Accepting request 1315981 from Printing

In ghostscript.changes added the CVE numbers
which are fixed by Ghostscript version 10.06.0
where MITRE had not yet CVEs assigned at the time
when Ghostscript version 10.06.0 was released, cf.
https://build.opensuse.org/requests/1305216

OBS-URL: https://build.opensuse.org/request/show/1315981
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=75

2010_add_build_timestamp_setting.patch

@@ -0,0 +1,120 @@
+Description: Allow the build timestamp to be externally set
+ In order to make Ghostscript output reproducible, we need a way to
+ set the build timestamp to other values than the current time.
+ We now consistently use gp_get_realtime() instead of directly calling
+ time() or gp_get_usertime() and make gp_get_realtime() use the value
+ found in the SOURCE_DATE_EPOCH environment variable if set. Also,
+ environment timezone is fixed to UTC if SOURCE_DATE_EPOCH is used to
+ avoid variations.
+Author: Eduard Sanou <dhole@openmailbox.org>
+Author: Peter De Wachter <pdewacht@gmail.com>
+Bug-Debian: https://bugs.debian.org/794004
+Forwarded: not-needed
+Last-Update: 2023-09-13
+---
+This patch header follows DEP-3: https://dep.debian.net/deps/dep3/
+--- a/base/gp_unix.c
++++ b/base/gp_unix.c
+@@ -19,6 +19,7 @@
+ #ifdef __MINGW32__
+ #  include "windows_.h"
+ #endif
++#include "errno_.h"
+ #include "pipe_.h"
+ #include "string_.h"
+ #include "time_.h"
+@@ -149,6 +150,7 @@
+ gp_get_realtime(long *pdt)
+ {
+     struct timeval tp;
++    const char *env;
+ 
+ #if gettimeofday_no_timezone    /* older versions of SVR4 */
+     {
+@@ -168,6 +170,26 @@
+     }
+ #endif
+ 
++    env = getenv("SOURCE_DATE_EPOCH");
++    if (env) {
++        char *end;
++        long timestamp;
++
++        errno = 0;
++        timestamp = strtol(env, &end, 10);
++        if (env == end || *end || errno != 0) {
++            lprintf("Ghostscript: SOURCE_DATE_EPOCH is not a number!\n");
++            timestamp = 0;
++        }
++
++        tp.tv_sec = timestamp;
++        tp.tv_usec = 0;
++
++        /* We need to fix the environment timezone to get reproducible */
++        /* results when parsing the result of gp_get_realtime. */
++        setenv("TZ", "UTC", 1);
++    }
++
+     /* tp.tv_sec is #secs since Jan 1, 1970 */
+     pdt[0] = tp.tv_sec;
+ 
+--- a/devices/vector/gdevpdf.c
++++ b/devices/vector/gdevpdf.c
+@@ -437,6 +437,7 @@
+     if (!pdev->OmitInfoDate)
+     {
+         struct tm tms;
++        long secs_ns[2];
+         time_t t;
+         char buf[1+2+4+2+2+2+2+2+1+2+1+2+1+1+1]; /* (D:yyyymmddhhmmssZhh'mm')\0 */
+         int timeoffset;
+@@ -448,7 +449,8 @@
+         timesign = 'Z';
+         timeoffset = 0;
+ #else
+-        time(&t);
++        gp_get_realtime(secs_ns);
++        t = secs_ns[0];
+         tms = *gmtime(&t);
+         tms.tm_isdst = -1;
+         timeoffset = (int)difftime(t, mktime(&tms)); /* tz+dst in seconds */
+--- a/devices/vector/gdevpdfe.c
++++ b/devices/vector/gdevpdfe.c
+@@ -216,6 +216,7 @@
+ {
+     /* We don't write a day time because we don't have a time zone. */
+     struct tm tms;
++    long secs_ns[2];
+     time_t t;
+     char buf1[4+1+2+1+2+1]; /* yyyy-mm-dd\0 */
+ 
+@@ -223,7 +224,8 @@
+     memset(&t, 0, sizeof(t));
+     memset(&tms, 0, sizeof(tms));
+ #else
+-    time(&t);
++    gp_get_realtime(secs_ns);
++    t = secs_ns[0];
+     tms = *localtime(&t);
+ #endif
+     gs_snprintf(buf1, sizeof(buf1),
+--- a/devices/vector/gdevpsu.c
++++ b/devices/vector/gdevpsu.c
+@@ -187,6 +187,7 @@
+             dev->dname);
+ #endif
+     {
++        long secs_ns[2];
+         time_t t;
+         struct tm tms;
+ 
+@@ -194,7 +195,8 @@
+         memset(&t, 0, sizeof(t));
+         memset(&tms, 0, sizeof(tms));
+ #else
+-        time(&t);
++        gp_get_realtime(secs_ns);
++        t = secs_ns[0];
+         tms = *localtime(&t);
+ #endif
+         fprintf(f, "%%%%CreationDate: %d/%02d/%02d %02d:%02d:%02d\n",

ghostscript-10.03.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f25ff491a726d883f0b0f9c8af9b895c674cf77cddd814aa3824b3223f439ee5
-size 68041176

ghostscript-10.06.0-Fix_32-bit_build.patch

@@ -0,0 +1,63 @@
+From 3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Wed, 10 Sep 2025 08:55:30 +0100
+Subject: Fix 32-bit build
+
+Bug #708824 "ghostscript 10.06.0 compilation failure on 32-bit archs"
+
+nbytes shiouldn't be an intptr_t, it doesn't get used for pointer
+arithmetic. Previously it was a uint, should be a int64_t, to fit with
+all the other devices.
+
+Checked other warnings, and found a (very minor) one in gdevdbit.c, fix
+that while we're here (signed/unsigned mismatch, we don't really care).
+---
+ base/gdevdbit.c | 2 +-
+ base/gdevmpla.c | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/base/gdevdbit.c b/base/gdevdbit.c
+index e07cc3f3b..1b5c69325 100644
+--- a/base/gdevdbit.c
++++ b/base/gdevdbit.c
+@@ -191,7 +191,7 @@ gx_default_copy_alpha_hl_color(gx_device * dev, const byte * data, int data_x,
+     fit_copy(dev, data, data_x, raster, id, x, y, width, height);
+     row_alpha = data;
+     out_raster = bitmap_raster(width * (size_t)byte_depth);
+-    if (check_64bit_multiply(out_raster, ncomps, &product) != 0)
++    if (check_64bit_multiply(out_raster, ncomps, (int64_t *) &product) != 0)
+         return gs_note_error(gs_error_undefinedresult);
+     gb_buff = gs_alloc_bytes(mem, product, "copy_alpha_hl_color(gb_buff)");
+     if (gb_buff == 0) {
+diff --git a/base/gdevmpla.c b/base/gdevmpla.c
+index 2f0d52256..ffc5ff42e 100644
+--- a/base/gdevmpla.c
++++ b/base/gdevmpla.c
+@@ -1954,12 +1954,12 @@ mem_planar_strip_copy_rop2(gx_device * dev,
+         int i;
+         int j;
+         intptr_t chunky_sraster;
+-        intptr_t nbytes;
++        int64_t nbytes;
+         byte **line_ptrs;
+         byte *sbuf, *buf;
+ 
+         chunky_sraster = sraster * (intptr_t)mdev->num_planar_planes;
+-        if (check_64bit_multiply(height, chunky_sraster, (size_t *)&nbytes) != 0)
++        if (check_64bit_multiply(height, chunky_sraster, &nbytes) != 0)
+             return gs_note_error(gs_error_undefinedresult);
+         buf = gs_alloc_bytes(mdev->memory, nbytes, "mem_planar_strip_copy_rop(buf)");
+         if (buf == NULL) {
+@@ -2003,7 +2003,7 @@ mem_planar_strip_copy_rop2(gx_device * dev,
+         intptr_t i;
+         intptr_t chunky_t_raster;
+         int chunky_t_height;
+-        intptr_t nbytes;
++        int64_t nbytes;
+         byte **line_ptrs;
+         byte *tbuf, *buf;
+         gx_strip_bitmap newtex;
+-- 
+cgit v1.2.3
+
+

ghostscript.changes

@@ -1,3 +1,154 @@
+-------------------------------------------------------------------
+Tue Sep 16 13:45:31 UTC 2025 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.06.0
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.06.0/News.html
+  * This release addresses CVEs:
+    CVE-2025-59798 (bsc#1250353)
+    CVE-2025-59799 (bsc#1250354)
+    CVE-2025-59800 (bsc#1250355)
+    CVE-2025-59801 (belongs to GhostXPS not part of Ghostscript)
+  * The 10.06.0 removes the non-standard operator "selectdevice"
+    (cf. the entry below dated Tue Apr  1 09:56:06 UTC 2025)
+- ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f
+  to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824
+  "ghostscript 10.06.0 compilation failure on 32-bit archs"
+
+-------------------------------------------------------------------
+Tue Sep 16 08:15:18 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Switch over to libalternatives for ghostscript to provide a gs
+  variant (bsc#1245896)
+
+-------------------------------------------------------------------
+Mon Aug  4 07:14:46 UTC 2025 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.05.1
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.05.1/News.html
+  * This release addresses CVEs:
+    + CVE-2025-46646
+    + CVE-2025-48708 (bsc#1243701)
+  * The 10.05.1 patch release addresses:
+    + An overflow issue in Freetype on platforms
+      where long is a 4 byte (rather than 8 byte) type
+      (Microsoft Windows, for example) causing corrupted
+      glyph rendering at higher resolutions
+    + An issue with embedded files, affecting Zugferd
+      format PDF creation.
+    + Broken logic in PDF Optional Content processing
+    + Potential slow down due to searching for identifiable
+      font files
+    + A small number of extreme edge case segmentation faults.
+
+-------------------------------------------------------------------
+Thu Apr 10 19:39:55 UTC 2025 - Friedrich Haubensak <hsk17@mail.de>
+
+- add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to
+  still allow build on Leap 15.6
+
+-------------------------------------------------------------------
+Tue Apr  1 09:56:06 UTC 2025 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.05.0
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.05.0/News.html
+  * This release addresses:
+    + CVE-2025-27830 (bsc#1240074)
+    + CVE-2025-27831 (bsc#1240075)
+    + CVE-2025-27832 (bsc#1240077)
+    + CVE-2025-27833 (bsc#1240078)
+    + CVE-2025-27834 (bsc#1240079)
+    + CVE-2025-27835 (bsc#1240080)
+    + CVE-2025-27836 (bsc#1240081)
+    + CVE-2025-27837 (bsc#1240082 - affects only Windows)
+  * The 10.05.0 release deprecates the non-standard operator
+    "selectdevice", all code should now be using the standard
+    "setpagedevice" operator. "selectdevice" will be removed
+    in the 10.06.0 release.
+  * We now support production of PDF/X-1a and PDF/X-4a
+    in addition to the existing support for PDF/X-3
+  * The usual round of bug fixes, compatibility changes,
+    and incremental improvements. 
+- In Ghostscript 10.05.0 the pdf2dsc utility is removed because
+  its PostScript program pdf2dsc.ps uses chunks of the old PDF
+  interpreter which is replaced with a new implementation
+  (in C instead of PostScript) in the 10.x series of Ghostscript
+  so pdf2dsc can no longer work as intended. For details see the
+  "Please restore PDF2DSC for preview-latex" mail thread e.g. on
+  https://mail.gnu.org/archive/html/auctex-devel/2025-03/threads.html
+
+-------------------------------------------------------------------
+Tue Feb  4 09:42:47 UTC 2025 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Add reproducible.patch to not embed timestamp in .h file
+- Add 2010_add_build_timestamp_setting.patch to allow overriding
+  timestamp in generated pdf (boo#1236773)
+
+-------------------------------------------------------------------
+Wed Oct 30 12:27:04 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
+
+- Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024"
+  by adding the individual "bsc" numbers for each CVE, see
+  https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4
+  and by adding the "IMPORTANT" change in Ghostscript 10.04.0
+- spec file cleanup: removed the special cases for SLE12
+  i.e. rely on "suse_version >= 1500" as given precondition
+  (recent Ghostscript versions fail to build in SLE12 anyway)
+
+-------------------------------------------------------------------
+Wed Oct 23 08:54:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- Version upgrade to 10.04.0 (bsc#1232173):
+  Highlights in this release include:
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.04.0/News.html
+  * This release addresses:
+    + CVE-2024-46951 (bsc#1232265)
+    + CVE-2024-46952 (bsc#1232266)
+    + CVE-2024-46953 (bsc#1232267)
+    + CVE-2024-46954 (bsc#1232268)
+    + CVE-2024-46955 (bsc#1232269)
+    + CVE-2024-46956 (bsc#1232270)
+  * IMPORTANT: In this release (10.04.0)
+    we (i.e. Ghostscript upstream) have be added
+    protection for device selection from PostScript input.
+    This will mean that, by default, only the device specified
+    on the command line will be permitted. Similar to the file
+    permissions, there will be a "--permit-devices=" allowing
+    a comma separation list of allowed devices. This will also
+    take a single wildcard "*" allowing any device.
+    Any application which relies on allowing PostScript
+    to change devices during a job will have to be aware,
+    and take action to deal with this change.
+    The exception is "nulldevice", switching to that requires
+    no special action. 
+
+-------------------------------------------------------------------
+Mon Jul  1 11:56:34 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
+
+- Version upgrade to 10.03.1:
+  Highlights in this release include:
+  See 'Recent Changes in Ghostscript' at Ghostscript upstream
+  https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
+  * Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
+    CVE-2024-33871 and CVE-2024-29510
+- Regarding CVE-2024-33869 see bsc#1226946 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
+  https://bugs.ghostscript.com/show_bug.cgi?id=707691
+- Regarding CVE-2023-52722 see bsc#1223852 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
+- Regarding CVE-2024-33870 see bsc#1226944 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
+  https://bugs.ghostscript.com/show_bug.cgi?id=707686
+- Regarding CVE-2024-33871 see bsc#1225491 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
+- Regarding CVE-2024-29510 see bsc#1226945 and
+  https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
+
 -------------------------------------------------------------------
 Tue Mar 26 08:21:08 UTC 2024 - Johannes Meixner <jsmeix@suse.com>
 

ghostscript.spec

@@ -1,7 +1,8 @@
 #
-# spec file
+# spec file for package ghostscript
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,16 +24,38 @@
 %global psuffix %{nil}
 %bcond_without  apparmor
 %endif
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
 Name:           ghostscript%{psuffix}
-Version:        10.03.0
+Version:        10.06.0
 Release:        0
 Summary:        The Ghostscript interpreter for PostScript and PDF
 License:        AGPL-3.0-only
 Group:          Productivity/Office/Other
 URL:            https://www.ghostscript.com/
-Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10030/ghostscript-10.03.0.tar.xz
+# Use "osc service manualrun" to fetch Source0:
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10060/ghostscript-%{version}.tar.gz
+# How to manually (i.e. without "osc service") find the Source0 URL at Ghostscript upstream
+# (example for the Ghostscript 10.05.1 release):
+# Go to https://www.ghostscript.com
+# -> [Download] or "Releases" https://ghostscript.com/releases/index.html
+# -> "Ghostscript" https://ghostscript.com/releases/gsdnld.htm
+# -> "Ghostscript 10.05.1 Source for all platforms / Ghostscript AGPL Release"
+# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10051/ghostscript-10.05.1.tar.gz
+# and "MD5 Checksums"
+# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10051/MD5SUMS
+# and on https://ghostscript.com/releases/index.html
+# -> "release notes" https://ghostscript.readthedocs.io/en/gs10.05.1/News.html
 Source10:       apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
+# Patch1 ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit
+# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f
+# to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824
+# "ghostscript 10.06.0 compilation failure on 32-bit archs":
+Patch1:         ghostscript-10.06.0-Fix_32-bit_build.patch
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@@ -40,6 +63,8 @@ Source10:       apparmor_ghostscript
 # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
 # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467):
 Patch101:       ijs_exec_server_dont_use_sh.patch
+Patch102:       reproducible.patch
+Patch103:       2010_add_build_timestamp_setting.patch
 # Build Requirements:
 BuildRequires:  freetype2-devel
 BuildRequires:  libjpeg-devel
@@ -48,10 +73,15 @@ BuildRequires:  libpng-devel
 BuildRequires:  libtiff-devel
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
 BuildRequires:  update-alternatives
-BuildRequires:  zlib-devel
 Requires(post): update-alternatives
-Requires(preun):update-alternatives
+Requires(preun): update-alternatives
+%endif
+BuildRequires:  zlib-devel
 # Provide the additional RPM Provides of the ghostscript-library package
 # (ghostscript_x11 is provided by the ghostscript-x11 sub-package, see below).
 # The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any"
@@ -65,6 +95,7 @@ Requires(preun):update-alternatives
 # in openSUSE products, cf. https://build.opensuse.org/request/show/877083
 Provides:       ghostscript_any = %{version}
 %if "%{flavor}" != "mini"
+BuildRequires:  cups-devel
 BuildRequires:  dbus-1-devel
 BuildRequires:  libexpat-devel
 BuildRequires:  xorg-x11-fonts
@@ -74,18 +105,11 @@ BuildRequires:  pkgconfig(x11)
 BuildRequires:  pkgconfig(xext)
 BuildRequires:  pkgconfig(xproto)
 BuildRequires:  pkgconfig(xt)
-%if 0%{?suse_version} == 1315
-BuildRequires:  cups154-devel
-%else
-BuildRequires:  cups-devel
-%endif
 %if %{with apparmor}
-%if 0%{?suse_version} >= 1500
 BuildRequires:  apparmor-abstractions
 BuildRequires:  apparmor-rpm-macros
 %endif
 %endif
-%endif
 # Always check if latest version of openjpeg becomes compatible with ghostscript
 %if 0%{?suse_version} >= 1550
 BuildRequires:  pkgconfig(libopenjp2) >= 2.3.1
@@ -107,10 +131,8 @@ Obsoletes:      ghostscript-library < %{version}
 # The "Obsoletes: ghostscript-mini" is intentionally unversioned because
 # this package ghostscript should replace any version of ghostscript-mini.
 Obsoletes:      ghostscript-mini
-%if 0%{?suse_version} > 1210
 Recommends:     (cups-filters-ghostscript if cups)
 %endif
-%endif
 
 %description
 Ghostscript is a package of software that provides:
@@ -159,7 +181,11 @@ This package contains the development files for Ghostscript.
 
 %prep
 %setup -q -n ghostscript-%{version}
-
+# Patch1 ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit
+# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f
+# to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824
+# "ghostscript 10.06.0 compilation failure on 32-bit archs":
+%patch -P 1 -p1
 # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
 # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467):
 %patch -P 101 -p1
@@ -170,12 +196,14 @@ rm -rf freetype jpeg libpng lcms2art zlib tiff
 %if 0%{?suse_version} >= 1550
 rm -rf openjpeg
 %endif
+%patch -P102 -p1
+%patch -P103 -p1
 
 %build
 # Derive build timestamp from latest changelog entry
 export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%{s})
 # Set our preferred architecture-specific flags for the compiler and linker:
-export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC"
+export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC -std=gnu11"
 export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC"
 export LDFLAGS="-pie"
 autoreconf -fi
@@ -263,6 +291,25 @@ popd
 rm %{buildroot}%{_bindir}/ijs_client_example
 rm %{buildroot}%{_bindir}/ijs_server_example
 rm %{buildroot}%{_libdir}/libijs.la
+# Remove pdf2dsc which was removed in Ghostscript 10.05.0
+# because in Ghostscript 10.x pdf2dsc can no longer work as intended
+# see https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=2c315570de78df902f8f15312728d9e1b00cac44
+# but in Ghostscript 10.05.1 pdf2dsc was put back
+# see https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=528d324a7968ad89401ebb60dfdb22f9fdfeeb6b
+# and https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0e23e5009c7e2a65a2f707146f2dffe8a362ab86
+# regardless that pdf2dsc can still no longer work as intended
+# according to the git commit 528d324a7968ad89401ebb60dfdb22f9fdfeeb6b message
+# which reads (excerpts)
+# > After feedback from users (AUCTeX and gv) put back the pdf2dsc utility
+# > but note in the comments that this is now unsupported code (in truth
+# > I think it always was, but this makes it explicit).
+# > Because the PostScript program uses undocumented parts of the old
+# > 'written in PostScript' PDF interpreter portions of it probably don't
+# > work and it may fail altogether at some point.
+# Because openSUSE cannot support software which is not supported by upstream
+# the unsupported pdf2dsc is kept removed from Ghostscript:
+rm %{buildroot}%{_datadir}/ghostscript/%{version}/lib/pdf2dsc.ps
+rm %{buildroot}%{_bindir}/pdf2dsc
 # Install examples:
 EXAMPLESDIR=%{buildroot}%{_datadir}/ghostscript/%{version}/examples
 test -d $EXAMPLESDIR || install -d $EXAMPLESDIR
@@ -315,34 +362,52 @@ install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript
 %endif
 
 # Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives
-install -d %{buildroot}%{_sysconfdir}/alternatives
 mv %{buildroot}%{_bindir}/gs %{buildroot}%{_bindir}/gs.bin
+%if %{with libalternatives}
+mkdir -p %{buildroot}%{_datadir}/libalternatives/gs
+ln -sf %{_bindir}/alts %{buildroot}%{_bindir}/gs
+cat > %{buildroot}%{_datadir}/libalternatives/gs/10.conf <<-EOF
+	binary=%{_bindir}/gs.bin
+	man=gs.1
+	group=gs
+	EOF
+%else
+install -d %{buildroot}%{_sysconfdir}/alternatives
 ln -sf %{_bindir}/gs.bin %{buildroot}%{_sysconfdir}/alternatives/gs
 ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs
+%endif
 
 %post
 /sbin/ldconfig
 %if %{with apparmor}
 %if "%{flavor}" != "mini"
-%if 0%{?suse_version} >= 1500
 %apparmor_reload %{_sysconfdir}/apparmor.d/ghostscript
 %endif
 %endif
-%endif
+%if ! %{with libalternatives}
 %{_sbindir}/update-alternatives \
   --install %{_bindir}/gs gs %{_bindir}/gs.bin 15
+%endif
 
 %postun -p /sbin/ldconfig
 
+%if ! %{with libalternatives}
 %preun
 if test $1 -eq 0 ; then
     %{_sbindir}/update-alternatives \
     --remove gs %{_bindir}/gs.bin
 fi
+%endif
 
 %files
 %license LICENSE
+%if %{with libalternatives}
+%dir %{_datadir}/libalternatives/
+%dir %{_datadir}/libalternatives/gs/
+%{_datadir}/libalternatives/gs/10.conf
+%else
 %ghost %config %{_sysconfdir}/alternatives/gs
+%endif
 %{_bindir}/dvipdf
 %{_bindir}/eps2eps
 %{_bindir}/gs
@@ -354,7 +419,6 @@ fi
 %{_bindir}/gslp
 %{_bindir}/gsnd
 %{_bindir}/lprsetup.sh
-%{_bindir}/pdf2dsc
 %{_bindir}/pdf2ps
 %{_bindir}/pf2afm
 %{_bindir}/pfbtopfa
@@ -379,7 +443,6 @@ fi
 %{_mandir}/man1/gslj.1%{?ext_man}
 %{_mandir}/man1/gslp.1%{?ext_man}
 %{_mandir}/man1/gsnd.1%{?ext_man}
-%{_mandir}/man1/pdf2dsc.1%{?ext_man}
 %{_mandir}/man1/pdf2ps.1%{?ext_man}
 %{_mandir}/man1/pf2afm.1%{?ext_man}
 %{_mandir}/man1/pfbtopfa.1%{?ext_man}
@@ -407,9 +470,6 @@ fi
 %if "%{flavor}" != "mini"
 %exclude %{_libdir}/ghostscript/%{version}/X11.so
 %if %{with apparmor}
-%if 0%{?suse_version} < 1500
-%dir %{_sysconfdir}/apparmor.d
-%endif
 %{_sysconfdir}/apparmor.d/ghostscript
 %endif
 

reproducible.patch

@@ -0,0 +1,20 @@
+Date: 2024-09-20
+Author: Bernhard M. Wiedemann <bwiedemann suse de>
+
+Drop build date from generated .h file
+so that openSUSE's ghostscript-debugsource package
+does not vary between builds.
+
+Index: ghostscript-10.03.1/base/pack_ps.c
+===================================================================
+--- ghostscript-10.03.1.orig/base/pack_ps.c
++++ ghostscript-10.03.1/base/pack_ps.c
+@@ -344,7 +344,7 @@ main(int argc, char *argv[])
+     if (!buildtime) {
+         buildtime = time(NULL);
+     }
+-    fprintf(outfile,"/* Auto-generated from PostScript file \"%s\" at time %ld */\n", infilename, (long)buildtime);
++    fprintf(outfile,"/* Auto-generated from PostScript file \"%s\" */\n", infilename);
+ 
+     while (readline(infile, inputline, INPUT_LINE_LENGTH_MAX)) {
+