Ghostscript device outside the canonical source - tree that you may (probably will) need to update your - device(s) when these changes happen. Devices using only - the non-deprecated procs should be trivial to update. - -------------------------------------------------------------------- -Thu Sep 15 10:12:03 CEST 2016 - jsmeix@suse.de - -- Version upgrade to 9.20rc1 (first release candidate for 9.20). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Wed Mar 23 15:43:27 CET 2016 - jsmeix@suse.de - -- Version upgrade to 9.19. Mainly a maintenance release. - For details see the News.htm and History9.htm files. - Highlights in this release include: - * Metadata pdfmark is now implemented. This allows the user - to specify an XMP stream which will be written to the - Catalog of the PDF file. A new pdfmark 'Ext_Metadata' has - been defined. This takes a string parameter which contains - XML to be add to the XMP normally created by pdfwrite. - See "pdfwrite pdfmark extensions" for more information. - * An experimental, rudimentary raster trapping implementation - has been added to the Ghostscript graphics library. - See "Trapping" for details. - Incompatible changes: - * (Minor) API change: copy_alpha now supports 8 bit depth - (as well as the previous 2 and 4). - * The gs man pages are woefully out of date and basically - unmaintained. With the release following 9.19, we intend - to replace their contents with a very limited summary - of (unlikely to ever change aspects of) calling - Ghostscript, and a pointer to the (maintained) HTML - documentation. That is, unless a volunteer is willing - to update, and commit to maintaining the man pages. - * ijs-config is no longer provided - Planned incompatible changes: - * We plan (ideally for the release following 9.19) to somewhat - tidy up the device API. We plan to remove deprecated device - procs (methods/function pointers). We also intend to merge - the imager state and graphics state (thus eliminating the - imager state), and change the device API so every device proc - takes a graphics state parameter (rather than the current - scheme where only a very few procs take an imager state - parameter). This should serve as notice to anyone maintaining - a Ghostscript device outside the canonical source tree that - you may (probably will) need to update your device(s) when - these changes happen. Devices using only the non-deprecated - procs should be trivial to update. -- fix_make_install.patch fixes and - add_brackets_for_old_autoconf.patch are no longer needed - because both issues are fixed in the upstream sources. - -------------------------------------------------------------------- -Fri Mar 18 10:13:23 CET 2016 - jsmeix@suse.de - -- Version upgrade to 9.19rc1 (first release candidate for 9.19). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- ijs-config is no longer provided -- fix_make_install.patch fixes an install error and - add_brackets_for_old_autoconf.patch fixes an autoconf error - see http://bugs.ghostscript.com/show_bug.cgi?id=696665 -- fix_ijs_and_x11_for_FirstPage_and_LastPage.patch is no longer - needed because it is fixed in the upstream sources. -- install_gserrors.h.patch is no longer needed because it is fixed - in the upstream sources. - -------------------------------------------------------------------- -Wed Nov 18 11:46:58 UTC 2015 - schwab@suse.de - -- Do not use library sources for freetype jpeg libpng tiff zlib - from the Ghostscript upstream tarball because we prefer to use - for long-established standard libraries the ones from SUSE - in particular to automatically get SUSE security updates - for standard libraries. - In contrast we use e.g. lcms2 from the Ghostscript upstream - tarball because this one is specially modified to work with - Ghostscript so that we cannot use lcms2 from SUSE. -- remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h - in makefiles as we do not use the zlib sources from the - Ghostscript upstream tarball. - -------------------------------------------------------------------- -Thu Nov 5 13:33:14 CET 2015 - jsmeix@suse.de - -- An incompatible change appeared when building other software - with Ghostscript 9.18. - Since version 9.18 Ghostscript does no longer provide - e_ (e.g. e_NeedInput) in its header files - (gserrors.h and ierrors.h). - When building other software with Ghostscript 9.18 - gs_error_ (e.g. gs_error_NeedInput) - must be used, see boo#953149 and - http://bugs.ghostscript.com/show_bug.cgi?id=696317 - -------------------------------------------------------------------- -Fri Oct 30 11:28:14 CET 2015 - jsmeix@suse.de - -- install_gserrors.h.patch installs gserrors.h to fix - http://bugs.ghostscript.com/show_bug.cgi?id=696301 - because without gserrors.h several other packages fail to build - (in particular texlive, libspectre, gimp,...). - -------------------------------------------------------------------- -Mon Oct 12 10:26:52 CEST 2015 - jsmeix@suse.de - -- fix_ijs_and_x11_for_FirstPage_and_LastPage.patch - fixes the Ghostscript device ijs and the x11* devices - so that they also work when -dFirstPage/-dLastPage is used, - see http://bugs.ghostscript.com/show_bug.cgi?id=696246 - -------------------------------------------------------------------- -Tue Oct 6 10:21:22 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.18. A maintenance release. - There are no recorded incompatible changes (as of this writing). - Highlights in this release include: - * A substantial revision of the build system and GhostPDL - directory structure. Ghostscript-only users should - not be affected by this change. - * A new method of internally inserting devices into the device - chain has been developed, named "device subclassing". - This allows suitably written devices to be more easily and - consistently as "filter" devices. - The first fruit of this is a new implementation of - the "-dFirstPage"/"-dLastPage" feature which functions - a device filter in the Ghostscript graphics library, meaning - it works consistently with all input languages. - * Plus the usual round of bug fixes, compatibility changes, - and incremental improvements. - See http://www.ghostscript.com/doc/9.18/News.htm - For details see the News.htm and History9.htm files. - -------------------------------------------------------------------- -Tue Sep 29 11:05:48 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.18rc2 (second release candidate for 9.18). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- assign_pointer_not_value_in_gximono.c.patch is no longer needed - because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Thu Sep 24 10:29:04 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.18rc1 (first release candidate for 9.18). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing -- CVE-2015-3228.patch is no longer needed because it is fixed - in the upstream sources. -- assign_pointer_not_value_in_gximono.c.patch attempts to fix a - "assignment makes pointer from integer without a cast" compiler - warning by assigning the pointer and not the integer value. -- Removed --disable-compile-inits from configure, see - http://bugs.ghostscript.com/show_bug.cgi?id=696223 - and "Precompiled run-time data" in - /usr/share/ghostscript/9.18/doc/Make.htm - -------------------------------------------------------------------- -Wed Jul 29 15:20:46 CEST 2015 - jsmeix@suse.de - -- CVE-2015-3228.patch fixes out of bound read/write cause - by integer overflow in gsmalloc.c (boo#939342). - -------------------------------------------------------------------- -Tue Mar 31 10:18:06 CEST 2015 - jsmeix@suse.de - -- Version upgrade to 9.16. Primarily a maintenance release. - There are no recorded incompatible changes (as of this writing). - Highlights in this release include: - * "LockColorants" command line option for tiffsep and psdcmyk - devices. - * Improved high level devices handling of Forms. - See http://www.ghostscript.com/doc/9.16/News.htm - For details see the News.htm and History9.htm files. -- fix.including.pread.pwrite.pthread_mutexattr_settype.diff - is no longer needed because it is fixed in the upstream sources. - -------------------------------------------------------------------- -Wed Mar 25 12:38:16 CET 2015 - jsmeix@suse.de - -- fix.including.pread.pwrite.pthread_mutexattr_settype.diff - fixes on SLE11 implicit declaration of function warnings - for 'pread' 'pwrite' 'pthread_mutexattr_settype' see - http://bugs.ghostscript.com/show_bug.cgi?id=695882 -- ppc64le-support.patch is a remainder of the previous patch - now the hunk for LCMS (lcms/include/lcms.h) is removed - because LCMS 1.x is removed since Ghostscript 9.16 - but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed - see http://bugs.ghostscript.com/show_bug.cgi?id=695544 - -------------------------------------------------------------------- -Fri Mar 20 17:12:34 CET 2015 - jsmeix@suse.de - -- Version upgrade to 9.16rc2 (second release candidate for 9.16). - For details see the News.htm and History9.htm files. - Regarding installing packages (in particular release candidates) - from the openSUSE build service development project "Printing" - see https://build.opensuse.org/project/show/Printing - -------------------------------------------------------------------- -Sun Sep 28 18:00:37 CEST 2014 - ro@suse.de - -- readd ppc64le patch ppc64le-support.patch (adapted for lcms2 in - Ghostscript version 9.15): the tests in lcms2.h cannot work - without "include " that is now added and - regardless that lcms is not used by default (unless the - configure option --with-lcms is set), lcms is again fixed - (see http://bugs.ghostscript.com/show_bug.cgi?id=695544). - -------------------------------------------------------------------- -Tue Sep 23 10:14:28 CEST 2014 - jsmeix@suse.de - -- Version upgrade to 9.15. Primarily a maintenance release. - There are no recorded incompatible changes (as of this writing). - Highlights in this release include: - * Ghostscript now supports the PDF security handler revision 6. - * The pdfwrite and ps2write (and related) devices can now be - forced to "flatten" glyphs into "basic" marking operations - (rather than writing fonts to the output), by giving - the -dNoOutputFonts command line option (defaults to "false"). - * PostScript programs can now use get_params or get_param to - determine if a page contains color markings by reading the - pageneutralcolor state from the device (so whether the page - is "color" or "mono"). Note that this is only accurate when in - clist mode, so -dMaxBitmap=0 and -dGrayDetection=true should - both be used. - * The pdfwrite device now supports Link annotations with GoTo - and GoToR actions. - * The pdfwrite device now supports BMC/BDC/EMC pdfmarks - * Regarding the new color management for the pdfwrite device - introduced in the previous release, the proscription on using - the new color management when producing PDF/A-1 compliant files - is now lifted. To reiterate, also, with the new color - management implementation, using the UseCIEColor option is - strongly discouraged. For further information on the new - pdfwrite color management, see in Ps2pdf.htm the - "Color Conversion and Management" section. - * Plus the usual round of bug fixes, compatibility changes, - and incremental improvements. - For details see the News.htm and History9.htm files. - -------------------------------------------------------------------- -Wed Sep 17 12:17:47 CEST 2014 - jsmeix@suse.de - -- Version upgrade to 9.15rc2 (second release candidate for 9.15). - Ghostscript upstream QA highlighted a couple of issues - that they felt warranted a fresh release candidate. - For details see the History9.htm file. - -------------------------------------------------------------------- -Tue Sep 9 16:06:31 CEST 2014 - jsmeix@suse.de - -- Version upgrade to 9.15rc1 (first release candidate for 9.15). - For details see the News.htm and History9.htm files. -- ppc64le-support.patch is no longer needed because - it is fixed in the upstream sources. -- Removed trailing whitespaces in spec file and changes file. - -------------------------------------------------------------------- -Mon Aug 18 15:12:28 UTC 2014 - meissner@suse.com - -- gs does not seem to require libopenssl-devel for building. - -------------------------------------------------------------------- -Thu Mar 27 12:21:55 CET 2014 - jsmeix@suse.de - -- Version upgrade to 9.14. Primarily a maintenance release. - Highlights in this release include (excerpt): - * pdfwrite now uses the same color management engine as - Ghostscript rendering devices (by default LCMS2). For - the duration of this release a new switch -dPDFUseOldCMS - is available which will restore the old color management. - See: "Color Conversion and Management" in Ps2pdf.htm - Due to constraints of the PDF/A-1 specification, the new color - management does not yet apply when producing PDF/A files. - * A new device 'eps2write' has been added which allows for the - creation of EPS files using the ps2write device instead of - the deprecated and removed pswrite device. The epswrite device - is now also deprecated and will be removed in a future release. - * Ghostscript has a new "pwgraster" output device for PWG Raster - output. - * The CUPS device now has improved support for PPD-less printing. - For details see the News.htm and History9.htm files. - -------------------------------------------------------------------- -Fri Dec 13 19:09:12 UTC 2013 - uweigand@de.ibm.com - -- ppc64le-support.patch from IBM fixes endianness - in lcms (the Little-CMS library) to support the new - architecture ppc64le (IBM Power PC Little Endian architecture) - because ppc64 is big-endian and ppc64le is little-endian - and lcms has a hard-coded check that assumes PowerPC - is always big-endian which is incorrect on ppc64le. - The fix is already in the main Little-CMS repository - by this Git commit - https://github.com/mm2/Little-CMS/commit/b4f5c91a2c1582bd284f0d0f49cb43e2c2235a79 - (There are some cosmetic changes in the upstream patch.) - It is not yet in the imported copy in Ghostscript. - IBM will work with upstream to get the fix imported too. - -------------------------------------------------------------------- -Tue Sep 3 16:26:46 CEST 2013 - jsmeix@suse.de - -- Version upgrade to 9.10. Primarily a maintenance release. - Highlights in this release include: - * LittleCMS2 and libpng have both been updated to the - latest versions. - * The URW Postscript font set has been updated to the - latest version, fixing many compatibility problems - with the Adobe fonts. - * The CUPS filters gstoraster and gstopxl have been - removed from Ghostscript. Those filters are now provided by - cups-filters (a free software package hosted by OpenPrinting) - that contains all CUPS filters needed by CUPS under Linux - (see also the openSUSE issue bnc#735404 comment#44 at - https://bugzilla.novell.com/show_bug.cgi?id=735404#c44). - For details see the News.htm and History9.htm files. -- fix-undefined-operation.patch is no longer needed because - it is fixed in the upstream sources. - -------------------------------------------------------------------- -Thu Aug 29 15:06:13 CEST 2013 - jsmeix@suse.de - -- Version upgrade to 9.10rc1 (release candidate for the 9.10 version). - For details see the News.htm and History9.htm files. -- Prepare spec files to build both releases and release candidates - easily in the future by using special different version strings. -- fix-undefined-operation.patch fixes - http://bugs.ghostscript.com/show_bug.cgi?id=694546 -- Removed BuildRequires for liblcms-devel because it is not needed - when we build Ghostscript that works in compliance with upstream - (see https://bugzilla.novell.com/show_bug.cgi?id=828751#c5). - -------------------------------------------------------------------- -Wed Mar 27 07:58:08 UTC 2013 - mmeister@suse.com - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -------------------------------------------------------------------- -Tue Feb 19 13:51:06 CET 2013 - jsmeix@suse.de - -- Version upgrade to 9.07. - * As of this release (9.07), Ghostscript is distributed - under the GNU Affero General Public License (AGPL). - * Ghostscript has been extended to support file sizes >4Gb - in particular reading and writing PDF files. - * Color management enhancements. Full details of the color - management features can be found in: GS9_Color_Management.pdf - * The pdfwrite devices now supports linearized (or optimized - for fast web view) output directly ("-dFastWebView"). - * With the addition of linearisation to pdfwrite, pdfopt.ps - has become redundant. Since it is difficult to maintain, - has a number of bugs, and is believed not to work properly - anyway, it is removed. Accordingly the pdfopt shell script - that used pdfopt.ps is also removed. - -------------------------------------------------------------------- -Thu Jan 3 11:58:51 CET 2013 - jsmeix@suse.de - -- Provide libijs (that is not done via "configure --with-ijs") - because libijs is needed by the pdftoijs filter in the - cups-filters package (see the README file in cups-filters). - -------------------------------------------------------------------- -Thu Sep 27 12:02:51 UTC 2012 - mmeister@suse.com - -- Version upgrade to 9.06. Mainly a bugfix release. - * pdfwrite announcements: - pdfwrite now supports the creation of PDF/A-2 files. - For further details see the NEWS file. - * removed moribund dumphint tool, see History9.htm and - http://bugs.ghostscript.com/show_bug.cgi?id=693223 - -------------------------------------------------------------------- -Mon Sep 24 10:44:57 UTC 2012 - idonmez@suse.com - -- "export SUSE_ASNEEDED=0" disables -Wl,--as-needed linker flags, - see http://bugs.ghostscript.com/show_bug.cgi?id=693100 - -------------------------------------------------------------------- -Thu May 10 15:49:33 CEST 2012 - jsmeix@suse.de - -- Require Ghostscript's font packages because the - Ghostscript package provides the "Fontmap" file - /usr/share/ghostscript//Resource/Init/Fontmap.GS - which lists Ghostscript's fonts but the fonts itself - are provided in the separated packages ghostscript-fonts-std - and ghostscript-fonts-other so that a RPM requirement - is needed to make sure that Ghostscript has its fonts. -- Extract the catalog of devices which are actually built-in - in exactly this Ghostscript and provide it as catalog.devices - in the Ghostscript package. - -------------------------------------------------------------------- -Tue Apr 24 14:30:45 CEST 2012 - jsmeix@suse.de - -- Install documentation which is not installed by default - (LICENSE doc/AUTHORS doc/COPYING doc/thirdparty.htm - doc/WhatIsGS.htm doc/GS9_Color_Management.pdf - doc/gs-vms.hlp doc/Ps2ps2.htm). -- Add a link from SUSE's usual documentation directory - (/usr/share/doc/packages/ghostscript/) to Ghostscript's - documentation directory (/usr/share/ghostscript/9.05/doc/) - because "configure --docdir=..." does not work. -- Let ghostscript-mini "Conflicts: ghostscript-library". - -------------------------------------------------------------------- -Wed Mar 28 10:59:21 CEST 2012 - jsmeix@suse.de - -- Require only the basic fonts for Ghostscript - (package ghostscript-fonts-std) but do not recommend - optional fonts (package ghostscript-fonts-other). - -------------------------------------------------------------------- -Fri Mar 23 11:32:28 CET 2012 - jsmeix@suse.de - -- Cleaned up BuildRequires. -- Explicitly specify configure --with-* versus --without-* - in ghostscript.spec versus ghostscript-mini.spec - to make the differences clear. - -------------------------------------------------------------------- -Tue Mar 20 16:07:56 CET 2012 - jsmeix@suse.de - -- Initial ghostscript-mini package. - diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec deleted file mode 100644 index 897e9f1..0000000 --- a/ghostscript-mini.spec +++ /dev/null @@ -1,469 +0,0 @@ -# -# spec file for package ghostscript-mini -# -# Copyright (c) 2022 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - - -Name: ghostscript-mini -BuildRequires: freetype2-devel -BuildRequires: libjpeg-devel -BuildRequires: liblcms2-devel -BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libtool -BuildRequires: pkg-config -BuildRequires: update-alternatives -BuildRequires: zlib-devel -Requires(post): update-alternatives -Requires(preun):update-alternatives -Summary: Minimal Ghostscript for minimal build requirements -License: AGPL-3.0-only -Group: Productivity/Office/Other -URL: https://www.ghostscript.com/ -# Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1). -# Version 9.15rc1 would be newer than 9.15 (run "zypper vcmp 9.15rc1 9.15") because the rpmvercmp algorithm -# would treat 9.15rc1 as 9.15.rc.1 (alphabetic and numeric sections get separated into different elements) -# and 9.15.rc.1 is newer than 9.15 (it has one more element in the list while previous elements are equal) -# so that we use an alphabetic prefix 'pre' to make it older than 9.15 (numbers are considered newer than letters). -# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" -# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers -# so that we keep additionally the previous version number to upgrade from the previous version: -# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. -#Version: 9.25pre26rc1 -Version: 9.54.0 -Release: 0 -# Normal version for Ghostscript releases is the upstream version: -# tarball_version is used below to specify the directory via "setup -n": -# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". -# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): -%define tarball_version %{version} -#define tarball_version 9.26rc1 -# built_version is used below in the install and files sections: -# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". -# For Ghostscript releases built_version and version are the same (i.e. the upstream version): -%define built_version %{version} -#define built_version 9.26 -# Source0...Source9 is for sources from upstream: -# Special URLs for Ghostscript release candidates: -# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases -# URL for Source0: -# wget -O ghostscript-9.26rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/ghostscript-9.26rc1.tar.gz -# URL for MD5 checksums: -# wget -O gs9.26rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/MD5SUMS -# MD5 checksum for Source0: 6539d5b270721938936d721f279a3520 ghostscript-9.26rc1.tar.gz -#Source0: ghostscript-%{tarball_version}.tar.gz -# Normal URLs for Ghostscript releases: -# URL for Source0: -# wget -O ghostscript-9.54.0.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/ghostscript-9.54.0.tar.gz -# URL for MD5 checksums: -# wget -O gs9540.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/MD5SUMS -# MD5 checksum for Source0: 5d571792a8eb826c9f618fb69918d9fc ghostscript-9.54.0.tar.gz -Source0: ghostscript-%{version}.tar.gz -Source1: apparmor_ghostscript -# Patch0...Patch9 is for patches from upstream: -# Source10...Source99 is for sources from SUSE which are intended for upstream: -# Patch10...Patch99 is for patches from SUSE which are intended for upstream: -# Source100...Source999 is for sources from SUSE which are not intended for upstream: -# Patch100...Patch999 is for patches from SUSE which are not intended for upstream: -# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h -# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: -Patch100: remove-zlib-h-dependency.patch -# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem -# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): -Patch101: ijs_exec_server_dont_use_sh.patch -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -Patch102: CVE-2021-3781.patch -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -Patch103: CVE-2021-45949.patch -# RPM dependencies: -# The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" -# so other packages can build with any available Ghostscript implementation, -# either ghostscript or ghostscript-mini ("BuildRequires: ghostscript-mini" should not -# be used because ghostscript-mini does not exist outside of OBS so other packages that -# use "BuildRequires: ghostscript-mini" could not be built in published products). -# The "Provides: ghostscript_any" does not affect end-users who should not get -# ghostscript-mini installed (but only the full featured ghostscript package) -# because ghostscript-mini (and ghostscript-mini-devel) are not published -# in openSUSE products, cf. https://build.opensuse.org/request/show/877083 -Provides: ghostscript_any = %{version} -Conflicts: ghostscript -Conflicts: ghostscript-devel -Conflicts: ghostscript-library -Conflicts: ghostscript-x11 -# Install into this non-root directory (required when norootforbuild is used): -BuildRoot: %{_tmppath}/%{name}-%{version}-build - -%description -Crippled Minimal Ghostscript which is not meant -to be used by end-users. - -Minimal Ghostscript provides only the file format drivers -in particular to output JPEG PNG PostScript and PDF files -but no printer drivers (in particular neither 'cups' -nor 'ijs') and no X11 drivers. - -The ghostscript-mini package is only meant to be used -by the openSUSE build service to avoid possible loops -in the build dependencies because ghostscript-mini -has minimal build dependencies (in particular -neither CUPS nor X11 build dependencies). - -For most packages which need to only run -Ghostscript during build, a single line -"BuildRequires: ghostscript-mini" -should be sufficient in the RPM spec file. - -For most packages which need Ghostscript -development files to build, a single line -"BuildRequires: ghostscript-mini-devel" -should be sufficient in the RPM spec file. - -The ghostscript-mini package in the openSUSE build -service contains no sources and it must not contain -any source files. The ghostscript-mini package is only -a link to its matching ghostscript "parent" package. -Only that ghostscript package must contain all sources -and any changes must happen only for that ghostscript -package. This means any changes for the ghostscript-mini -package will be rejected in the openSUSE build service. - -%package devel -Summary: Development files for Minimal Ghostscript -Group: Development/Libraries/C and C++ -Requires: ghostscript-mini = %{version} -Conflicts: ghostscript -Conflicts: ghostscript-devel -Conflicts: ghostscript-library -Conflicts: ghostscript-x11 - -%description devel -This package contains the development files for Minimal Ghostscript. - -%prep -# Be quiet when unpacking and -# use a directory name matching Source0 to make it work also for ghostscript-mini: -%setup -q -n ghostscript-%{tarball_version} -# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h -# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. -# Again use the zlib sources from Ghostscript upstream -# and disable remove-zlib-h-dependency.patch because -# Ghostscript 9.21 does no longer build this way: -#patch100 -p1 -b remove-zlib-h-dependency.orig -# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem -# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): -%patch101 -p1 -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -%patch102 -p1 -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -%patch103 -# Remove patch backup files to avoid packaging -# cf. https://build.opensuse.org/request/show/581052 -rm -f Resource/Init/*.ps.orig -# Do not use the freetype jpeg libpng tiff zlib sources from the Ghostscript upstream tarball -# because we prefer to use for long-established standard libraries the ones from SUSE -# in particular to automatically get SUSE security updates for standard libraries. -# In contrast we use e.g. lcms2 from the Ghostscript upstream tarball because this one -# is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE: -#rm -rf freetype jpeg libpng tiff zlib -# Again use the zlib sources from Ghostscript upstream -# and disable remove-zlib-h-dependency.patch because -# Ghostscript 9.21 does no longer build this way: -%if 0%{?suse_version} == 1315 -# Again use the freetype sources from Ghostscript upstream because -# Ghostscript 9.27 does no longer build this way for SLE12: -rm -rf jpeg libpng tiff -%else -rm -rf freetype jpeg libpng tiff -%endif -%if 0%{?suse_version} >= 1550 -rm -rf openjpeg -%endif -# In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1 -# because that is what Ghostscript upstream recommends according to -# https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html -# because singe Ghostscript 9.23rc1 there is no longer lcms2 in Ghostscript -# but now it is lcms2art (the beginning of a lcms2 fork - see News.htm). -# On SLE11 and on SLE12-SP1 there is liblcms2-2-2.5 -# which is too old so that configure fails there with -# checking for local lcms2 library source... no -# checking for system lcms2 library... checking for _cmsCreateMutex in -llcms2... no -# configure: error: lcms2 not found, or too old -# (on SLE12-SP2 there is liblcms2-2-2.7 which is not too old) -# but there is no configure option to build it without lcms2 -# so that for SLE11 and SLE12-SP1 it is built with lcms2art in Ghostscript -# i.e. lcms2art in Ghostscript is only removed when not SLE11 or SLE12-SP1 -# cf. https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto -%if 0%{?suse_version} == 1110 || 0%{?sle_version} == 120100 -echo "Building it with lcms2art in Ghostscript" -%else -rm -rf lcms2art -%endif - -%build -# Derive build timestamp from latest changelog entry -export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) -# Set our preferred architecture-specific flags for the compiler and linker: -export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC" -export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC" -export LDFLAGS="-pie" -autoreconf -fi -# --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used. -# --disable-cups and --without-pdftoraster -# to have nothing related to CUPS in the minimal Ghostscript. -# --disable-dbus to have nothing related to D-Bus in the minimal Ghostscript. -# --without-ijs to disable IJS printer driver support in the minimal Ghostscript. -# --with-drivers=FILES to have only the file format drivers -# but no printer drivers in the minimal Ghostscript. -# --without-x to not use the X Window System. -# --enable-openjpeg because since Ghostscript 9.05 JasPer is deprecated -# (--without-jasper is now an unrecognized option by configure) -# and Ghostscript now ships modified OpenJPEG sources for JPEG2000 decoding -# (replacing JasPer - although JasPer is still included for this release) -# Performance, reliability and memory use whilst decoding JPX streams are all improved. -# see also http://bugs.ghostscript.com/show_bug.cgi?id=691430 -# --without-ufst and --without-luratech because those are relevant to commercial releases only -# which would require a commercial license. -# --disable-compile-inits to disable compiling of resources (Fonts, init postscript files, ...) -# into the library, which is the upstream recommendation for distributions. This also allows -# unbundling the 35 Postscript Standard fonts, provided by the URW font package -# --without-libpaper disables libpaper support because SUSE does not have libpaper. -%define gs_font_path /usr/share/fonts/truetype:/usr/share/fonts/Type1:/usr/share/fonts/CID:/usr/share/fonts/URW -# See http://bugs.ghostscript.com/show_bug.cgi?id=693100 -export SUSE_ASNEEDED=0 -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --with-fontpath=%{gs_font_path} \ - --with-libiconv=maybe \ - --enable-freetype \ - --with-jbig2dec \ - --enable-openjpeg \ - --enable-dynamic \ - --disable-compile-inits \ - --without-ijs \ - --disable-cups \ - --disable-dbus \ - --without-pdftoraster \ - --with-drivers=FILES \ - --without-x \ - --disable-gtk \ - --without-ufst \ - --without-luratech \ - --without-libpaper - -# Make libgs.so and two programs which use it, gsx and gsc: -# With --disable-gtk, gsx and gsc are identical. It provides a command line -# frontend to libgs equivalent (functional and command line arguments) to -# the gs binary, but uses the shared libgs instead of static linking -make so -# Configure and make libijs (that is not done regardless whether or not --with-ijs is used above): -pushd ijs -./autogen.sh -autoreconf -fi -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --enable-shared \ - --disable-static -make -popd - -%install -# Install libgs.so gsx gsc and some header files: -make soinstall DESTDIR=%{buildroot} -# Use gsc instead of gs, and remove duplicate gsx (see above) -mv %{buildroot}/%{_bindir}/{gsc,gs} -rm %{buildroot}/%{_bindir}/gsx -# Install libijs and its header files: -pushd ijs -make install DESTDIR=%{buildroot} -popd -# Remove installed ijs example client and server and its .la file: -rm %{buildroot}%{_bindir}/ijs_client_example -rm %{buildroot}%{_bindir}/ijs_server_example -rm %{buildroot}%{_libdir}/libijs.la -# Install examples: -EXAMPLESDIR=%{buildroot}%{_datadir}/ghostscript/%{built_version}/examples -test -d $EXAMPLESDIR || install -d $EXAMPLESDIR -for E in examples/* -do install -m 644 $E $EXAMPLESDIR || : -done -test -d $EXAMPLESDIR/cjk || install -d $EXAMPLESDIR/cjk -for E in examples/cjk/* -do install -m 644 $E $EXAMPLESDIR/cjk || : -done -# Install documentation which is not installed by default -# see http://bugs.ghostscript.com/show_bug.cgi?id=693002 -# and fail intentionally as notification if something changed: -DOCDIR=%{buildroot}%{_datadir}/doc/ghostscript/%{built_version} -for D in LICENSE -do test -e $DOCDIR/$( basename $D ) && exit 99 - install -m 644 $D $DOCDIR -done -# Add a link named 'ghostscript' from SUSE's usual documentation directory /usr/share/doc/packages -# with link target Ghostscript's documentation directory e.g. /usr/share/doc/ghostscript/9.23 -# as relative link to get the link independent of the buildroot prefix -# i.e. in /usr/share/doc/packages add the link ghostscript -> ../ghostscript/9.23 -# because "configure --docdir=%%{_defaultdocdir}/%%{name}" does not work (see above): -install -d -m 755 %{buildroot}%{_defaultdocdir} -pushd %{buildroot}%{_defaultdocdir} -ln -s ../ghostscript/%{built_version} ghostscript -popd -# Extract the catalog of devices which are actually built-in in exactly this Ghostscript: -# If a needed source file is no longer accessible fail intentionally as notification -# that something changed which needs adaptions here: -catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak" -for F in $catalog_devices_source_files -do test -r $F || exit 99 -done -# Do not pollute the build log file with zillions of meaningless messages: -set +x -cat /dev/null >catalog.devices -for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' ) -do for F in $catalog_devices_source_files - do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices - done -done -# Switch back to the usual build log messages: -set -x -install -m 644 catalog.devices $DOCDIR - -# Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives -install -d %buildroot%{_sysconfdir}/alternatives -mv %{buildroot}%{_bindir}/gs %{buildroot}%{_bindir}/gs.bin -ln -sf %{_bindir}/gs.bin %{buildroot}%{_sysconfdir}/alternatives/gs -ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs - -%post -/sbin/ldconfig -%{_sbindir}/update-alternatives \ - --install %{_bindir}/gs gs %{_bindir}/gs.bin 15 - -%postun -p /sbin/ldconfig - -%preun -if test $1 -eq 0 ; then - %{_sbindir}/update-alternatives \ - --remove gs %{_bindir}/gs.bin -fi - -%files -%defattr(-, root, root) -%ghost %config %{_sysconfdir}/alternatives/gs -%{_bindir}/dvipdf -%{_bindir}/eps2eps -%{_bindir}/gs -%{_bindir}/gs.bin -%{_bindir}/gsbj -%{_bindir}/gsdj -%{_bindir}/gsdj500 -%{_bindir}/gslj -%{_bindir}/gslp -%{_bindir}/gsnd -%{_bindir}/lprsetup.sh -%{_bindir}/pdf2dsc -%{_bindir}/pdf2ps -%{_bindir}/pf2afm -%{_bindir}/pfbtopfa -%{_bindir}/pphs -%{_bindir}/printafm -%{_bindir}/ps2ascii -%{_bindir}/ps2epsi -%{_bindir}/ps2pdf -%{_bindir}/ps2pdf12 -%{_bindir}/ps2pdf13 -%{_bindir}/ps2pdf14 -%{_bindir}/ps2pdfwr -%{_bindir}/ps2ps -%{_bindir}/ps2ps2 -%{_bindir}/unix-lpr.sh -%doc %{_mandir}/man1/dvipdf.1.gz -%doc %{_mandir}/man1/eps2eps.1.gz -%doc %{_mandir}/man1/gs.1.gz -%doc %{_mandir}/man1/gsbj.1.gz -%doc %{_mandir}/man1/gsdj.1.gz -%doc %{_mandir}/man1/gsdj500.1.gz -%doc %{_mandir}/man1/gslj.1.gz -%doc %{_mandir}/man1/gslp.1.gz -%doc %{_mandir}/man1/gsnd.1.gz -%doc %{_mandir}/man1/pdf2dsc.1.gz -%doc %{_mandir}/man1/pdf2ps.1.gz -%doc %{_mandir}/man1/pf2afm.1.gz -%doc %{_mandir}/man1/pfbtopfa.1.gz -%doc %{_mandir}/man1/printafm.1.gz -%doc %{_mandir}/man1/ps2ascii.1.gz -%doc %{_mandir}/man1/ps2epsi.1.gz -%doc %{_mandir}/man1/ps2pdf.1.gz -%doc %{_mandir}/man1/ps2pdf12.1.gz -%doc %{_mandir}/man1/ps2pdf13.1.gz -%doc %{_mandir}/man1/ps2pdf14.1.gz -%doc %{_mandir}/man1/ps2pdfwr.1.gz -%doc %{_mandir}/man1/ps2ps.1.gz -%doc %{_mandir}/de/man1/dvipdf.1.gz -%doc %{_mandir}/de/man1/eps2eps.1.gz -%doc %{_mandir}/de/man1/gsnd.1.gz -%doc %{_mandir}/de/man1/pdf2dsc.1.gz -%doc %{_mandir}/de/man1/pdf2ps.1.gz -%doc %{_mandir}/de/man1/printafm.1.gz -%doc %{_mandir}/de/man1/ps2ascii.1.gz -%doc %{_mandir}/de/man1/ps2pdf.1.gz -%doc %{_mandir}/de/man1/ps2pdf12.1.gz -%doc %{_mandir}/de/man1/ps2pdf13.1.gz -%doc %{_mandir}/de/man1/ps2pdf14.1.gz -%doc %{_mandir}/de/man1/ps2ps.1.gz -%doc %{_defaultdocdir}/ghostscript -%dir %{_datadir}/doc/ghostscript -%doc %{_datadir}/doc/ghostscript/%{built_version} -%dir %{_datadir}/ghostscript -%dir %{_datadir}/ghostscript/%{built_version} -%{_datadir}/ghostscript/%{built_version}/Resource -%{_datadir}/ghostscript/%{built_version}/iccprofiles -%{_datadir}/ghostscript/%{built_version}/examples/ -%{_datadir}/ghostscript/%{built_version}/lib/ -%{_libdir}/libgs.so.* -%{_libdir}/ghostscript/ -%{_libdir}/libijs-0.35.so - -%files devel -%defattr(-,root,root) -%{_includedir}/ghostscript/ -%{_libdir}/libgs.so -%{_includedir}/ijs/ -%{_libdir}/libijs.so -%{_libdir}/pkgconfig/ijs.pc - -%changelog diff --git a/ghostscript.changes b/ghostscript.changes index 6dcf9ff..a7211b5 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Mon Jul 18 07:28:54 UTC 2022 - Dirk Müller + +- update to 9.56.1: + * New PDF Interpreter: This is an entirely new implementation written in C + (rather than PostScript, as before) + * Calling Ghostscript via the GS API is now thread safe. The one limitation + is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, + x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be + made thread safe, due to their interaction with the X11 server, those + devices have been modified to only allow one instance in an executable. + * The PSD output device now writes ICC profiles to their output files, for + improved color fidelity. + * Our efforts in code hygiene and maintainability continue. + * The usual round of bug fixes, compatibility changes, and incremental + improvements. + * We have added the capability to build with the Tesseract OCR + engine. In such a build, new devices are available (pdfocr8/pdfocr24/ + pdfocr32) which render the output file to an image, OCR that image, and + output the image "wrapped" up as a PDF file, with the OCR generated text + information included as "invisible" text (in PDF terms, text rendering mode + 3). +- drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream + +------------------------------------------------------------------- +Mon Jul 18 06:38:01 UTC 2022 - Dirk Müller + +- use _multibuild + ------------------------------------------------------------------- Wed Apr 13 11:12:39 UTC 2022 - Dirk Müller diff --git a/ghostscript.spec b/ghostscript.spec index bf24cfa..9291ead 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,5 +1,5 @@ # -# spec file for package ghostscript +# spec file # # Copyright (c) 2022 SUSE LLC # @@ -16,90 +16,26 @@ # -Name: ghostscript -# SLE12 needs special BuildRequires. -# For suse_version values see https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto -%if 0%{?suse_version} == 1315 -# For SLE12 by default CUPS 1.7.5 is provided and alternatively CUPS 1.5.4 is provided in the "legacy" module. -# For SLE12 build it with traditional CUPS 1.5.4 to ensure it works on SLE12 both with CUPS 1.7.5 and CUPS 1.5.4 -# because libcups and libcupsimage in CUPS 1.7.5 are backward compatible with CUPS 1.5.4 so that applications -# that have been built with CUPS 1.5.4 also work under CUPS 1.7.5 but the libraries in CUPS 1.7.5 provide -# some additional functions so that applications that have been built with CUPS 1.7.5 and use those -# additional functions would not work under CUPS 1.7.5. -# Only in the Printing project for SLE12 use cups154-ddk (a sub package of the cups154-SLE12 source package): -BuildRequires: cups154-devel +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "mini" +%global psuffix -mini %else -# Anything what is not SLE12 (i.e. SLE11 and all openSUSE versions) have "normal" BuildRequires: -BuildRequires: cups-devel +%global psuffix %{nil} %endif -# dbus-1-devel is needed for "configure --enable-dbus" (see below): -BuildRequires: dbus-1-devel -BuildRequires: freetype2-devel -BuildRequires: libexpat-devel -BuildRequires: libjpeg-devel -BuildRequires: liblcms2-devel -BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libtool -BuildRequires: pkg-config -BuildRequires: update-alternatives -BuildRequires: xorg-x11-devel -BuildRequires: xorg-x11-fonts -BuildRequires: zlib-devel -# Always check if latest version of penjpeg becomes compatible with ghostscript -%if 0%{?suse_version} >= 1550 -BuildRequires: pkgconfig(libopenjp2) >= 2.3.1 -%endif -%if 0%{?suse_version} >= 1500 -BuildRequires: apparmor-abstractions -BuildRequires: apparmor-rpm-macros -%endif -Requires(post): update-alternatives -Requires(preun):update-alternatives -Summary: The Ghostscript interpreter for PostScript and PDF -License: AGPL-3.0-only -Group: Productivity/Office/Other -URL: https://www.ghostscript.com/ -# Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1). -# Version 9.15rc1 would be newer than 9.15 (run "zypper vcmp 9.15rc1 9.15") because the rpmvercmp algorithm -# would treat 9.15rc1 as 9.15.rc.1 (alphabetic and numeric sections get separated into different elements) -# and 9.15.rc.1 is newer than 9.15 (it has one more element in the list while previous elements are equal) -# so that we use an alphabetic prefix 'pre' to make it older than 9.15 (numbers are considered newer than letters). -# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" -# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers -# so that we keep additionally the previous version number to upgrade from the previous version: -# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. -#Version: 9.25pre26rc1 -Version: 9.54.0 -Release: 0 -# Normal version for Ghostscript releases is the upstream version: -# tarball_version is used below to specify the directory via "setup -n": -# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". -# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): -%define tarball_version %{version} -#define tarball_version 9.26rc1 # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): %define built_version %{version} -#define built_version 9.26 -# Source0...Source9 is for sources from upstream: -# Special URLs for Ghostscript release candidates: -# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases -# URL for Source0: -# wget -O ghostscript-9.26rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/ghostscript-9.26rc1.tar.gz -# URL for MD5 checksums: -# wget -O gs9.26rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/MD5SUMS -# MD5 checksum for Source0: 6539d5b270721938936d721f279a3520 ghostscript-9.26rc1.tar.gz -#Source0: ghostscript-%{tarball_version}.tar.gz -# Normal URLs for Ghostscript releases: -# URL for Source0: -# wget -O ghostscript-9.54.0.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/ghostscript-9.54.0.tar.gz -# URL for MD5 checksums: -# wget -O gs9540.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9540/MD5SUMS -# MD5 checksum for Source0: 5d571792a8eb826c9f618fb69918d9fc ghostscript-9.54.0.tar.gz -Source0: ghostscript-%{version}.tar.gz -Source1: apparmor_ghostscript +Name: ghostscript%{psuffix} +Version: 9.56.1 +Release: 0 +Summary: The Ghostscript interpreter for PostScript and PDF +License: AGPL-3.0-only +Group: Productivity/Office/Other +URL: https://www.ghostscript.com/ +# sha512:fe5a5103c081dd87cf8b3e0bbbd0df004c0e4e04e41bded7c70372916e6e26249a0e8fa434b561292964c5f3820ee6c60ef1557827a6efb5676012ccb73ded85 +Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9561/ghostscript-%{version}.tar.xz +Source10: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: @@ -111,18 +47,17 @@ Patch100: remove-zlib-h-dependency.patch # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -Patch102: CVE-2021-3781.patch -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -Patch103: CVE-2021-45949.patch +BuildRequires: freetype2-devel +BuildRequires: libjpeg-devel +BuildRequires: liblcms2-devel +BuildRequires: libpng-devel +BuildRequires: libtiff-devel +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: update-alternatives +BuildRequires: zlib-devel +Requires(post): update-alternatives +Requires(preun):update-alternatives # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -170,54 +105,49 @@ Patch103: CVE-2021-45949.patch # ghostscript-mini installed (but only the full featured ghostscript package) # because ghostscript-mini (and ghostscript-mini-devel) are not published # in openSUSE products, cf. https://build.opensuse.org/request/show/877083 -Provides: ghostscript_any -Provides: gs -Provides: gs_lib +Provides: ghostscript_any = %{version} +%if "%{flavor}" != "mini" +BuildRequires: dbus-1-devel +BuildRequires: libexpat-devel +BuildRequires: xorg-x11-devel +BuildRequires: xorg-x11-fonts +%if 0%{?suse_version} == 1315 +BuildRequires: cups154-devel +%else +BuildRequires: cups-devel +%endif +%if 0%{?suse_version} >= 1500 +BuildRequires: apparmor-abstractions +BuildRequires: apparmor-rpm-macros +%endif +%endif +# Always check if latest version of openjpeg becomes compatible with ghostscript +%if 0%{?suse_version} >= 1550 +BuildRequires: pkgconfig(libopenjp2) >= 2.3.1 +%endif +%if "%{flavor}" == "mini" +Conflicts: ghostscript +Conflicts: ghostscript-devel +Conflicts: ghostscript-library +Conflicts: ghostscript-x11 +%else +Recommends: ghostscript-x11 = %{version}-%{release} +Conflicts: ghostscript-x11 < %{version}-%{release} +Provides: gs = %{version} +Provides: gs_lib = %{version} # There is a needless requirement for pstoraster in gutenprint up to openSUSE 11.4. # Satisfy it to be backward compatible with installed gutenprint packages: Provides: pstoraster -# Replace any version of the packages ghostscript-library and ghostscript-mini silently. -# The "Obsoletes: ghostscript-mini" is intentionally unversioned because -# this package ghostscript should replace any version of ghostscript-mini. -# There is intentionally no "Provides: ghostscript-mini" here because this -# would cause a conflict when this package ghostscript should be re-replaced -# by ghostscript-library because ghostscript-library conflicts with ghostscript-mini -# so that there would be no easy way back from ghostscript to ghostscript-library. -# Different versions must be explicitly specified in Provides and Obsoletes -# to avoid a RPMLINT warning that the package obsoletes itself -# because an unversioned RPM dependency means "all versions". -# The RPM documentation http://www.rpm.org/max-rpm/s1-rpm-depend-manual-dependencies.html -# and /usr/share/doc/packages/rpm/manual/dependencies (in rpm-4.8.0 in openSUSE 11.4) -# does not show a comparison operator for "not equal" so that two obsoletes are used: +Provides: %{version} Provides: ghostscript-library = %{version} Obsoletes: ghostscript-library < %{version} -Obsoletes: ghostscript-library > %{version} +# The "Obsoletes: ghostscript-mini" is intentionally unversioned because +# this package ghostscript should replace any version of ghostscript-mini. Obsoletes: ghostscript-mini -# The ghostscript-x11 sub-package requires the exact matching version-release -# of the ghostscript main-package (see below) so that the ghostscript main-package -# should conflict with a non-matching ghostscript-x11 package to make sure -# that the ghostscript main-package is not changed without changing -# the ghostscript-x11 sub-package accordingly. -# The RPM documentation http://www.rpm.org/max-rpm/s1-rpm-depend-manual-dependencies.html -# and /usr/share/doc/packages/rpm/manual/dependencies (in rpm-4.8.0 in openSUSE 11.4) -# does not show a comparison operator for "not equal" so that two conflicts are used: -Conflicts: ghostscript-x11 < %{version}-%{release} -Conflicts: ghostscript-x11 > %{version}-%{release} -# When the ghostscript main-package is installed, usually the exact matching -# version-release of the ghostscript-x11 sub-package should be also installed: -Recommends: ghostscript-x11 = %{version}-%{release} -# When the ghostscript main-package is installed, usually the CUPS filters gstoraster and gstopxl -# should be also installed. Since version 9.10 those CUPS filters are removed from Ghostscript -# and are now provided by the binary RPM sub-package cups-filters-ghostscript -# (see the cups-filters-ghostscript sub-package description). -# No RPM requirement because Ghostscript can be used without those CUPS filters -# and cups-filters-ghostscript is only available for newer openSUSE versions -# (currently since openSUSE 12.2) but in particular not for SLE11: %if 0%{?suse_version} > 1210 Recommends: cups-filters-ghostscript %endif -# Install into this non-root directory (required when norootforbuild is used): -BuildRoot: %{_tmppath}/%{name}-%{version}-build +%endif %description Ghostscript is a package of software that provides: @@ -241,7 +171,7 @@ capabilities that appear as primitive operations in the PostScript language and in PDF. For information how to use Ghostscript see -/usr/share/ghostscript/%{version}/doc/Use.htm +%{_datadir}/ghostscript/%{version}/doc/Use.htm %package x11 Summary: X11 library for Ghostscript @@ -268,8 +198,7 @@ Requires: ghostscript = %{version}-%{release} Conflicts: ghostscript-library < %{version} Conflicts: ghostscript-library > %{version} Conflicts: ghostscript-mini -# In openSUSE:Factory (dated 22 Feb. 2012) ghostview gv and texlive-bin require ghostscript_x11 (see above): -Provides: ghostscript_x11 +Provides: ghostscript_x11 = %{version} %description x11 This package contains the X11 library which is needed @@ -300,9 +229,8 @@ Conflicts: ghostscript-mini-devel This package contains the development files for Ghostscript. %prep -# Be quiet when unpacking and -# use a directory name matching Source0 to make it work also for ghostscript-mini: -%setup -q -n ghostscript-%{tarball_version} +%setup -q -n ghostscript-%{version} + # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream @@ -312,18 +240,6 @@ This package contains the development files for Ghostscript. # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 -# Patch102 CVE-2021-3781.patch is -# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde -# that fixes CVE-2021-3781 Trivial -dSAFER bypass -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 -# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 -%patch102 -p1 -# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish -# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml -# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 -%patch103 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig @@ -370,7 +286,7 @@ rm -rf lcms2art %build # Derive build timestamp from latest changelog entry -export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) +export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%{s}) # Set our preferred architecture-specific flags for the compiler and linker: export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC" export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC" @@ -398,50 +314,47 @@ autoreconf -fi # into the library, which is the upstream recommendation for distributions. This also allows # unbundling the 35 Postscript Standard fonts, provided by the URW font package # --without-libpaper disables libpaper support because SUSE does not have libpaper. -%define gs_font_path /usr/share/fonts/truetype:/usr/share/fonts/Type1:/usr/share/fonts/CID:/usr/share/fonts/URW +%define gs_font_path %{_datadir}/fonts/truetype:%{_datadir}/fonts/Type1:%{_datadir}/fonts/CID:%{_datadir}/fonts/URW # See http://bugs.ghostscript.com/show_bug.cgi?id=693100 export SUSE_ASNEEDED=0 -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --with-fontpath=%{gs_font_path} \ - --with-libiconv=maybe \ - --enable-freetype \ - --with-jbig2dec \ - --enable-openjpeg \ - --enable-dynamic \ - --disable-compile-inits \ - --without-local-zlib \ - --with-ijs \ - --enable-cups \ - --with-drivers=ALL \ - --with-x \ - --disable-gtk \ - --without-ufst \ - --without-luratech \ - --without-libpaper +%configure \ + --with-fontpath=%{gs_font_path} \ + --with-libiconv=maybe \ + --enable-freetype \ + --with-jbig2dec \ + --enable-openjpeg \ + --enable-dynamic \ + --disable-compile-inits \ +%if "%{flavor}" == "mini" + --without-ijs \ + --disable-cups \ + --disable-dbus \ + --without-pdftoraster \ + --with-drivers=FILES \ + --without-x \ +%else + --without-local-zlib \ + --with-ijs \ + --enable-cups \ + --with-drivers=ALL \ + --with-x \ +%endif + --disable-gtk \ + --without-ufst \ + --without-luratech \ + --without-libpaper # Make libgs.so and two programs which use it, gsx and gsc: # With --disable-gtk, gsx and gsc are identical. It provides a command line # frontend to libgs equivalent (functional and command line arguments) to # the gs binary, but uses the shared libgs instead of static linking -make so +%make_build so # Configure and make libijs (that is not done regardless whether or not --with-ijs is used above): pushd ijs ./autogen.sh autoreconf -fi -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --enable-shared \ - --disable-static -make +%configure --enable-shared --disable-static +%make_build popd %install @@ -452,7 +365,7 @@ mv %{buildroot}/%{_bindir}/{gsc,gs} rm %{buildroot}/%{_bindir}/gsx # Install libijs and its header files: pushd ijs -make install DESTDIR=%{buildroot} +%make_install popd # Remove installed ijs example client and server and its .la file: rm %{buildroot}%{_bindir}/ijs_client_example @@ -495,7 +408,7 @@ done # Do not pollute the build log file with zillions of meaningless messages: set +x cat /dev/null >catalog.devices -for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' ) +for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}%{_bindir}/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | grep -E -v '^Available devices:|^Search path:' ) do for F in $catalog_devices_source_files do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices done @@ -503,18 +416,22 @@ done # Switch back to the usual build log messages: set -x install -m 644 catalog.devices $DOCDIR -install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript +%if "%{flavor}" != "mini" +install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript +%endif # Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives -install -d %buildroot%{_sysconfdir}/alternatives +install -d %{buildroot}%{_sysconfdir}/alternatives mv %{buildroot}%{_bindir}/gs %{buildroot}%{_bindir}/gs.bin ln -sf %{_bindir}/gs.bin %{buildroot}%{_sysconfdir}/alternatives/gs ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs %post /sbin/ldconfig +%if "%{flavor}" != "mini" %if 0%{?suse_version} >= 1500 -%apparmor_reload /etc/apparmor.d/ghostscript +%apparmor_reload %{_sysconfdir}/apparmor.d/ghostscript +%endif %endif %{_sbindir}/update-alternatives \ --install %{_bindir}/gs gs %{_bindir}/gs.bin 15 @@ -528,7 +445,6 @@ if test $1 -eq 0 ; then fi %files -%defattr(-, root, root) %ghost %config %{_sysconfdir}/alternatives/gs %{_bindir}/dvipdf %{_bindir}/eps2eps @@ -557,40 +473,40 @@ fi %{_bindir}/ps2ps %{_bindir}/ps2ps2 %{_bindir}/unix-lpr.sh -%doc %{_mandir}/man1/dvipdf.1.gz -%doc %{_mandir}/man1/eps2eps.1.gz -%doc %{_mandir}/man1/gs.1.gz -%doc %{_mandir}/man1/gsbj.1.gz -%doc %{_mandir}/man1/gsdj.1.gz -%doc %{_mandir}/man1/gsdj500.1.gz -%doc %{_mandir}/man1/gslj.1.gz -%doc %{_mandir}/man1/gslp.1.gz -%doc %{_mandir}/man1/gsnd.1.gz -%doc %{_mandir}/man1/pdf2dsc.1.gz -%doc %{_mandir}/man1/pdf2ps.1.gz -%doc %{_mandir}/man1/pf2afm.1.gz -%doc %{_mandir}/man1/pfbtopfa.1.gz -%doc %{_mandir}/man1/printafm.1.gz -%doc %{_mandir}/man1/ps2ascii.1.gz -%doc %{_mandir}/man1/ps2epsi.1.gz -%doc %{_mandir}/man1/ps2pdf.1.gz -%doc %{_mandir}/man1/ps2pdf12.1.gz -%doc %{_mandir}/man1/ps2pdf13.1.gz -%doc %{_mandir}/man1/ps2pdf14.1.gz -%doc %{_mandir}/man1/ps2pdfwr.1.gz -%doc %{_mandir}/man1/ps2ps.1.gz -%doc %{_mandir}/de/man1/dvipdf.1.gz -%doc %{_mandir}/de/man1/eps2eps.1.gz -%doc %{_mandir}/de/man1/gsnd.1.gz -%doc %{_mandir}/de/man1/pdf2dsc.1.gz -%doc %{_mandir}/de/man1/pdf2ps.1.gz -%doc %{_mandir}/de/man1/printafm.1.gz -%doc %{_mandir}/de/man1/ps2ascii.1.gz -%doc %{_mandir}/de/man1/ps2pdf.1.gz -%doc %{_mandir}/de/man1/ps2pdf12.1.gz -%doc %{_mandir}/de/man1/ps2pdf13.1.gz -%doc %{_mandir}/de/man1/ps2pdf14.1.gz -%doc %{_mandir}/de/man1/ps2ps.1.gz +%{_mandir}/man1/dvipdf.1%{?ext_man} +%{_mandir}/man1/eps2eps.1%{?ext_man} +%{_mandir}/man1/gs.1%{?ext_man} +%{_mandir}/man1/gsbj.1%{?ext_man} +%{_mandir}/man1/gsdj.1%{?ext_man} +%{_mandir}/man1/gsdj500.1%{?ext_man} +%{_mandir}/man1/gslj.1%{?ext_man} +%{_mandir}/man1/gslp.1%{?ext_man} +%{_mandir}/man1/gsnd.1%{?ext_man} +%{_mandir}/man1/pdf2dsc.1%{?ext_man} +%{_mandir}/man1/pdf2ps.1%{?ext_man} +%{_mandir}/man1/pf2afm.1%{?ext_man} +%{_mandir}/man1/pfbtopfa.1%{?ext_man} +%{_mandir}/man1/printafm.1%{?ext_man} +%{_mandir}/man1/ps2ascii.1%{?ext_man} +%{_mandir}/man1/ps2epsi.1%{?ext_man} +%{_mandir}/man1/ps2pdf.1%{?ext_man} +%{_mandir}/man1/ps2pdf12.1%{?ext_man} +%{_mandir}/man1/ps2pdf13.1%{?ext_man} +%{_mandir}/man1/ps2pdf14.1%{?ext_man} +%{_mandir}/man1/ps2pdfwr.1%{?ext_man} +%{_mandir}/man1/ps2ps.1%{?ext_man} +%{_mandir}/de/man1/dvipdf.1%{?ext_man} +%{_mandir}/de/man1/eps2eps.1%{?ext_man} +%{_mandir}/de/man1/gsnd.1%{?ext_man} +%{_mandir}/de/man1/pdf2dsc.1%{?ext_man} +%{_mandir}/de/man1/pdf2ps.1%{?ext_man} +%{_mandir}/de/man1/printafm.1%{?ext_man} +%{_mandir}/de/man1/ps2ascii.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf12.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf13.1%{?ext_man} +%{_mandir}/de/man1/ps2pdf14.1%{?ext_man} +%{_mandir}/de/man1/ps2ps.1%{?ext_man} %doc %{_defaultdocdir}/ghostscript %dir %{_datadir}/doc/ghostscript %doc %{_datadir}/doc/ghostscript/%{built_version} @@ -603,6 +519,7 @@ fi %{_libdir}/libgs.so.* %{_libdir}/ghostscript/ %{_libdir}/libijs-0.35.so +%if "%{flavor}" != "mini" %exclude %{_libdir}/ghostscript/%{built_version}/X11.so %if 0%{?suse_version} < 1500 %dir %{_sysconfdir}/apparmor.d @@ -610,11 +527,10 @@ fi %{_sysconfdir}/apparmor.d/ghostscript %files x11 -%defattr(-,root,root) %{_libdir}/ghostscript/%{built_version}/X11.so +%endif %files devel -%defattr(-,root,root) %{_includedir}/ghostscript/ %{_libdir}/libgs.so %{_includedir}/ijs/