Accepting request 652827 from Printing
Version upgrade to 9.26 (Purely security and a few bug fixes) (forwarded request 652826 from jsmeix) OBS-URL: https://build.opensuse.org/request/show/652827 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=34
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
fc115660b1
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:baafa64740b090bff50b220a6df3be95c46069b7e30f4b4effed28316e5b2389
|
||||
size 42017635
|
||||
3
ghostscript-9.26.tar.gz
Normal file
3
ghostscript-9.26.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:831fc019bd477f7cc2d481dc5395ebfa4a593a95eb2fe1eb231a97e450d7540d
|
||||
size 42084660
|
||||
@ -1,3 +1,68 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 30 09:01:17 CET 2018 - jsmeix@suse.de
|
||||
|
||||
- Version upgrade to 9.26
|
||||
Highlights in this release include:
|
||||
* Security issues have been the primary focus of this release,
|
||||
including solving several (well publicised) real and potential
|
||||
exploits.
|
||||
Thanks to Man Yue Mo of Semmle Security Research Team,
|
||||
Jens Mueller of Ruhr-Universitaet Bochum and
|
||||
Tavis Ormandy of Google's Project Zero
|
||||
for their help to identify specific security issues.
|
||||
PLEASE NOTE:
|
||||
We (i.e. Ghostscript upstream) strongly urge users to upgrade
|
||||
to this latest release to avoid these issues.
|
||||
* The usual round of bug fixes, compatibility changes,
|
||||
and incremental improvements.
|
||||
For a release summary see:
|
||||
http://www.ghostscript.com/doc/9.26/News.htm
|
||||
For details see the News.htm and History9.htm files.
|
||||
The Ghostscript 9.26 release should fix (cf. the entry below
|
||||
dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
|
||||
in particular those security issues (bsc#1117331)
|
||||
* CVE-2018-19475: psi/zdevice2.c allows attackers to bypass
|
||||
intended access restrictions
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700153
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117327 bsc#1117327
|
||||
* CVE-2018-19476: psi/zicc.c allows attackers to bypass
|
||||
intended access restrictions because of a setcolorspace
|
||||
type confusion
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700169
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117313 bsc#1117313
|
||||
* CVE-2018-19477: psi/zfjbig2.c allows attackers to bypass
|
||||
intended access restrictions because of a JBIG2Decode
|
||||
type confusion
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700168
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117274 bsc#1117274
|
||||
* CVE-2018-19409: LockSafetyParams is not checked correctly
|
||||
if another device is used
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700176
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117022 bsc#1117022
|
||||
and those security issues
|
||||
* CVE-2018-18284: 1Policy operator gives access to .forceput
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=69963
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1112229 bsc#1112229
|
||||
* CVE-2018-18073: saved execution stacks can leak operator arrays
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=699927
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1111480 bsc#1111480
|
||||
* CVE-2018-17961: bypassing executeonly to escape -dSAFER sandbox
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=699816
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1111479 bsc#1111479
|
||||
* CVE-2018-17183: remote attackers could be able to supply
|
||||
crafted PostScript to potentially overwrite or replace
|
||||
error handlers to inject code
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=699708
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1109105 bsc#1109105
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 9 11:25:19 CET 2018 - jsmeix@suse.de
|
||||
|
||||
- Version upgrade to 9.26rc1 (first release candidate for 9.26).
|
||||
Highlights in this release include:
|
||||
* Purely security and a few bug fixes, there are no new features,
|
||||
and no API changes to report.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ BuildRequires: libtool
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: zlib-devel
|
||||
Summary: Minimal Ghostscript for minimal build requirements
|
||||
License: AGPL-3.0
|
||||
License: AGPL-3.0-only
|
||||
Group: System/Libraries
|
||||
Url: http://www.ghostscript.com/
|
||||
# Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1).
|
||||
@ -37,35 +37,35 @@ Url: http://www.ghostscript.com/
|
||||
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
|
||||
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
|
||||
# so that we keep additionally the previous version number to upgrade from the previous version:
|
||||
#Version: 9.24pre25rc1
|
||||
#Version: 9.25pre26rc1
|
||||
# Normal version for Ghostscript releases is the upstream version:
|
||||
Version: 9.25
|
||||
Version: 9.26
|
||||
Release: 0
|
||||
# tarball_version is used below to specify the directory via "setup -n":
|
||||
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
|
||||
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
|
||||
%define tarball_version %{version}
|
||||
#define tarball_version 9.25rc1
|
||||
#define tarball_version 9.26rc1
|
||||
# built_version is used below in the install and files sections:
|
||||
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
|
||||
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
|
||||
%define built_version %{version}
|
||||
#define built_version 9.25
|
||||
#define built_version 9.26
|
||||
# Source0...Source9 is for sources from upstream:
|
||||
# Special URLs for Ghostscript release candidates:
|
||||
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
|
||||
# URL for Source0:
|
||||
# wget -O ghostscript-9.25rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/ghostscript-9.25rc1.tar.gz
|
||||
# wget -O ghostscript-9.26rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/ghostscript-9.26rc1.tar.gz
|
||||
# URL for MD5 checksums:
|
||||
# wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS
|
||||
# MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz
|
||||
# wget -O gs9.26rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/MD5SUMS
|
||||
# MD5 checksum for Source0: 6539d5b270721938936d721f279a3520 ghostscript-9.26rc1.tar.gz
|
||||
#Source0: ghostscript-%{tarball_version}.tar.gz
|
||||
# Normal URLs for Ghostscript releases:
|
||||
# URL for Source0:
|
||||
# wget -O ghostscript-9.25.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/ghostscript-9.25.tar.gz
|
||||
# wget -O ghostscript-9.26.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostscript-9.26.tar.gz
|
||||
# URL for MD5 checksums:
|
||||
# wget -O gs925.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/MD5SUMS
|
||||
# MD5 checksum for Source0: eebd0fadbfa8e800094422ce65e94d5d ghostscript-9.25.tar.gz
|
||||
# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/MD5SUMS
|
||||
# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz
|
||||
Source0: ghostscript-%{version}.tar.gz
|
||||
# Patch0...Patch9 is for patches from upstream:
|
||||
# Source10...Source99 is for sources from SUSE which are intended for upstream:
|
||||
|
||||
@ -1,3 +1,68 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 30 09:01:17 CET 2018 - jsmeix@suse.de
|
||||
|
||||
- Version upgrade to 9.26
|
||||
Highlights in this release include:
|
||||
* Security issues have been the primary focus of this release,
|
||||
including solving several (well publicised) real and potential
|
||||
exploits.
|
||||
Thanks to Man Yue Mo of Semmle Security Research Team,
|
||||
Jens Mueller of Ruhr-Universitaet Bochum and
|
||||
Tavis Ormandy of Google's Project Zero
|
||||
for their help to identify specific security issues.
|
||||
PLEASE NOTE:
|
||||
We (i.e. Ghostscript upstream) strongly urge users to upgrade
|
||||
to this latest release to avoid these issues.
|
||||
* The usual round of bug fixes, compatibility changes,
|
||||
and incremental improvements.
|
||||
For a release summary see:
|
||||
http://www.ghostscript.com/doc/9.26/News.htm
|
||||
For details see the News.htm and History9.htm files.
|
||||
The Ghostscript 9.26 release should fix (cf. the entry below
|
||||
dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
|
||||
in particular those security issues (bsc#1117331)
|
||||
* CVE-2018-19475: psi/zdevice2.c allows attackers to bypass
|
||||
intended access restrictions
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700153
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117327 bsc#1117327
|
||||
* CVE-2018-19476: psi/zicc.c allows attackers to bypass
|
||||
intended access restrictions because of a setcolorspace
|
||||
type confusion
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700169
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117313 bsc#1117313
|
||||
* CVE-2018-19477: psi/zfjbig2.c allows attackers to bypass
|
||||
intended access restrictions because of a JBIG2Decode
|
||||
type confusion
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700168
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117274 bsc#1117274
|
||||
* CVE-2018-19409: LockSafetyParams is not checked correctly
|
||||
if another device is used
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=700176
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1117022 bsc#1117022
|
||||
and those security issues
|
||||
* CVE-2018-18284: 1Policy operator gives access to .forceput
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=69963
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1112229 bsc#1112229
|
||||
* CVE-2018-18073: saved execution stacks can leak operator arrays
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=699927
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1111480 bsc#1111480
|
||||
* CVE-2018-17961: bypassing executeonly to escape -dSAFER sandbox
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=699816
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1111479 bsc#1111479
|
||||
* CVE-2018-17183: remote attackers could be able to supply
|
||||
crafted PostScript to potentially overwrite or replace
|
||||
error handlers to inject code
|
||||
https://bugs.ghostscript.com/show_bug.cgi?id=699708
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1109105 bsc#1109105
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 9 11:25:19 CET 2018 - jsmeix@suse.de
|
||||
|
||||
- Version upgrade to 9.26rc1 (first release candidate for 9.26).
|
||||
Highlights in this release include:
|
||||
* Purely security and a few bug fixes, there are no new features,
|
||||
and no API changes to report.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de
|
||||
|
||||
|
||||
@ -46,7 +46,7 @@ BuildRequires: xorg-x11-devel
|
||||
BuildRequires: xorg-x11-fonts
|
||||
BuildRequires: zlib-devel
|
||||
Summary: The Ghostscript interpreter for PostScript and PDF
|
||||
License: AGPL-3.0
|
||||
License: AGPL-3.0-only
|
||||
Group: System/Libraries
|
||||
Url: http://www.ghostscript.com/
|
||||
# Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1).
|
||||
@ -57,35 +57,35 @@ Url: http://www.ghostscript.com/
|
||||
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
|
||||
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
|
||||
# so that we keep additionally the previous version number to upgrade from the previous version:
|
||||
#Version: 9.24pre25rc1
|
||||
#Version: 9.25pre26rc1
|
||||
# Normal version for Ghostscript releases is the upstream version:
|
||||
Version: 9.25
|
||||
Version: 9.26
|
||||
Release: 0
|
||||
# tarball_version is used below to specify the directory via "setup -n":
|
||||
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
|
||||
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
|
||||
%define tarball_version %{version}
|
||||
#define tarball_version 9.25rc1
|
||||
#define tarball_version 9.26rc1
|
||||
# built_version is used below in the install and files sections:
|
||||
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
|
||||
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
|
||||
%define built_version %{version}
|
||||
#define built_version 9.25
|
||||
#define built_version 9.26
|
||||
# Source0...Source9 is for sources from upstream:
|
||||
# Special URLs for Ghostscript release candidates:
|
||||
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
|
||||
# URL for Source0:
|
||||
# wget -O ghostscript-9.25rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/ghostscript-9.25rc1.tar.gz
|
||||
# wget -O ghostscript-9.26rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/ghostscript-9.26rc1.tar.gz
|
||||
# URL for MD5 checksums:
|
||||
# wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS
|
||||
# MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz
|
||||
# wget -O gs9.26rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9.26rc1/MD5SUMS
|
||||
# MD5 checksum for Source0: 6539d5b270721938936d721f279a3520 ghostscript-9.26rc1.tar.gz
|
||||
#Source0: ghostscript-%{tarball_version}.tar.gz
|
||||
# Normal URLs for Ghostscript releases:
|
||||
# URL for Source0:
|
||||
# wget -O ghostscript-9.25.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/ghostscript-9.25.tar.gz
|
||||
# wget -O ghostscript-9.26.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostscript-9.26.tar.gz
|
||||
# URL for MD5 checksums:
|
||||
# wget -O gs925.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/MD5SUMS
|
||||
# MD5 checksum for Source0: eebd0fadbfa8e800094422ce65e94d5d ghostscript-9.25.tar.gz
|
||||
# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/MD5SUMS
|
||||
# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz
|
||||
Source0: ghostscript-%{version}.tar.gz
|
||||
# Patch0...Patch9 is for patches from upstream:
|
||||
# Source10...Source99 is for sources from SUSE which are intended for upstream:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user