commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2024-07-03 20:28:11
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.18349 (New)
Package is "ghostscript"
Wed Jul 3 20:28:11 2024 rev:67 rq:1184313 version:10.03.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2024-03-26
19:29:26.813761651 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.18349/ghostscript.changes
2024-07-03 20:29:25.351137486 +0200
@@ -1,0 +2,23 @@
+Mon Jul 1 11:56:34 UTC 2024 - Johannes Meixner
+
+- Version upgrade to 10.03.1:
+ Highlights in this release include:
+ See 'Recent Changes in Ghostscript' at Ghostscript upstream
+ https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
+ * Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
+CVE-2024-33871 and CVE-2024-29510
+- Regarding CVE-2024-33869 see bsc#1226946 and
+
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
+
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
+ https://bugs.ghostscript.com/show_bug.cgi?id=707691
+- Regarding CVE-2023-52722 see bsc#1223852 and
+
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
+- Regarding CVE-2024-33870 see bsc#1226944 and
+
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
+ https://bugs.ghostscript.com/show_bug.cgi?id=707686
+- Regarding CVE-2024-33871 see bsc#1225491 and
+
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
+- Regarding CVE-2024-29510 see bsc#1226945 and
+
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
+
+---
Old:
ghostscript-10.03.0.tar.xz
New:
ghostscript-10.03.1.tar.gz
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.h23HD1/_old 2024-07-03 20:29:26.503179651 +0200
+++ /var/tmp/diff_new_pack.h23HD1/_new 2024-07-03 20:29:26.507179798 +0200
@@ -24,13 +24,19 @@
%bcond_without apparmor
%endif
Name: ghostscript%{psuffix}
-Version:10.03.0
+Version:10.03.1
Release:0
Summary:The Ghostscript interpreter for PostScript and PDF
License:AGPL-3.0-only
Group: Productivity/Office/Other
URL:https://www.ghostscript.com/
-Source0:
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10030/ghostscript-10.03.0.tar.xz
+# How to manually get Source0:
+# Go to https://www.ghostscript.com
+# -> "The current Ghostscript release 10.03.1 can be downloaded here"
https://www.ghostscript.com/releases/index.html
+# -> "Ghostscript" https://www.ghostscript.com/releases/gsdnld.html
+# -> "Ghostscript 10.03.1 Source for all platforms / GNU Affero General Public
License" = "Ghostscript AGPL Release"
+#
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
+Source0:
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz
Source10: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream:
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2024-03-06 23:03:18
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.1770 (New)
Package is "ghostscript"
Wed Mar 6 23:03:18 2024 rev:65 rq:1155021 version:10.02.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2024-01-29
22:26:41.344384646 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.1770/ghostscript.changes
2024-03-06 23:03:31.251114414 +0100
@@ -1,0 +2,10 @@
+Tue Feb 27 10:59:43 UTC 2024 - Dominique Leuenberger
+
+- Use %patch -P N instead of deprecated %patchN.
+
+---
+Thu Feb 22 09:07:33 UTC 2024 - Thorsten Kukuk
+
+- Allow to disable apparmor support (ALP supports only SELinux)
+
+---
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.PdudSK/_old 2024-03-06 23:03:33.323189536 +0100
+++ /var/tmp/diff_new_pack.PdudSK/_new 2024-03-06 23:03:33.323189536 +0100
@@ -21,6 +21,7 @@
%global psuffix -mini
%else
%global psuffix %{nil}
+%bcond_without apparmor
%endif
Name: ghostscript%{psuffix}
Version:10.02.1
@@ -78,11 +79,13 @@
%else
BuildRequires: cups-devel
%endif
+%if %{with apparmor}
%if 0%{?suse_version} >= 1500
BuildRequires: apparmor-abstractions
BuildRequires: apparmor-rpm-macros
%endif
%endif
+%endif
# Always check if latest version of openjpeg becomes compatible with
ghostscript
%if 0%{?suse_version} >= 1550
BuildRequires: pkgconfig(libopenjp2) >= 2.3.1
@@ -159,7 +162,7 @@
# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
# additionally allow exec'ing hpijs in apparmor profile was needed
(bsc#1128467):
-%patch101 -p1
+%patch -P 101 -p1
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig
@@ -305,9 +308,11 @@
# Switch back to the usual build log messages:
set -x
install -m 644 catalog.devices $DOCDIR
+%if %{with apparmor}
%if "%{flavor}" != "mini"
install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript
%endif
+%endif
# Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives
install -d %{buildroot}%{_sysconfdir}/alternatives
@@ -317,11 +322,13 @@
%post
/sbin/ldconfig
+%if %{with apparmor}
%if "%{flavor}" != "mini"
%if 0%{?suse_version} >= 1500
%apparmor_reload %{_sysconfdir}/apparmor.d/ghostscript
%endif
%endif
+%endif
%{_sbindir}/update-alternatives \
--install %{_bindir}/gs gs %{_bindir}/gs.bin 15
@@ -399,10 +406,12 @@
%{_libdir}/libijs-0.35.so
%if "%{flavor}" != "mini"
%exclude %{_libdir}/ghostscript/%{version}/X11.so
+%if %{with apparmor}
%if 0%{?suse_version} < 1500
%dir %{_sysconfdir}/apparmor.d
%endif
%{_sysconfdir}/apparmor.d/ghostscript
+%endif
%files x11
%{_libdir}/ghostscript/%{version}/X11.so
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2024-01-29 22:26:38
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.1815 (New)
Package is "ghostscript"
Mon Jan 29 22:26:38 2024 rev:64 rq:1142081 version:10.02.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2024-01-04
15:56:52.463372340 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.1815/ghostscript.changes
2024-01-29 22:26:41.344384646 +0100
@@ -1,0 +2,35 @@
+Sun Jan 28 10:39:57 UTC 2024 - Dirk Müller
+
+- update to 10.02.1:
+ * Patch release to address some security bugs
+ * This release (10.02.0) marks the final demise of the
+PostScript based PDF interpreter.
+ * This 10.01.1 release removes the "-dNEWPDF=false" command
+line option to fall back to the deprecated, old PDF
+interpreter.
+ * This 10.01.0 release removes the "-dNEWPDF=false" command
+line option to fall back to the deprecated, old PDF
+interpreter.
+ * This release officially deprecates the old Postscript
+implementation of PDF, we will not be updating or maintaining
+that code moving forward. The option to use the old PDF
+implementation _**will**_ be removed in the next full release
+(10.01.0)
+ * Important: This release includes the new PDF interpreter
+(implemented in C rather than PostScript). It is both
+integrated into Ghostscript (now ENABLED by default), and
+available as a standalone, PDF only, binary. See
+https://ghostscript.com/pdfi.html for more details.
+ * This also bundles the latest zlib (1.2.12) which addresses a
+security issue (CVE-2018-25032)
+ * **Important**: This release includes the new PDF interpreter
+(implemented in C rather than PostScript). It is both
+integrated into Ghostscript (now **ENABLED** by default), and
+available as a standalone, PDF only, binary. See
+https://ghostscript.com/pdfi.html for more details.
+- drop CVE-2023-28879.patch, CVE-2023-36664.patch,
+ CVE-2023-38559.patch, CVE-2023-43115.patch,
+ CVE-2023-46751.patch: upstream
+- drop remove-zlib-h-dependency.patch: unused
+
+---
Old:
CVE-2023-28879.patch
CVE-2023-36664.patch
CVE-2023-38559.patch
CVE-2023-43115.patch
CVE-2023-46751.patch
ghostscript-9.56.1.tar.xz
remove-zlib-h-dependency.patch
New:
ghostscript-10.02.1.tar.xz
BETA DEBUG BEGIN:
Old:https://ghostscript.com/pdfi.html for more details.
- drop CVE-2023-28879.patch, CVE-2023-36664.patch,
CVE-2023-38559.patch, CVE-2023-43115.patch,
Old:https://ghostscript.com/pdfi.html for more details.
- drop CVE-2023-28879.patch, CVE-2023-36664.patch,
CVE-2023-38559.patch, CVE-2023-43115.patch,
Old:- drop CVE-2023-28879.patch, CVE-2023-36664.patch,
CVE-2023-38559.patch, CVE-2023-43115.patch,
CVE-2023-46751.patch: upstream
Old:- drop CVE-2023-28879.patch, CVE-2023-36664.patch,
CVE-2023-38559.patch, CVE-2023-43115.patch,
CVE-2023-46751.patch: upstream
Old: CVE-2023-38559.patch, CVE-2023-43115.patch,
CVE-2023-46751.patch: upstream
- drop remove-zlib-h-dependency.patch: unused
Old: CVE-2023-46751.patch: upstream
- drop remove-zlib-h-dependency.patch: unused
BETA DEBUG END:
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.iGYDiX/_old 2024-01-29 22:26:42.500426548 +0100
+++ /var/tmp/diff_new_pack.iGYDiX/_new 2024-01-29 22:26:42.500426548 +0100
@@ -1,5 +1,5 @@
#
-# spec file
+# spec file for package ghostscript
#
# Copyright (c) 2024 SUSE LLC
#
@@ -22,75 +22,23 @@
%else
%global psuffix %{nil}
%endif
-# built_version is used below in the install and files sections:
-# Separated built_version needed in case of Ghostscript release candidates
e.g. "define built_version 9.15".
-# For Ghostscript releases built_version and version are the same (i.e. the
upstream version):
-%define built_version %{version}
Name: ghostscript%{psuffix}
-Version:9.56.1
+Version:10.02.1
Release:0
Summary:The Ghostscript interpreter for PostScript and PDF
License:AGPL-3.0-only
Group: Productivity/Office/Other
URL:https://www.ghostscript.com/
-#
sha512:fe5a5103c081dd87cf8b3e0bbbd0df004c0e4e04e41bded7c70372916e6e26249a0e8fa434b561292964c5f3820ee6c60ef1557827a6efb5676012ccb73ded85
-Source0:
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9561/ghostscript-%{version}.tar.xz
+Source0:
https://github.com/ArtifexSoftware/ghostp
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2024-01-04 15:55:37
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.28375 (New)
Package is "ghostscript"
Thu Jan 4 15:55:37 2024 rev:63 rq:1136517 version:9.56.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-12-19
23:15:50.661559511 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.28375/ghostscript.changes
2024-01-04 15:56:52.463372340 +0100
@@ -1,0 +2,11 @@
+Wed Jan 3 12:15:46 UTC 2024 - Johannes Meixner
+
+- CVE-2023-46751.patch is
+ https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
+ adapted for Ghostscript-9.56.1 that fixes
+ https://bugs.ghostscript.com/show_bug.cgi?id=707264
+ which includes a fix for CVE-2023-46751
+ "dangling pointer in gdev_prn_open_printer_seekable()"
+ (bsc#1217871)
+
+---
New:
CVE-2023-46751.patch
BETA DEBUG BEGIN:
New:
- CVE-2023-46751.patch is
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
BETA DEBUG END:
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.EYlqGH/_old 2024-01-04 15:56:53.275402004 +0100
+++ /var/tmp/diff_new_pack.EYlqGH/_new 2024-01-04 15:56:53.279402150 +0100
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -83,6 +83,14 @@
# see https://bugs.ghostscript.com/show_bug.cgi?id=707051
# and https://bugzilla.suse.com/show_bug.cgi?id=1215466
Patch105: CVE-2023-43115.patch
+# Patch106 CVE-2023-46751.patch is
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
+# adapted for Ghostscript-9.56.1 that fixes
+# https://bugs.ghostscript.com/show_bug.cgi?id=707264
+# which includes a fix for CVE-2023-46751
+# "dangling pointer in gdev_prn_open_printer_seekable()"
+# see https://bugzilla.suse.com/show_bug.cgi?id=1217871
+Patch106: CVE-2023-46751.patch
# Build Requirements:
BuildRequires: freetype2-devel
BuildRequires: libjpeg-devel
@@ -318,6 +326,14 @@
# see https://bugs.ghostscript.com/show_bug.cgi?id=707051
# and https://bugzilla.suse.com/show_bug.cgi?id=1215466
%patch105
+# Patch106 CVE-2023-46751.patch is
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
+# adapted for Ghostscript-9.56.1 that fixes
+# https://bugs.ghostscript.com/show_bug.cgi?id=707264
+# which includes a fix for CVE-2023-46751
+# "dangling pointer in gdev_prn_open_printer_seekable()"
+# see https://bugzilla.suse.com/show_bug.cgi?id=1217871
+%patch106
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig
++ CVE-2023-46751.patch ++
--- base/gdevprn.c.orig 2022-04-04 15:48:49.0 +0200
+++ base/gdevprn.c 2024-01-03 12:53:20.009504451 +0100
@@ -1268,6 +1268,7 @@ gdev_prn_open_printer_seekable(gx_device
&& !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) {
code = gx_device_close_output_file(pdev, ppdev->fname,
ppdev->file);
+ppdev->file = NULL;
if (code < 0)
return code;
}
--- devices/gdevtsep.c.orig 2022-04-04 15:48:49.0 +0200
+++ devices/gdevtsep.c 2024-01-03 13:04:42.048210048 +0100
@@ -736,6 +736,7 @@ tiffsep_initialize_device_procs(gx_devic
{
gdev_prn_initialize_device_procs(dev);
+set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
set_dev_proc(dev, open_device, tiffsep_prn_open);
set_dev_proc(dev, close_device, tiffsep_prn_close);
set_dev_proc(dev, map_color_rgb, tiffsep_decode_color);
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2023-12-19 23:15:38
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.9037 (New)
Package is "ghostscript"
Tue Dec 19 23:15:38 2023 rev:62 rq:1133909 version:9.56.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-09-21
22:14:05.945378183 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.9037/ghostscript.changes
2023-12-19 23:15:50.661559511 +0100
@@ -1,0 +2,5 @@
+Mon Dec 18 12:50:20 UTC 2023 - Dominique Leuenberger
+
+- Recommend cups-filters only when cups is present.
+
+---
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.cBGDMN/_old 2023-12-19 23:15:51.417587042 +0100
+++ /var/tmp/diff_new_pack.cBGDMN/_new 2023-12-19 23:15:51.417587042 +0100
@@ -187,7 +187,7 @@
# this package ghostscript should replace any version of ghostscript-mini.
Obsoletes: ghostscript-mini
%if 0%{?suse_version} > 1210
-Recommends: cups-filters-ghostscript
+Recommends: (cups-filters-ghostscript if cups)
%endif
%endif
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2023-09-21 22:13:31
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.1770 (New)
Package is "ghostscript"
Thu Sep 21 22:13:31 2023 rev:61 rq:1112467 version:9.56.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-07-27
16:50:19.369649622 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.1770/ghostscript.changes
2023-09-21 22:14:05.945378183 +0200
@@ -1,0 +2,10 @@
+Wed Sep 20 06:23:44 UTC 2023 - Johannes Meixner
+
+- CVE-2023-43115.patch is
+
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+ that fixes CVE-2023-43115 "remote code execution
+ via crafted PostScript documents in gdevijs.c"
+ see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+ (bsc#1215466)
+
+---
New:
CVE-2023-43115.patch
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.hThBJS/_old 2023-09-21 22:14:07.761444094 +0200
+++ /var/tmp/diff_new_pack.hThBJS/_new 2023-09-21 22:14:07.761444094 +0200
@@ -76,6 +76,14 @@
# as the already fixed CVE-2020-16305 in devices/gdevpcx.c
# see https://bugs.ghostscript.com/show_bug.cgi?id=701819
Patch104: CVE-2023-38559.patch
+# Patch105 CVE-2023-43115.patch is
+#
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+# that fixes CVE-2023-43115
+# "remote code execution via crafted PostScript documents in gdevijs.c"
+# see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+# and https://bugzilla.suse.com/show_bug.cgi?id=1215466
+Patch105: CVE-2023-43115.patch
+# Build Requirements:
BuildRequires: freetype2-devel
BuildRequires: libjpeg-devel
BuildRequires: liblcms2-devel
@@ -303,6 +311,13 @@
# as the already fixed CVE-2020-16305 in devices/gdevpcx.c
# see https://bugs.ghostscript.com/show_bug.cgi?id=701819
%patch104
+# Patch105 CVE-2023-43115.patch is
+#
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+# that fixes CVE-2023-43115
+# "remote code execution via crafted PostScript documents in gdevijs.c"
+# see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+# and https://bugzilla.suse.com/show_bug.cgi?id=1215466
+%patch105
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig
++ CVE-2023-43115.patch ++
--- devices/gdevijs.c.orig 2022-04-04 15:48:49.0 +0200
+++ devices/gdevijs.c 2023-09-20 08:18:09.178777690 +0200
@@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev)
static const char rgb[] = "DeviceRGB";
gx_device_ijs *ijsdev = (gx_device_ijs *)dev;
+if (ijsdev->memory->gs_lib_ctx->core->path_control_active)
+return_error(gs_error_invalidaccess);
if (!ijsdev->ColorSpace) {
ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1,
"gsijs_initialize");
@@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_para
if (code >= 0)
code = gsijs_read_string(plist, "IjsServer",
ijsdev->IjsServer, sizeof(ijsdev->IjsServer),
-dev->LockSafetyParams, is_open);
+ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open);
if (code >= 0)
code = gsijs_read_string_malloc(plist, "DeviceManufacturer",
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2023-07-27 16:50:03
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.32662 (New)
Package is "ghostscript"
Thu Jul 27 16:50:03 2023 rev:60 rq:1100803 version:9.56.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-07-05
15:30:29.242540434 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.32662/ghostscript.changes
2023-07-27 16:50:19.369649622 +0200
@@ -1,0 +2,12 @@
+Wed Jul 26 09:35:33 UTC 2023 - Johannes Meixner
+
+- CVE-2023-38559.patch fixes CVE-2023-38559
+ "out of bounds read devn_pcx_write_rle() could result in DoS"
+ see bsc#1213637
+ and https://bugs.ghostscript.com/show_bug.cgi?id=706897
+ which is in base/gdevdevn.c the same issue
+ "ordering in if expression to avoid out-of-bounds access"
+ as the already fixed CVE-2020-16305 in devices/gdevpcx.c
+ see https://bugs.ghostscript.com/show_bug.cgi?id=701819
+
+---
New:
CVE-2023-38559.patch
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.Q85EXs/_old 2023-07-27 16:50:20.385655363 +0200
+++ /var/tmp/diff_new_pack.Q85EXs/_new 2023-07-27 16:50:20.393655408 +0200
@@ -65,6 +65,17 @@
# and https://bugzilla.suse.com/show_bug.cgi?id=1212711
# "permission validation mishandling for pipe devices (with the %pipe% prefix
or the | pipe character prefix)"
Patch103: CVE-2023-36664.patch
+# Patch104 CVE-2023-38559.patch is for Ghostscript-9.56.1 from
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
+# that fixes CVE-2023-38559
+# "out of bounds read devn_pcx_write_rle() could result in DoS"
+# see https://bugzilla.suse.com/show_bug.cgi?id=1213637
+# and https://bugs.ghostscript.com/show_bug.cgi?id=706897
+# which is in base/gdevdevn.c the same issue
+# "ordering in if expression to avoid out-of-bounds access"
+# as the already fixed CVE-2020-16305 in devices/gdevpcx.c
+# see https://bugs.ghostscript.com/show_bug.cgi?id=701819
+Patch104: CVE-2023-38559.patch
BuildRequires: freetype2-devel
BuildRequires: libjpeg-devel
BuildRequires: liblcms2-devel
@@ -281,6 +292,17 @@
# and https://bugzilla.suse.com/show_bug.cgi?id=1212711
# "permission validation mishandling for pipe devices (with the %pipe% prefix
or the | pipe character prefix)"
%patch103
+# Patch104 CVE-2023-38559.patch is for Ghostscript-9.56.1 from
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
+# that fixes CVE-2023-38559
+# "out of bounds read devn_pcx_write_rle() could result in DoS"
+# see https://bugzilla.suse.com/show_bug.cgi?id=1213637
+# and https://bugs.ghostscript.com/show_bug.cgi?id=706897
+# which is in base/gdevdevn.c the same issue
+# "ordering in if expression to avoid out-of-bounds access"
+# as the already fixed CVE-2020-16305 in devices/gdevpcx.c
+# see https://bugs.ghostscript.com/show_bug.cgi?id=701819
+%patch104
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig
++ CVE-2023-38559.patch ++
--- base/gdevdevn.c.orig2022-04-04 15:48:49.0 +0200
+++ base/gdevdevn.c 2023-07-26 11:31:03.873226054 +0200
@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, co
byte data = *from;
from += step;
-if (data != *from || from == end) {
+if (from >= end || data != *from) {
if (data >= 0xc0)
gp_fputc(0xc1, file);
} else {
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-07-05 15:30:24 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.23466 (New) Package is "ghostscript" Wed Jul 5 15:30:24 2023 rev:59 rq:1096685 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-04-28 16:22:42.661780032 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.23466/ghostscript.changes 2023-07-05 15:30:29.242540434 +0200 @@ -1,0 +2,12 @@ +Tue Jul 4 06:16:33 UTC 2023 - Johannes Meixner + +- CVE-2023-36664.patch fixes CVE-2023-36664 + see https://bugs.ghostscript.com/show_bug.cgi?id=706761 + "OS command injection in %pipe% access" + and https://bugs.ghostscript.com/show_bug.cgi?id=706778 + "%pipe% allowed_path bypass" + and bsc#1212711 + "permission validation mishandling for pipe devices + (with the %pipe% prefix or the | pipe character prefix)" + +--- @@ -18,9 +30,13 @@ - * New PDF Interpreter: This is an entirely new implementation written in C -(rather than PostScript, as before) - * Calling Ghostscript via the GS API is now thread safe. The one limitation -is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, -x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be -made thread safe, due to their interaction with the X11 server, those -devices have been modified to only allow one instance in an executable. - * The PSD output device now writes ICC profiles to their output files, for -improved color fidelity. + Highlights in this release include + (excerpts from the Ghostscript upstream release summary + in https://ghostscript.com/docs/9.56.1/News.htm): + * New PDF Interpreter: This is an entirely new implementation +written in C (rather than PostScript, as before) + * Calling Ghostscript via the GS API is now thread safe. The one +limitation is that the X11 devices for Unix-like systems (x11, +x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, +x11gray4 and x11mono) cannot be made thread safe, due to their +interaction with the X11 server, those devices have been +modified to only allow one instance in an executable. + * The PSD output device now writes ICC profiles to their output +files, for improved color fidelity. @@ -28,2 +44,2 @@ - * The usual round of bug fixes, compatibility changes, and incremental -improvements. + * The usual round of bug fixes, compatibility changes, and +incremental improvements. @@ -31,6 +47,17 @@ -engine. In such a build, new devices are available (pdfocr8/pdfocr24/ -pdfocr32) which render the output file to an image, OCR that image, and -output the image "wrapped" up as a PDF file, with the OCR generated text -information included as "invisible" text (in PDF terms, text rendering mode -3). -- drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream +engine. In such a build, new devices are available +(pdfocr8/pdfocr24/pdfocr32) which render the output file to an +image, OCR that image, and output the image "wrapped" up as a +PDF file, with the OCR generated text information included +as "invisible" text (in PDF terms, text rendering mode 3). +Mainly due to time constraints, we only support including +Tesseract from source included in our release packages, +and not linking to Tesseract/Leptonica shared libraries. +Whether we add this capability will be largely dependent +on community demand for the feature. See Enabling OCR +at https://www.ghostscript.com/ocr.html for more details. + For a release summary see: + https://www.ghostscript.com/doc/9.54.0/News.htm + For details see the News.htm and History9.htm files. +- Configure --without-tesseract because this requires C++ (it + might be added if Tesseract support in Ghostscript is needed). +- Drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream @@ -41 +68 @@ -- use _multibuild +- Use _multibuild @@ -46 +73 @@ -- use system zlib (bsc#1198449) +- Use system zlib (bsc#1198449) New: CVE-2023-36664.patch Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.K14BhK/_old 2023-07-05 15:30:30.318546818 +0200 +++ /var/tmp/diff_new_pack.K14BhK/_new 2023-07-05 15:30:30.322546842 +0200 @@ -53,6 +53,18 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494 # and https://bugzilla.suse.com/show_bug.cgi?id=1210062 Patch102: CVE-2023-28879.patch +# Patch103 CVE-2023-36664.patch is +# https://git.ghostscript.com/?p=ghost
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2023-04-28 16:22:32
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.1533 (New)
Package is "ghostscript"
Fri Apr 28 16:22:32 2023 rev:58 rq:1083209 version:9.56.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-04-12
12:50:56.512701084 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.1533/ghostscript.changes
2023-04-28 16:22:42.661780032 +0200
@@ -1,0 +2,5 @@
+Wed Apr 26 19:08:09 UTC 2023 - Jan Engelhardt
+
+- Replace BuildRequire on xorg-x11-devel by pkgconfig(...)
+
+---
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.8wD13w/_old 2023-04-28 16:22:48.477813980 +0200
+++ /var/tmp/diff_new_pack.8wD13w/_new 2023-04-28 16:22:48.481814003 +0200
@@ -115,8 +115,13 @@
%if "%{flavor}" != "mini"
BuildRequires: dbus-1-devel
BuildRequires: libexpat-devel
-BuildRequires: xorg-x11-devel
BuildRequires: xorg-x11-fonts
+BuildRequires: pkgconfig(ice)
+BuildRequires: pkgconfig(sm)
+BuildRequires: pkgconfig(x11)
+BuildRequires: pkgconfig(xext)
+BuildRequires: pkgconfig(xproto)
+BuildRequires: pkgconfig(xt)
%if 0%{?suse_version} == 1315
BuildRequires: cups154-devel
%else
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2023-04-12 12:50:52
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.19717 (New)
Package is "ghostscript"
Wed Apr 12 12:50:52 2023 rev:57 rq:1078390 version:9.56.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-07-29
16:46:51.842480077 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.19717/ghostscript.changes
2023-04-12 12:50:56.512701084 +0200
@@ -1,0 +2,8 @@
+Tue Apr 11 09:09:56 UTC 2023 - Johannes Meixner
+
+- CVE-2023-28879.patch fixes CVE-2023-28879
+ Buffer Overflow in s_xBCPE_process
+ cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
+ (bsc#1210062)
+
+---
New:
CVE-2023-28879.patch
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.nEquBp/_old 2023-04-12 12:50:57.456706601 +0200
+++ /var/tmp/diff_new_pack.nEquBp/_new 2023-04-12 12:50:57.464706648 +0200
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -47,6 +47,12 @@
# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
# additionally allow exec'ing hpijs in apparmor profile was needed
(bsc#1128467):
Patch101: ijs_exec_server_dont_use_sh.patch
+# Patch102 CVE-2023-28879.patch is
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=37ed5022cecd
+# that fixes CVE-2023-28879 Buffer Overflow in s_xBCPE_process
+# cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
+# and https://bugzilla.suse.com/show_bug.cgi?id=1210062
+Patch102: CVE-2023-28879.patch
BuildRequires: freetype2-devel
BuildRequires: libjpeg-devel
BuildRequires: liblcms2-devel
@@ -240,6 +246,12 @@
# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
# additionally allow exec'ing hpijs in apparmor profile was needed
(bsc#1128467):
%patch101 -p1
+# Patch102 CVE-2023-28879.patch is
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=37ed5022cecd
+# that fixes CVE-2023-28879 Buffer Overflow in s_xBCPE_process
+# cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
+# and https://bugzilla.suse.com/show_bug.cgi?id=1210062
+%patch102
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig
++ CVE-2023-28879.patch ++
--- base/sbcp.c.orig2020-03-19 09:21:42.0 +0100
+++ base/sbcp.c 2023-04-03 12:36:26.024927229 +0200
@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, strea
byte ch = *++p;
if (ch <= 31 && escaped[ch]) {
+/* Make sure we have space to store two characters in the write
buffer,
+ * if we don't then exit without consuming the input character,
we'll process
+ * that on the next time round.
+ */
+if (pw->limit - q < 2) {
+p--;
+break;
+}
if (p == rlimit) {
p--;
break;
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2022-07-29 16:46:49
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.1533 (New)
Package is "ghostscript"
Fri Jul 29 16:46:49 2022 rev:56 rq:989980 version:9.56.1
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-07-07
12:56:45.079268520 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.1533/ghostscript.changes
2022-07-29 16:46:51.842480077 +0200
@@ -1,0 +2,29 @@
+Mon Jul 18 07:28:54 UTC 2022 - Dirk M??ller
+
+- update to 9.56.1:
+ * New PDF Interpreter: This is an entirely new implementation written in C
+(rather than PostScript, as before)
+ * Calling Ghostscript via the GS API is now thread safe. The one limitation
+is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk,
+x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be
+made thread safe, due to their interaction with the X11 server, those
+devices have been modified to only allow one instance in an executable.
+ * The PSD output device now writes ICC profiles to their output files, for
+improved color fidelity.
+ * Our efforts in code hygiene and maintainability continue.
+ * The usual round of bug fixes, compatibility changes, and incremental
+improvements.
+ * We have added the capability to build with the Tesseract OCR
+engine. In such a build, new devices are available (pdfocr8/pdfocr24/
+pdfocr32) which render the output file to an image, OCR that image, and
+output the image "wrapped" up as a PDF file, with the OCR generated text
+information included as "invisible" text (in PDF terms, text rendering mode
+3).
+- drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream
+
+---
+Mon Jul 18 06:38:01 UTC 2022 - Dirk M??ller
+
+- use _multibuild
+
+---
Old:
CVE-2021-3781.patch
CVE-2021-45949.patch
ghostscript-9.54.0.tar.gz
ghostscript-mini.changes
ghostscript-mini.spec
New:
_multibuild
ghostscript-9.56.1.tar.xz
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.Hy6FYQ/_old 2022-07-29 16:46:53.030483380 +0200
+++ /var/tmp/diff_new_pack.Hy6FYQ/_new 2022-07-29 16:46:53.034483392 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package ghostscript
+# spec file
#
# Copyright (c) 2022 SUSE LLC
#
@@ -16,90 +16,26 @@
#
-Name: ghostscript
-# SLE12 needs special BuildRequires.
-# For suse_version values see
https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto
-%if 0%{?suse_version} == 1315
-# For SLE12 by default CUPS 1.7.5 is provided and alternatively CUPS 1.5.4 is
provided in the "legacy" module.
-# For SLE12 build it with traditional CUPS 1.5.4 to ensure it works on SLE12
both with CUPS 1.7.5 and CUPS 1.5.4
-# because libcups and libcupsimage in CUPS 1.7.5 are backward compatible with
CUPS 1.5.4 so that applications
-# that have been built with CUPS 1.5.4 also work under CUPS 1.7.5 but the
libraries in CUPS 1.7.5 provide
-# some additional functions so that applications that have been built with
CUPS 1.7.5 and use those
-# additional functions would not work under CUPS 1.7.5.
-# Only in the Printing project for SLE12 use cups154-ddk (a sub package of the
cups154-SLE12 source package):
-BuildRequires: cups154-devel
+%global flavor @BUILD_FLAVOR@%{nil}
+%if "%{flavor}" == "mini"
+%global psuffix -mini
%else
-# Anything what is not SLE12 (i.e. SLE11 and all openSUSE versions) have
"normal" BuildRequires:
-BuildRequires: cups-devel
+%global psuffix %{nil}
%endif
-# dbus-1-devel is needed for "configure --enable-dbus" (see below):
-BuildRequires: dbus-1-devel
-BuildRequires: freetype2-devel
-BuildRequires: libexpat-devel
-BuildRequires: libjpeg-devel
-BuildRequires: liblcms2-devel
-BuildRequires: libpng-devel
-BuildRequires: libtiff-devel
-BuildRequires: libtool
-BuildRequires: pkg-config
-BuildRequires: update-alternatives
-BuildRequires: xorg-x11-devel
-BuildRequires: xorg-x11-fonts
-BuildRequires: zlib-devel
-# Always check if latest version of penjpeg becomes compatible with ghostscript
-%if 0%{?suse_version} >= 1550
-BuildRequires: pkgconfig(libopenjp2) >= 2.3.1
-%endif
-%if 0%{?suse_version} >= 1500
-BuildRequires: apparmor-abstractions
-BuildRequires: apparmor-rpm-macros
-%endif
-Requires(post): update-alternatives
-Requires(preun):update-alternatives
-Summary:The Ghostscript interpreter for PostScript and PDF
-License:AG
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2022-07-07 12:56:31
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.1523 (New)
Package is "ghostscript"
Thu Jul 7 12:56:31 2022 rev:55 rq:987199 version:9.54.0
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-04-19
09:58:05.883551284 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.1523/ghostscript.changes
2022-07-07 12:56:45.079268520 +0200
@@ -1,0 +2,5 @@
+Wed Apr 13 11:12:39 UTC 2022 - Dirk M??ller
+
+- use system zlib (bsc#1198449)
+
+---
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.5m4tTg/_old 2022-07-07 12:56:46.007269902 +0200
+++ /var/tmp/diff_new_pack.5m4tTg/_new 2022-07-07 12:56:46.011269908 +0200
@@ -346,6 +346,7 @@
%if 0%{?suse_version} >= 1550
rm -rf openjpeg
%endif
+rm -rf zlib
# In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1
# because that is what Ghostscript upstream recommends according to
# https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html
@@ -413,6 +414,7 @@
--enable-openjpeg \
--enable-dynamic \
--disable-compile-inits \
+ --without-local-zlib \
--with-ijs \
--enable-cups \
--with-drivers=ALL \
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2022-04-19 09:58:01
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.1941 (New)
Package is "ghostscript"
Tue Apr 19 09:58:01 2022 rev:54 rq:970583 version:9.54.0
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-01-14
23:13:15.858632706 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.1941/ghostscript.changes
2022-04-19 09:58:05.883551284 +0200
@@ -1,0 +2,6 @@
+Thu Apr 7 08:14:51 UTC 2022 - Frederic Crozat
+
+- Do no longer require apparmor-abstractions, it is not mandatory
+ to use Ghostscript (bsc#1134289).
+
+---
Other differences:
--
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.fYnj3o/_old 2022-04-19 09:58:06.675552313 +0200
+++ /var/tmp/diff_new_pack.fYnj3o/_new 2022-04-19 09:58:06.679552318 +0200
@@ -53,7 +53,6 @@
%if 0%{?suse_version} >= 1500
BuildRequires: apparmor-abstractions
BuildRequires: apparmor-rpm-macros
-Requires: apparmor-abstractions
%endif
Requires(post): update-alternatives
Requires(preun):update-alternatives
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2022-01-14 23:12:43 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1892 (New) Package is "ghostscript" Fri Jan 14 23:12:43 2022 rev:53 rq:945779 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-09-13 16:25:10.582789466 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1892/ghostscript-mini.changes 2022-01-14 23:13:15.826632685 +0100 @@ -1,0 +2,11 @@ +Tue Jan 11 13:40:10 CET 2022 - jsm...@suse.de + +- CVE-2021-45949.patch fixes CVE-2021-45949 + heap-based buffer overflow in sampled_data_finish + cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml + (bsc#1194304) +- CVE-2021-45944 use-after-free in sampled_data_sample + is already fixed in the Ghostscript 9.54.0 upstream sources + (bsc#1194303) + +--- ghostscript.changes: same change New: CVE-2021-45949.patch Other differences: -- ++ ghostscript-mini.spec ++ --- /var/tmp/diff_new_pack.yrTocG/_old 2022-01-14 23:13:16.566633162 +0100 +++ /var/tmp/diff_new_pack.yrTocG/_new 2022-01-14 23:13:16.570633165 +0100 @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -89,6 +89,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 Patch102: CVE-2021-3781.patch +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish +# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml +# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 +Patch103: CVE-2021-45949.patch # RPM dependencies: # The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" # so other packages can build with any available Ghostscript implementation, @@ -172,6 +178,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 %patch102 -p1 +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish +# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml +# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 +%patch103 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.yrTocG/_old 2022-01-14 23:13:16.586633175 +0100 +++ /var/tmp/diff_new_pack.yrTocG/_new 2022-01-14 23:13:16.590633178 +0100 @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -118,6 +118,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 Patch102: CVE-2021-3781.patch +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish +# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml +# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 +Patch103: CVE-2021-45949.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -313,6 +319,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 %patch102 -p1 +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# tha
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2021-09-13 16:24:27 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1899 (New) Package is "ghostscript" Mon Sep 13 16:24:27 2021 rev:52 rq:917942 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-06-01 10:33:53.172447799 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1899/ghostscript-mini.changes 2021-09-13 16:25:10.582789466 +0200 @@ -1,0 +2,8 @@ +Fri Sep 10 09:37:46 CEST 2021 - jsm...@suse.de + +- CVE-2021-3781.patch fixes CVE-2021-3781 + Trivial -dSAFER bypass + cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 + (bsc#1190381) + +--- ghostscript.changes: same change New: CVE-2021-3781.patch Other differences: -- ++ ghostscript-mini.spec ++ --- /var/tmp/diff_new_pack.Yq2PaE/_old 2021-09-13 16:25:11.354790359 +0200 +++ /var/tmp/diff_new_pack.Yq2PaE/_new 2021-09-13 16:25:11.358790363 +0200 @@ -83,6 +83,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +Patch102: CVE-2021-3781.patch # RPM dependencies: # The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" # so other packages can build with any available Ghostscript implementation, @@ -160,6 +166,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +%patch102 -p1 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.Yq2PaE/_old 2021-09-13 16:25:11.386790396 +0200 +++ /var/tmp/diff_new_pack.Yq2PaE/_new 2021-09-13 16:25:11.390790400 +0200 @@ -112,6 +112,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +Patch102: CVE-2021-3781.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -301,6 +307,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +%patch102 -p1 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ CVE-2021-3781.patch ++ >From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 From: Chris Liddell Date: Tue, 7 Sep 2021 20:36:12 +0100 Subject: [PATCH] Bug 704342: Include device specifier strings in access validation for the "%pipe%", %handle%" and %printer% io devices. We previously validated only the part after the "%pipe%" Postscript device specifier, but this proved insufficient. This rebuilds the original file name string, and validates it complete. The slight complication for "%pipe%" is it can be reached implicitly using "|" so we have to check both prefixes. Addresses CVE-2021-3781 --- base/gdevpipe.c | 22 +++- base/gp_mshdl.c | 11 +++- base/gp_msprn.c
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2021-06-01 10:33:40 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1898 (New) Package is "ghostscript" Tue Jun 1 10:33:40 2021 rev:51 rq:895991 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-04-18 21:44:55.236702580 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1898/ghostscript-mini.changes 2021-06-01 10:33:53.172447799 +0200 @@ -2 +2,39 @@ -Wed Apr 14 11:57:25 UTC 2021 - Wolfgang Frisch +Fri May 21 13:40:56 CEST 2021 - jsm...@suse.de + +- Version upgrade to 9.54.0 + Highlights in this release include + (excerpts from the Ghostscript upstream release summary + in https://www.ghostscript.com/doc/9.54.0/News.htm): + * The 9.54.0 release is a maintenance release, +and also adds new functionality. + * Overprint simulation is now available to all output devices, +allowing quality previewing/proofing of PostScript and +PDF jobs that rely on overprint. See the -dOverprint option +documentation in: doc/9.54.0/Use.htm#Overprint + * The "docxwrite" device adds the ability to output +to Microsoft Word "docx" format. +See: doc/9.54.0/VectorDevices.htm#DOCX + * The pdfwrite device is now capable of using the Tesseract OCR +engine when it is built into Ghostscript to improve +searchability and copy and paste functionality when the input +lacks the metadata for that purpose. +See: doc/9.54.0/VectorDevices.htm#UseOCR + * Ghostscript/GhostPDL now includes a "map text to black" +function, where text drawn by an input job (except when drawn +using a Type 3 font) can be forced to draw in solid black. +See: doc/9.54.0/Use.htm#BlackText + * Ghostscript/GhostPDL now supports simple N-up imposition +"internally". See: doc/9.54.0/Use.htm#NupControl + * Our efforts in code hygiene and maintainability continue. + * The usual round of bug fixes, compatibility changes, +and incremental improvements. + * For a list of open issues, or to report problems, please visit +bugs.ghostscript.com + For a release summary see: + https://www.ghostscript.com/doc/9.54.0/News.htm + For details see the News.htm and History9.htm files. +- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer + needed because it is fixed in the upstream sources. + +--- +Wed Apr 14 11:56:22 UTC 2021 - Wolfgang Frisch --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2021-04-18 21:44:55.284702661 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1898/ghostscript.changes 2021-06-01 10:33:53.256447942 +0200 @@ -1,0 +2,38 @@ +Fri May 21 13:40:56 CEST 2021 - jsm...@suse.de + +- Version upgrade to 9.54.0 + Highlights in this release include + (excerpts from the Ghostscript upstream release summary + in https://www.ghostscript.com/doc/9.54.0/News.htm): + * The 9.54.0 release is a maintenance release, +and also adds new functionality. + * Overprint simulation is now available to all output devices, +allowing quality previewing/proofing of PostScript and +PDF jobs that rely on overprint. See the -dOverprint option +documentation in: doc/9.54.0/Use.htm#Overprint + * The "docxwrite" device adds the ability to output +to Microsoft Word "docx" format. +See: doc/9.54.0/VectorDevices.htm#DOCX + * The pdfwrite device is now capable of using the Tesseract OCR +engine when it is built into Ghostscript to improve +searchability and copy and paste functionality when the input +lacks the metadata for that purpose. +See: doc/9.54.0/VectorDevices.htm#UseOCR + * Ghostscript/GhostPDL now includes a "map text to black" +function, where text drawn by an input job (except when drawn +using a Type 3 font) can be forced to draw in solid black. +See: doc/9.54.0/Use.htm#BlackText + * Ghostscript/GhostPDL now supports simple N-up imposition +"internally". See: doc/9.54.0/Use.htm#NupControl + * Our efforts in code hygiene and maintainability continue. + * The usual round of bug fixes, compatibility changes, +and incremental improvements. + * For a list of open issues, or to report problems, please visit +bugs.ghostscript.com + For a release summary see: + https://www.ghostscript.com/doc/9.54.0/News.htm + For details see the News.htm and History9.htm files. +- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer + needed because it is fixed in the upstream sources. + +--- Old: 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch ghostscript-9.53.3.ta
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2021-04-18 21:44:42
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.12324 (New)
Package is "ghostscript"
Sun Apr 18 21:44:42 2021 rev:50 rq:885580 version:9.53.3
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes
2021-04-14 10:10:27.341440665 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.12324/ghostscript-mini.changes
2021-04-18 21:44:55.236702580 +0200
@@ -1,0 +2,5 @@
+Wed Apr 14 11:57:25 UTC 2021 - Wolfgang Frisch
+
+- Hardening: compile with PIC, link as PIE
+
+---
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2020-10-23
12:19:25.796561718 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.12324/ghostscript.changes
2021-04-18 21:44:55.284702661 +0200
@@ -1,0 +2,5 @@
+Wed Apr 14 11:56:22 UTC 2021 - Wolfgang Frisch
+
+- Hardening: compile with PIC, link as PIE
+
+---
Other differences:
--
++ ghostscript-mini.spec ++
--- /var/tmp/diff_new_pack.QWWNPV/_old 2021-04-18 21:44:56.000703871 +0200
+++ /var/tmp/diff_new_pack.QWWNPV/_new 2021-04-18 21:44:56.000703871 +0200
@@ -215,8 +215,9 @@
# Derive build timestamp from latest changelog entry
export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes
| tail -n 1 | cut -d- -f1 )" +%s)
# Set our preferred architecture-specific flags for the compiler and linker:
-export CFLAGS="%{optflags} -fno-strict-aliasing"
-export CXXFLAGS="%{optflags} -fno-strict-aliasing"
+export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC"
+export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC"
+export LDFLAGS="-pie"
autoreconf -fi
# --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used.
# --disable-cups and --without-pdftoraster
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.QWWNPV/_old 2021-04-18 21:44:56.016703898 +0200
+++ /var/tmp/diff_new_pack.QWWNPV/_new 2021-04-18 21:44:56.020703905 +0200
@@ -356,8 +356,9 @@
# Derive build timestamp from latest changelog entry
export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes
| tail -n 1 | cut -d- -f1 )" +%s)
# Set our preferred architecture-specific flags for the compiler and linker:
-export CFLAGS="%{optflags} -fno-strict-aliasing"
-export CXXFLAGS="%{optflags} -fno-strict-aliasing"
+export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC"
+export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC"
+export LDFLAGS="-pie"
autoreconf -fi
# --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used.
# --enable-cups but no longer --with-pdftoraster --enable-dbus
--with-install-cups because
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2021-04-14 10:10:12
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.2401 (New)
Package is "ghostscript"
Wed Apr 14 10:10:12 2021 rev:49 rq:881824 version:9.53.3
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes
2021-03-16 15:44:12.677018640 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.2401/ghostscript-mini.changes
2021-04-14 10:10:27.341440665 +0200
@@ -1,0 +2,16 @@
+Fri Mar 26 13:42:05 UTC 2021 - Dominique Leuenberger
+
+- Do not rely on apparmor at all for the -mini flavor:
+ + Drop apparmor-abstraction and apparmor-rpm-macros
+BuildRequires.
+ + Do not package apparmor files.
+
+---
+Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger
+
+- Do not require apparmor-abstractions: with the mini package being
+ used only during build (and never on end user workstations),
+ apparmor is not going to be enabled (build is in chroot/vm).
+ Keeping the dep-chain of the -mini flavor as small as possible.
+
+---
Other differences:
--
++ ghostscript-mini.spec ++
--- /var/tmp/diff_new_pack.T2JnMl/_old 2021-04-14 10:10:28.133442002 +0200
+++ /var/tmp/diff_new_pack.T2JnMl/_new 2021-04-14 10:10:28.137442009 +0200
@@ -26,13 +26,8 @@
BuildRequires: pkg-config
BuildRequires: update-alternatives
BuildRequires: zlib-devel
-%if 0%{?suse_version} >= 1500
-BuildRequires: apparmor-abstractions
-BuildRequires: apparmor-rpm-macros
-Requires: apparmor-abstractions
-%endif
Requires(post): update-alternatives
-Requires(preun): update-alternatives
+Requires(preun):update-alternatives
Summary:Minimal Ghostscript for minimal build requirements
License:AGPL-3.0-only
Group: Productivity/Office/Other
@@ -104,9 +99,9 @@
# in openSUSE products, cf. https://build.opensuse.org/request/show/877083
Provides: ghostscript_any = %{version}
Conflicts: ghostscript
-Conflicts: ghostscript-x11
Conflicts: ghostscript-devel
Conflicts: ghostscript-library
+Conflicts: ghostscript-x11
# Install into this non-root directory (required when norootforbuild is used):
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -149,9 +144,9 @@
Group: Development/Libraries/C and C++
Requires: ghostscript-mini = %{version}
Conflicts: ghostscript
-Conflicts: ghostscript-x11
Conflicts: ghostscript-devel
Conflicts: ghostscript-library
+Conflicts: ghostscript-x11
%description devel
This package contains the development files for Minimal Ghostscript.
@@ -349,7 +344,6 @@
# Switch back to the usual build log messages:
set -x
install -m 644 catalog.devices $DOCDIR
-install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript
# Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives
install -d %buildroot%{_sysconfdir}/alternatives
@@ -359,9 +353,6 @@
%post
/sbin/ldconfig
-%if 0%{?suse_version} >= 1500
-%apparmor_reload /etc/apparmor.d/ghostscript
-%endif
%{_sbindir}/update-alternatives \
--install %{_bindir}/gs gs %{_bindir}/gs.bin 15
@@ -449,10 +440,6 @@
%{_libdir}/libgs.so.*
%{_libdir}/ghostscript/
%{_libdir}/libijs-0.35.so
-%if 0%{?suse_version} < 1500
-%dir %{_sysconfdir}/apparmor.d
-%endif
-%{_sysconfdir}/apparmor.d/ghostscript
%files devel
%defattr(-,root,root)
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.T2JnMl/_old 2021-04-14 10:10:28.161442050 +0200
+++ /var/tmp/diff_new_pack.T2JnMl/_new 2021-04-14 10:10:28.165442056 +0200
@@ -56,7 +56,7 @@
Requires: apparmor-abstractions
%endif
Requires(post): update-alternatives
-Requires(preun): update-alternatives
+Requires(preun):update-alternatives
Summary:The Ghostscript interpreter for PostScript and PDF
License:AGPL-3.0-only
Group: Productivity/Office/Other
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory
checked in at 2021-03-16 15:43:06
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.2401 (New)
Package is "ghostscript"
Tue Mar 16 15:43:06 2021 rev:48 rq:879172 version:9.53.3
Changes:
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes
2020-10-23 12:19:25.756561697 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.2401/ghostscript-mini.changes
2021-03-16 15:44:12.677018640 +0100
@@ -1,0 +2,6 @@
+Fri Mar 5 12:35:16 UTC 2021 - Dominique Leuenberger
+
+- Provide ghostscript_any by ghostscript-mini: this is a valid
+ replacement for consumers.
+
+---
Other differences:
--
++ ghostscript-mini.spec ++
--- /var/tmp/diff_new_pack.zCFHm8/_old 2021-03-16 15:44:13.401019799 +0100
+++ /var/tmp/diff_new_pack.zCFHm8/_new 2021-03-16 15:44:13.401019799 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ghostscript-mini
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -93,6 +93,16 @@
# additionally allow exec'ing hpijs in apparmor profile was needed
(bsc#1128467):
Patch101: ijs_exec_server_dont_use_sh.patch
# RPM dependencies:
+# The "Provides: ghostscript_any" is there to support "BuildRequires:
ghostscript_any"
+# so other packages can build with any available Ghostscript implementation,
+# either ghostscript or ghostscript-mini ("BuildRequires: ghostscript-mini"
should not
+# be used because ghostscript-mini does not exist outside of OBS so other
packages that
+# use "BuildRequires: ghostscript-mini" could not be built in published
products).
+# The "Provides: ghostscript_any" does not affect end-users who should not get
+# ghostscript-mini installed (but only the full featured ghostscript package)
+# because ghostscript-mini (and ghostscript-mini-devel) are not published
+# in openSUSE products, cf. https://build.opensuse.org/request/show/877083
+Provides: ghostscript_any = %{version}
Conflicts: ghostscript
Conflicts: ghostscript-x11
Conflicts: ghostscript-devel
++ ghostscript.spec ++
--- /var/tmp/diff_new_pack.zCFHm8/_old 2021-03-16 15:44:13.417019824 +0100
+++ /var/tmp/diff_new_pack.zCFHm8/_new 2021-03-16 15:44:13.421019831 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ghostscript
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -153,7 +153,16 @@
# hylafax Requires gs_lib
# graphviz-plugins BuildRequires ghostscript-mini
# Provide the additional RPM Provides of the ghostscript-library package
-# (ghostscript_x11 is provided by the ghostscript-x11 sub-package, see below):
+# (ghostscript_x11 is provided by the ghostscript-x11 sub-package, see below).
+# The "Provides: ghostscript_any" is there to support "BuildRequires:
ghostscript_any"
+# so other packages can build with any available Ghostscript implementation,
+# either ghostscript or ghostscript-mini ("BuildRequires: ghostscript-mini"
should not
+# be used because ghostscript-mini does not exist outside of OBS so other
packages that
+# use "BuildRequires: ghostscript-mini" could not be built in published
products).
+# The "Provides: ghostscript_any" does not affect end-users who should not get
+# ghostscript-mini installed (but only the full featured ghostscript package)
+# because ghostscript-mini (and ghostscript-mini-devel) are not published
+# in openSUSE products, cf. https://build.opensuse.org/request/show/877083
Provides: ghostscript_any
Provides: gs
Provides: gs_lib
