Syncing Ghostscript with Ubuntu

Fri, 07 Feb 2020 11:29:55 -0800 

Hi,
I am syncing most printing-related packages between Debian and Ubuntu to reduce packaging work. 


One of the packages I was not able to sync was Ghostscript, as openjpeg2 
did not pass the Ubuntu security requirements:


https://bugs.launchpad.net/bugs/711061


In Ubuntu the packages are in two repositories, Main and Universe, where 
Main is covered by commercial support for appropriate customers, 
Universe not, and so it must be possible to install a system of only 
packages from Main. This means that a package in Main cannot depend on a 
package in Universe. Main also has much higher security requirements 
than Universe.



A new package gets into Universe and for getting it into Main you have 
to post a "Main Inclusion Request" (MIR), telling whether the package is 
well maintained upstream, has security-relevant features like SUID 
executables, has CVEs and whether they got fixed in a timely manner, ...



Above-mentioned bug report is such a MIR, for libopenjpeg2, one of the 
dependencies of the Debian package of Ghostscript. In Ubuntu Ghostscript 
is in Main, therefore I can only let it depend on libopenjpeg2 if 
libopenjpeg2 also had been in Main, which was not the case. Therefore I 
had to keep a Ubuntu delta, letting the Ubuntu package use the 
libopenjpeg2 which the Ghostscript upstream maintainers included with 
Ghostscript, which is massaged by the professional programmers of 
Artifex and so provides the required security.



Now, 9 years after this MIR got posted and 7 years after my first 
comment (when I looked into syncing Ghostscript for the first time) 
finally theupstream developers fulfilled our security requirements and 
the MIR passed, libopenjpeg2 moved into Main and I was able to sync 
Ghostscript.


So now we have 9.50~dfsg-5 in Ubuntu.


But unfortunately, I overlooked another Ubuntu delta. The Ubuntu 
Ghostscript has some extra lines in debian/rules to make Ghostscript 
build with -O2 instead of -O3 on ppc64el as (at least on Ubuntu) gcc 
gets stuck on one file:


----------
DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)

ifneq (,$(filter $(DEB_HOST_ARCH),ppc64el))
    export DEB_CFLAGS_MAINT_STRIP=-O3
    export DEB_CFLAGS_MAINT_PREPEND=-O2
endif
----------

See

https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/1862053


Could you add this change to the Debian package, so that I can really 
sync Ghostscript?


Thanks in advance

   Till























					Reply via email to