From 913dde5df310c9810c6c347f8509f790b43f698e779a7a56669b145e73a581e3 Mon Sep 17 00:00:00 2001
From: Johannes Meixner <jsmeix@suse.com>
Date: Thu, 9 May 2019 08:39:39 +0000
Subject: [PATCH] Accepting request 701733 from home:jsegitz:branches:Printing

- Set AA profile to complain and added fixes for ps2epsi (boo#1134327)

OBS-URL: https://build.opensuse.org/request/show/701733
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=113
---
 apparmor_ghostscript  | 17 +++++++++++++++--
 ghostscript-mini.spec |  2 +-
 ghostscript.changes   |  5 +++++
 ghostscript.spec      |  4 ++--
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/apparmor_ghostscript b/apparmor_ghostscript
index 6f0d578..386f203 100644
--- a/apparmor_ghostscript
+++ b/apparmor_ghostscript
@@ -2,8 +2,10 @@
 
 # this profile is mainly intended to prevent easy exploitation of
 # issues in ghostscript. This is mainly intended as a hardening
-# measure and doesn't alleviate the need for regular updates
-profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} {
+# measure and doesn't alleviate the need for regular updates.
+# Currently this profile is in complain mode since it caused regressions
+# for tumbleweed users
+profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} flags=(complain) {
   #include <abstractions/base>
   #include <abstractions/consoles>
   #include <abstractions/nameservice>
@@ -45,4 +47,15 @@ profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd
     #include <abstractions/base>
     /usr/bin/dirname mr,
   }
+
+  # for gsbj
+  /usr/bin/date mrix,
+  # for ps2epsi
+  /usr/bin/{gawk,cat,ls,sed,which} mrix,
+  /usr/bin/{mktemp,rm} Cx -> tempdir,
+  profile tempdir {
+    #include <abstractions/base>
+    /usr/bin/{mktemp,rm} mr,
+    owner /tmp/ps2epsi.* rw,
+  }
 }
diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec
index d99efe8..f8f32bd 100644
--- a/ghostscript-mini.spec
+++ b/ghostscript-mini.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ghostscript-mini
 #
-# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
diff --git a/ghostscript.changes b/ghostscript.changes
index b6fb1cf..827ec32 100644
--- a/ghostscript.changes
+++ b/ghostscript.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed May  8 08:46:43 UTC 2019 - jsegitz@suse.com
+
+- Set AA profile to complain and added fixes for ps2epsi (boo#1134327)
+
 -------------------------------------------------------------------
 Thu Apr  4 14:37:09 CEST 2019 - jsmeix@suse.de
 
diff --git a/ghostscript.spec b/ghostscript.spec
index 25ff3ad..e1b4fc8 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ghostscript
 #
-# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -218,7 +218,6 @@ For information how to use Ghostscript see
 
 %package x11
 Summary:        X11 library for Ghostscript
-Group:          Productivity/Publishing/PS
 # Require the exact matching version-release of the ghostscript main-package because
 # a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault)
 # because all Ghostscript software is built from one same Ghostscript source tar ball
@@ -226,6 +225,7 @@ Group:          Productivity/Publishing/PS
 # The exact matching version-release of the ghostscript main-package is available
 # on the same package repository where the ghostscript-x11 sub-package is because
 # all are built simulaneously from the same Ghostscript source package:
+Group:          Productivity/Publishing/PS
 Requires:       ghostscript = %{version}-%{release}
 # Unfortunately ghostscript-library.spec and ghostscript-mini.spec have
 # an unversioned "Provides: ghostscript" and for RPM this means that both