commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2024-07-03 20:28:11 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.18349 (New) Package is "ghostscript" Wed Jul 3 20:28:11 2024 rev:67 rq:1184313 version:10.03.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2024-03-26 19:29:26.813761651 +0100 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.18349/ghostscript.changes 2024-07-03 20:29:25.351137486 +0200 @@ -1,0 +2,23 @@ +Mon Jul 1 11:56:34 UTC 2024 - Johannes Meixner + +- Version upgrade to 10.03.1: + Highlights in this release include: + See 'Recent Changes in Ghostscript' at Ghostscript upstream + https://ghostscript.readthedocs.io/en/gs10.03.1/News.html + * Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870, +CVE-2024-33871 and CVE-2024-29510 +- Regarding CVE-2024-33869 see bsc#1226946 and + https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 + https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 + https://bugs.ghostscript.com/show_bug.cgi?id=707691 +- Regarding CVE-2023-52722 see bsc#1223852 and + https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1 +- Regarding CVE-2024-33870 see bsc#1226944 and + https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 + https://bugs.ghostscript.com/show_bug.cgi?id=707686 +- Regarding CVE-2024-33871 see bsc#1225491 and + https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 +- Regarding CVE-2024-29510 see bsc#1226945 and + https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f + +--- Old: ghostscript-10.03.0.tar.xz New: ghostscript-10.03.1.tar.gz Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.h23HD1/_old 2024-07-03 20:29:26.503179651 +0200 +++ /var/tmp/diff_new_pack.h23HD1/_new 2024-07-03 20:29:26.507179798 +0200 @@ -24,13 +24,19 @@ %bcond_without apparmor %endif Name: ghostscript%{psuffix} -Version:10.03.0 +Version:10.03.1 Release:0 Summary:The Ghostscript interpreter for PostScript and PDF License:AGPL-3.0-only Group: Productivity/Office/Other URL:https://www.ghostscript.com/ -Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10030/ghostscript-10.03.0.tar.xz +# How to manually get Source0: +# Go to https://www.ghostscript.com +# -> "The current Ghostscript release 10.03.1 can be downloaded here" https://www.ghostscript.com/releases/index.html +# -> "Ghostscript" https://www.ghostscript.com/releases/gsdnld.html +# -> "Ghostscript 10.03.1 Source for all platforms / GNU Affero General Public License" = "Ghostscript AGPL Release" +# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz +Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/ghostscript-10.03.1.tar.gz Source10: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream:
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2024-03-06 23:03:18 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1770 (New) Package is "ghostscript" Wed Mar 6 23:03:18 2024 rev:65 rq:1155021 version:10.02.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2024-01-29 22:26:41.344384646 +0100 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1770/ghostscript.changes 2024-03-06 23:03:31.251114414 +0100 @@ -1,0 +2,10 @@ +Tue Feb 27 10:59:43 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +--- +Thu Feb 22 09:07:33 UTC 2024 - Thorsten Kukuk + +- Allow to disable apparmor support (ALP supports only SELinux) + +--- Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.PdudSK/_old 2024-03-06 23:03:33.323189536 +0100 +++ /var/tmp/diff_new_pack.PdudSK/_new 2024-03-06 23:03:33.323189536 +0100 @@ -21,6 +21,7 @@ %global psuffix -mini %else %global psuffix %{nil} +%bcond_without apparmor %endif Name: ghostscript%{psuffix} Version:10.02.1 @@ -78,11 +79,13 @@ %else BuildRequires: cups-devel %endif +%if %{with apparmor} %if 0%{?suse_version} >= 1500 BuildRequires: apparmor-abstractions BuildRequires: apparmor-rpm-macros %endif %endif +%endif # Always check if latest version of openjpeg becomes compatible with ghostscript %if 0%{?suse_version} >= 1550 BuildRequires: pkgconfig(libopenjp2) >= 2.3.1 @@ -159,7 +162,7 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): -%patch101 -p1 +%patch -P 101 -p1 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig @@ -305,9 +308,11 @@ # Switch back to the usual build log messages: set -x install -m 644 catalog.devices $DOCDIR +%if %{with apparmor} %if "%{flavor}" != "mini" install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript %endif +%endif # Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives install -d %{buildroot}%{_sysconfdir}/alternatives @@ -317,11 +322,13 @@ %post /sbin/ldconfig +%if %{with apparmor} %if "%{flavor}" != "mini" %if 0%{?suse_version} >= 1500 %apparmor_reload %{_sysconfdir}/apparmor.d/ghostscript %endif %endif +%endif %{_sbindir}/update-alternatives \ --install %{_bindir}/gs gs %{_bindir}/gs.bin 15 @@ -399,10 +406,12 @@ %{_libdir}/libijs-0.35.so %if "%{flavor}" != "mini" %exclude %{_libdir}/ghostscript/%{version}/X11.so +%if %{with apparmor} %if 0%{?suse_version} < 1500 %dir %{_sysconfdir}/apparmor.d %endif %{_sysconfdir}/apparmor.d/ghostscript +%endif %files x11 %{_libdir}/ghostscript/%{version}/X11.so
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2024-01-29 22:26:38 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1815 (New) Package is "ghostscript" Mon Jan 29 22:26:38 2024 rev:64 rq:1142081 version:10.02.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2024-01-04 15:56:52.463372340 +0100 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1815/ghostscript.changes 2024-01-29 22:26:41.344384646 +0100 @@ -1,0 +2,35 @@ +Sun Jan 28 10:39:57 UTC 2024 - Dirk Müller + +- update to 10.02.1: + * Patch release to address some security bugs + * This release (10.02.0) marks the final demise of the +PostScript based PDF interpreter. + * This 10.01.1 release removes the "-dNEWPDF=false" command +line option to fall back to the deprecated, old PDF +interpreter. + * This 10.01.0 release removes the "-dNEWPDF=false" command +line option to fall back to the deprecated, old PDF +interpreter. + * This release officially deprecates the old Postscript +implementation of PDF, we will not be updating or maintaining +that code moving forward. The option to use the old PDF +implementation _**will**_ be removed in the next full release +(10.01.0) + * Important: This release includes the new PDF interpreter +(implemented in C rather than PostScript). It is both +integrated into Ghostscript (now ENABLED by default), and +available as a standalone, PDF only, binary. See +https://ghostscript.com/pdfi.html for more details. + * This also bundles the latest zlib (1.2.12) which addresses a +security issue (CVE-2018-25032) + * **Important**: This release includes the new PDF interpreter +(implemented in C rather than PostScript). It is both +integrated into Ghostscript (now **ENABLED** by default), and +available as a standalone, PDF only, binary. See +https://ghostscript.com/pdfi.html for more details. +- drop CVE-2023-28879.patch, CVE-2023-36664.patch, + CVE-2023-38559.patch, CVE-2023-43115.patch, + CVE-2023-46751.patch: upstream +- drop remove-zlib-h-dependency.patch: unused + +--- Old: CVE-2023-28879.patch CVE-2023-36664.patch CVE-2023-38559.patch CVE-2023-43115.patch CVE-2023-46751.patch ghostscript-9.56.1.tar.xz remove-zlib-h-dependency.patch New: ghostscript-10.02.1.tar.xz BETA DEBUG BEGIN: Old:https://ghostscript.com/pdfi.html for more details. - drop CVE-2023-28879.patch, CVE-2023-36664.patch, CVE-2023-38559.patch, CVE-2023-43115.patch, Old:https://ghostscript.com/pdfi.html for more details. - drop CVE-2023-28879.patch, CVE-2023-36664.patch, CVE-2023-38559.patch, CVE-2023-43115.patch, Old:- drop CVE-2023-28879.patch, CVE-2023-36664.patch, CVE-2023-38559.patch, CVE-2023-43115.patch, CVE-2023-46751.patch: upstream Old:- drop CVE-2023-28879.patch, CVE-2023-36664.patch, CVE-2023-38559.patch, CVE-2023-43115.patch, CVE-2023-46751.patch: upstream Old: CVE-2023-38559.patch, CVE-2023-43115.patch, CVE-2023-46751.patch: upstream - drop remove-zlib-h-dependency.patch: unused Old: CVE-2023-46751.patch: upstream - drop remove-zlib-h-dependency.patch: unused BETA DEBUG END: Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.iGYDiX/_old 2024-01-29 22:26:42.500426548 +0100 +++ /var/tmp/diff_new_pack.iGYDiX/_new 2024-01-29 22:26:42.500426548 +0100 @@ -1,5 +1,5 @@ # -# spec file +# spec file for package ghostscript # # Copyright (c) 2024 SUSE LLC # @@ -22,75 +22,23 @@ %else %global psuffix %{nil} %endif -# built_version is used below in the install and files sections: -# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". -# For Ghostscript releases built_version and version are the same (i.e. the upstream version): -%define built_version %{version} Name: ghostscript%{psuffix} -Version:9.56.1 +Version:10.02.1 Release:0 Summary:The Ghostscript interpreter for PostScript and PDF License:AGPL-3.0-only Group: Productivity/Office/Other URL:https://www.ghostscript.com/ -# sha512:fe5a5103c081dd87cf8b3e0bbbd0df004c0e4e04e41bded7c70372916e6e26249a0e8fa434b561292964c5f3820ee6c60ef1557827a6efb5676012ccb73ded85 -Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9561/ghostscript-%{version}.tar.xz +Source0: https://github.com/ArtifexSoftware/ghostp
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2024-01-04 15:55:37 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.28375 (New) Package is "ghostscript" Thu Jan 4 15:55:37 2024 rev:63 rq:1136517 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-12-19 23:15:50.661559511 +0100 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.28375/ghostscript.changes 2024-01-04 15:56:52.463372340 +0100 @@ -1,0 +2,11 @@ +Wed Jan 3 12:15:46 UTC 2024 - Johannes Meixner + +- CVE-2023-46751.patch is + https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 + adapted for Ghostscript-9.56.1 that fixes + https://bugs.ghostscript.com/show_bug.cgi?id=707264 + which includes a fix for CVE-2023-46751 + "dangling pointer in gdev_prn_open_printer_seekable()" + (bsc#1217871) + +--- New: CVE-2023-46751.patch BETA DEBUG BEGIN: New: - CVE-2023-46751.patch is https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 BETA DEBUG END: Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.EYlqGH/_old 2024-01-04 15:56:53.275402004 +0100 +++ /var/tmp/diff_new_pack.EYlqGH/_new 2024-01-04 15:56:53.279402150 +0100 @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -83,6 +83,14 @@ # see https://bugs.ghostscript.com/show_bug.cgi?id=707051 # and https://bugzilla.suse.com/show_bug.cgi?id=1215466 Patch105: CVE-2023-43115.patch +# Patch106 CVE-2023-46751.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 +# adapted for Ghostscript-9.56.1 that fixes +# https://bugs.ghostscript.com/show_bug.cgi?id=707264 +# which includes a fix for CVE-2023-46751 +# "dangling pointer in gdev_prn_open_printer_seekable()" +# see https://bugzilla.suse.com/show_bug.cgi?id=1217871 +Patch106: CVE-2023-46751.patch # Build Requirements: BuildRequires: freetype2-devel BuildRequires: libjpeg-devel @@ -318,6 +326,14 @@ # see https://bugs.ghostscript.com/show_bug.cgi?id=707051 # and https://bugzilla.suse.com/show_bug.cgi?id=1215466 %patch105 +# Patch106 CVE-2023-46751.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 +# adapted for Ghostscript-9.56.1 that fixes +# https://bugs.ghostscript.com/show_bug.cgi?id=707264 +# which includes a fix for CVE-2023-46751 +# "dangling pointer in gdev_prn_open_printer_seekable()" +# see https://bugzilla.suse.com/show_bug.cgi?id=1217871 +%patch106 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ CVE-2023-46751.patch ++ --- base/gdevprn.c.orig 2022-04-04 15:48:49.0 +0200 +++ base/gdevprn.c 2024-01-03 12:53:20.009504451 +0100 @@ -1268,6 +1268,7 @@ gdev_prn_open_printer_seekable(gx_device && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) { code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file); +ppdev->file = NULL; if (code < 0) return code; } --- devices/gdevtsep.c.orig 2022-04-04 15:48:49.0 +0200 +++ devices/gdevtsep.c 2024-01-03 13:04:42.048210048 +0100 @@ -736,6 +736,7 @@ tiffsep_initialize_device_procs(gx_devic { gdev_prn_initialize_device_procs(dev); +set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); set_dev_proc(dev, open_device, tiffsep_prn_open); set_dev_proc(dev, close_device, tiffsep_prn_close); set_dev_proc(dev, map_color_rgb, tiffsep_decode_color);
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-12-19 23:15:38 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.9037 (New) Package is "ghostscript" Tue Dec 19 23:15:38 2023 rev:62 rq:1133909 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-09-21 22:14:05.945378183 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.9037/ghostscript.changes 2023-12-19 23:15:50.661559511 +0100 @@ -1,0 +2,5 @@ +Mon Dec 18 12:50:20 UTC 2023 - Dominique Leuenberger + +- Recommend cups-filters only when cups is present. + +--- Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.cBGDMN/_old 2023-12-19 23:15:51.417587042 +0100 +++ /var/tmp/diff_new_pack.cBGDMN/_new 2023-12-19 23:15:51.417587042 +0100 @@ -187,7 +187,7 @@ # this package ghostscript should replace any version of ghostscript-mini. Obsoletes: ghostscript-mini %if 0%{?suse_version} > 1210 -Recommends: cups-filters-ghostscript +Recommends: (cups-filters-ghostscript if cups) %endif %endif
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-09-21 22:13:31 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1770 (New) Package is "ghostscript" Thu Sep 21 22:13:31 2023 rev:61 rq:1112467 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-07-27 16:50:19.369649622 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1770/ghostscript.changes 2023-09-21 22:14:05.945378183 +0200 @@ -1,0 +2,10 @@ +Wed Sep 20 06:23:44 UTC 2023 - Johannes Meixner + +- CVE-2023-43115.patch is + https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 + that fixes CVE-2023-43115 "remote code execution + via crafted PostScript documents in gdevijs.c" + see https://bugs.ghostscript.com/show_bug.cgi?id=707051 + (bsc#1215466) + +--- New: CVE-2023-43115.patch Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.hThBJS/_old 2023-09-21 22:14:07.761444094 +0200 +++ /var/tmp/diff_new_pack.hThBJS/_new 2023-09-21 22:14:07.761444094 +0200 @@ -76,6 +76,14 @@ # as the already fixed CVE-2020-16305 in devices/gdevpcx.c # see https://bugs.ghostscript.com/show_bug.cgi?id=701819 Patch104: CVE-2023-38559.patch +# Patch105 CVE-2023-43115.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 +# that fixes CVE-2023-43115 +# "remote code execution via crafted PostScript documents in gdevijs.c" +# see https://bugs.ghostscript.com/show_bug.cgi?id=707051 +# and https://bugzilla.suse.com/show_bug.cgi?id=1215466 +Patch105: CVE-2023-43115.patch +# Build Requirements: BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: liblcms2-devel @@ -303,6 +311,13 @@ # as the already fixed CVE-2020-16305 in devices/gdevpcx.c # see https://bugs.ghostscript.com/show_bug.cgi?id=701819 %patch104 +# Patch105 CVE-2023-43115.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 +# that fixes CVE-2023-43115 +# "remote code execution via crafted PostScript documents in gdevijs.c" +# see https://bugs.ghostscript.com/show_bug.cgi?id=707051 +# and https://bugzilla.suse.com/show_bug.cgi?id=1215466 +%patch105 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ CVE-2023-43115.patch ++ --- devices/gdevijs.c.orig 2022-04-04 15:48:49.0 +0200 +++ devices/gdevijs.c 2023-09-20 08:18:09.178777690 +0200 @@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev) static const char rgb[] = "DeviceRGB"; gx_device_ijs *ijsdev = (gx_device_ijs *)dev; +if (ijsdev->memory->gs_lib_ctx->core->path_control_active) +return_error(gs_error_invalidaccess); if (!ijsdev->ColorSpace) { ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1, "gsijs_initialize"); @@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_para if (code >= 0) code = gsijs_read_string(plist, "IjsServer", ijsdev->IjsServer, sizeof(ijsdev->IjsServer), -dev->LockSafetyParams, is_open); +ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); if (code >= 0) code = gsijs_read_string_malloc(plist, "DeviceManufacturer",
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-07-27 16:50:03 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.32662 (New) Package is "ghostscript" Thu Jul 27 16:50:03 2023 rev:60 rq:1100803 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-07-05 15:30:29.242540434 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.32662/ghostscript.changes 2023-07-27 16:50:19.369649622 +0200 @@ -1,0 +2,12 @@ +Wed Jul 26 09:35:33 UTC 2023 - Johannes Meixner + +- CVE-2023-38559.patch fixes CVE-2023-38559 + "out of bounds read devn_pcx_write_rle() could result in DoS" + see bsc#1213637 + and https://bugs.ghostscript.com/show_bug.cgi?id=706897 + which is in base/gdevdevn.c the same issue + "ordering in if expression to avoid out-of-bounds access" + as the already fixed CVE-2020-16305 in devices/gdevpcx.c + see https://bugs.ghostscript.com/show_bug.cgi?id=701819 + +--- New: CVE-2023-38559.patch Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.Q85EXs/_old 2023-07-27 16:50:20.385655363 +0200 +++ /var/tmp/diff_new_pack.Q85EXs/_new 2023-07-27 16:50:20.393655408 +0200 @@ -65,6 +65,17 @@ # and https://bugzilla.suse.com/show_bug.cgi?id=1212711 # "permission validation mishandling for pipe devices (with the %pipe% prefix or the | pipe character prefix)" Patch103: CVE-2023-36664.patch +# Patch104 CVE-2023-38559.patch is for Ghostscript-9.56.1 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 +# that fixes CVE-2023-38559 +# "out of bounds read devn_pcx_write_rle() could result in DoS" +# see https://bugzilla.suse.com/show_bug.cgi?id=1213637 +# and https://bugs.ghostscript.com/show_bug.cgi?id=706897 +# which is in base/gdevdevn.c the same issue +# "ordering in if expression to avoid out-of-bounds access" +# as the already fixed CVE-2020-16305 in devices/gdevpcx.c +# see https://bugs.ghostscript.com/show_bug.cgi?id=701819 +Patch104: CVE-2023-38559.patch BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: liblcms2-devel @@ -281,6 +292,17 @@ # and https://bugzilla.suse.com/show_bug.cgi?id=1212711 # "permission validation mishandling for pipe devices (with the %pipe% prefix or the | pipe character prefix)" %patch103 +# Patch104 CVE-2023-38559.patch is for Ghostscript-9.56.1 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 +# that fixes CVE-2023-38559 +# "out of bounds read devn_pcx_write_rle() could result in DoS" +# see https://bugzilla.suse.com/show_bug.cgi?id=1213637 +# and https://bugs.ghostscript.com/show_bug.cgi?id=706897 +# which is in base/gdevdevn.c the same issue +# "ordering in if expression to avoid out-of-bounds access" +# as the already fixed CVE-2020-16305 in devices/gdevpcx.c +# see https://bugs.ghostscript.com/show_bug.cgi?id=701819 +%patch104 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ CVE-2023-38559.patch ++ --- base/gdevdevn.c.orig2022-04-04 15:48:49.0 +0200 +++ base/gdevdevn.c 2023-07-26 11:31:03.873226054 +0200 @@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, co byte data = *from; from += step; -if (data != *from || from == end) { +if (from >= end || data != *from) { if (data >= 0xc0) gp_fputc(0xc1, file); } else {
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-07-05 15:30:24 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.23466 (New) Package is "ghostscript" Wed Jul 5 15:30:24 2023 rev:59 rq:1096685 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-04-28 16:22:42.661780032 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.23466/ghostscript.changes 2023-07-05 15:30:29.242540434 +0200 @@ -1,0 +2,12 @@ +Tue Jul 4 06:16:33 UTC 2023 - Johannes Meixner + +- CVE-2023-36664.patch fixes CVE-2023-36664 + see https://bugs.ghostscript.com/show_bug.cgi?id=706761 + "OS command injection in %pipe% access" + and https://bugs.ghostscript.com/show_bug.cgi?id=706778 + "%pipe% allowed_path bypass" + and bsc#1212711 + "permission validation mishandling for pipe devices + (with the %pipe% prefix or the | pipe character prefix)" + +--- @@ -18,9 +30,13 @@ - * New PDF Interpreter: This is an entirely new implementation written in C -(rather than PostScript, as before) - * Calling Ghostscript via the GS API is now thread safe. The one limitation -is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, -x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be -made thread safe, due to their interaction with the X11 server, those -devices have been modified to only allow one instance in an executable. - * The PSD output device now writes ICC profiles to their output files, for -improved color fidelity. + Highlights in this release include + (excerpts from the Ghostscript upstream release summary + in https://ghostscript.com/docs/9.56.1/News.htm): + * New PDF Interpreter: This is an entirely new implementation +written in C (rather than PostScript, as before) + * Calling Ghostscript via the GS API is now thread safe. The one +limitation is that the X11 devices for Unix-like systems (x11, +x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, +x11gray4 and x11mono) cannot be made thread safe, due to their +interaction with the X11 server, those devices have been +modified to only allow one instance in an executable. + * The PSD output device now writes ICC profiles to their output +files, for improved color fidelity. @@ -28,2 +44,2 @@ - * The usual round of bug fixes, compatibility changes, and incremental -improvements. + * The usual round of bug fixes, compatibility changes, and +incremental improvements. @@ -31,6 +47,17 @@ -engine. In such a build, new devices are available (pdfocr8/pdfocr24/ -pdfocr32) which render the output file to an image, OCR that image, and -output the image "wrapped" up as a PDF file, with the OCR generated text -information included as "invisible" text (in PDF terms, text rendering mode -3). -- drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream +engine. In such a build, new devices are available +(pdfocr8/pdfocr24/pdfocr32) which render the output file to an +image, OCR that image, and output the image "wrapped" up as a +PDF file, with the OCR generated text information included +as "invisible" text (in PDF terms, text rendering mode 3). +Mainly due to time constraints, we only support including +Tesseract from source included in our release packages, +and not linking to Tesseract/Leptonica shared libraries. +Whether we add this capability will be largely dependent +on community demand for the feature. See Enabling OCR +at https://www.ghostscript.com/ocr.html for more details. + For a release summary see: + https://www.ghostscript.com/doc/9.54.0/News.htm + For details see the News.htm and History9.htm files. +- Configure --without-tesseract because this requires C++ (it + might be added if Tesseract support in Ghostscript is needed). +- Drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream @@ -41 +68 @@ -- use _multibuild +- Use _multibuild @@ -46 +73 @@ -- use system zlib (bsc#1198449) +- Use system zlib (bsc#1198449) New: CVE-2023-36664.patch Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.K14BhK/_old 2023-07-05 15:30:30.318546818 +0200 +++ /var/tmp/diff_new_pack.K14BhK/_new 2023-07-05 15:30:30.322546842 +0200 @@ -53,6 +53,18 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494 # and https://bugzilla.suse.com/show_bug.cgi?id=1210062 Patch102: CVE-2023-28879.patch +# Patch103 CVE-2023-36664.patch is +# https://git.ghostscript.com/?p=ghost
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-04-28 16:22:32 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1533 (New) Package is "ghostscript" Fri Apr 28 16:22:32 2023 rev:58 rq:1083209 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-04-12 12:50:56.512701084 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1533/ghostscript.changes 2023-04-28 16:22:42.661780032 +0200 @@ -1,0 +2,5 @@ +Wed Apr 26 19:08:09 UTC 2023 - Jan Engelhardt + +- Replace BuildRequire on xorg-x11-devel by pkgconfig(...) + +--- Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.8wD13w/_old 2023-04-28 16:22:48.477813980 +0200 +++ /var/tmp/diff_new_pack.8wD13w/_new 2023-04-28 16:22:48.481814003 +0200 @@ -115,8 +115,13 @@ %if "%{flavor}" != "mini" BuildRequires: dbus-1-devel BuildRequires: libexpat-devel -BuildRequires: xorg-x11-devel BuildRequires: xorg-x11-fonts +BuildRequires: pkgconfig(ice) +BuildRequires: pkgconfig(sm) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xext) +BuildRequires: pkgconfig(xproto) +BuildRequires: pkgconfig(xt) %if 0%{?suse_version} == 1315 BuildRequires: cups154-devel %else
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-04-12 12:50:52 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.19717 (New) Package is "ghostscript" Wed Apr 12 12:50:52 2023 rev:57 rq:1078390 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-07-29 16:46:51.842480077 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.19717/ghostscript.changes 2023-04-12 12:50:56.512701084 +0200 @@ -1,0 +2,8 @@ +Tue Apr 11 09:09:56 UTC 2023 - Johannes Meixner + +- CVE-2023-28879.patch fixes CVE-2023-28879 + Buffer Overflow in s_xBCPE_process + cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494 + (bsc#1210062) + +--- New: CVE-2023-28879.patch Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.nEquBp/_old 2023-04-12 12:50:57.456706601 +0200 +++ /var/tmp/diff_new_pack.nEquBp/_new 2023-04-12 12:50:57.464706648 +0200 @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -47,6 +47,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch +# Patch102 CVE-2023-28879.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=37ed5022cecd +# that fixes CVE-2023-28879 Buffer Overflow in s_xBCPE_process +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494 +# and https://bugzilla.suse.com/show_bug.cgi?id=1210062 +Patch102: CVE-2023-28879.patch BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: liblcms2-devel @@ -240,6 +246,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 +# Patch102 CVE-2023-28879.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=37ed5022cecd +# that fixes CVE-2023-28879 Buffer Overflow in s_xBCPE_process +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494 +# and https://bugzilla.suse.com/show_bug.cgi?id=1210062 +%patch102 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ CVE-2023-28879.patch ++ --- base/sbcp.c.orig2020-03-19 09:21:42.0 +0100 +++ base/sbcp.c 2023-04-03 12:36:26.024927229 +0200 @@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, strea byte ch = *++p; if (ch <= 31 && escaped[ch]) { +/* Make sure we have space to store two characters in the write buffer, + * if we don't then exit without consuming the input character, we'll process + * that on the next time round. + */ +if (pw->limit - q < 2) { +p--; +break; +} if (p == rlimit) { p--; break;
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2022-07-29 16:46:49 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1533 (New) Package is "ghostscript" Fri Jul 29 16:46:49 2022 rev:56 rq:989980 version:9.56.1 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-07-07 12:56:45.079268520 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1533/ghostscript.changes 2022-07-29 16:46:51.842480077 +0200 @@ -1,0 +2,29 @@ +Mon Jul 18 07:28:54 UTC 2022 - Dirk M??ller + +- update to 9.56.1: + * New PDF Interpreter: This is an entirely new implementation written in C +(rather than PostScript, as before) + * Calling Ghostscript via the GS API is now thread safe. The one limitation +is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, +x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be +made thread safe, due to their interaction with the X11 server, those +devices have been modified to only allow one instance in an executable. + * The PSD output device now writes ICC profiles to their output files, for +improved color fidelity. + * Our efforts in code hygiene and maintainability continue. + * The usual round of bug fixes, compatibility changes, and incremental +improvements. + * We have added the capability to build with the Tesseract OCR +engine. In such a build, new devices are available (pdfocr8/pdfocr24/ +pdfocr32) which render the output file to an image, OCR that image, and +output the image "wrapped" up as a PDF file, with the OCR generated text +information included as "invisible" text (in PDF terms, text rendering mode +3). +- drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream + +--- +Mon Jul 18 06:38:01 UTC 2022 - Dirk M??ller + +- use _multibuild + +--- Old: CVE-2021-3781.patch CVE-2021-45949.patch ghostscript-9.54.0.tar.gz ghostscript-mini.changes ghostscript-mini.spec New: _multibuild ghostscript-9.56.1.tar.xz Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.Hy6FYQ/_old 2022-07-29 16:46:53.030483380 +0200 +++ /var/tmp/diff_new_pack.Hy6FYQ/_new 2022-07-29 16:46:53.034483392 +0200 @@ -1,5 +1,5 @@ # -# spec file for package ghostscript +# spec file # # Copyright (c) 2022 SUSE LLC # @@ -16,90 +16,26 @@ # -Name: ghostscript -# SLE12 needs special BuildRequires. -# For suse_version values see https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto -%if 0%{?suse_version} == 1315 -# For SLE12 by default CUPS 1.7.5 is provided and alternatively CUPS 1.5.4 is provided in the "legacy" module. -# For SLE12 build it with traditional CUPS 1.5.4 to ensure it works on SLE12 both with CUPS 1.7.5 and CUPS 1.5.4 -# because libcups and libcupsimage in CUPS 1.7.5 are backward compatible with CUPS 1.5.4 so that applications -# that have been built with CUPS 1.5.4 also work under CUPS 1.7.5 but the libraries in CUPS 1.7.5 provide -# some additional functions so that applications that have been built with CUPS 1.7.5 and use those -# additional functions would not work under CUPS 1.7.5. -# Only in the Printing project for SLE12 use cups154-ddk (a sub package of the cups154-SLE12 source package): -BuildRequires: cups154-devel +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "mini" +%global psuffix -mini %else -# Anything what is not SLE12 (i.e. SLE11 and all openSUSE versions) have "normal" BuildRequires: -BuildRequires: cups-devel +%global psuffix %{nil} %endif -# dbus-1-devel is needed for "configure --enable-dbus" (see below): -BuildRequires: dbus-1-devel -BuildRequires: freetype2-devel -BuildRequires: libexpat-devel -BuildRequires: libjpeg-devel -BuildRequires: liblcms2-devel -BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libtool -BuildRequires: pkg-config -BuildRequires: update-alternatives -BuildRequires: xorg-x11-devel -BuildRequires: xorg-x11-fonts -BuildRequires: zlib-devel -# Always check if latest version of penjpeg becomes compatible with ghostscript -%if 0%{?suse_version} >= 1550 -BuildRequires: pkgconfig(libopenjp2) >= 2.3.1 -%endif -%if 0%{?suse_version} >= 1500 -BuildRequires: apparmor-abstractions -BuildRequires: apparmor-rpm-macros -%endif -Requires(post): update-alternatives -Requires(preun):update-alternatives -Summary:The Ghostscript interpreter for PostScript and PDF -License:AG
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2022-07-07 12:56:31 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1523 (New) Package is "ghostscript" Thu Jul 7 12:56:31 2022 rev:55 rq:987199 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-04-19 09:58:05.883551284 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1523/ghostscript.changes 2022-07-07 12:56:45.079268520 +0200 @@ -1,0 +2,5 @@ +Wed Apr 13 11:12:39 UTC 2022 - Dirk M??ller + +- use system zlib (bsc#1198449) + +--- Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.5m4tTg/_old 2022-07-07 12:56:46.007269902 +0200 +++ /var/tmp/diff_new_pack.5m4tTg/_new 2022-07-07 12:56:46.011269908 +0200 @@ -346,6 +346,7 @@ %if 0%{?suse_version} >= 1550 rm -rf openjpeg %endif +rm -rf zlib # In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1 # because that is what Ghostscript upstream recommends according to # https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html @@ -413,6 +414,7 @@ --enable-openjpeg \ --enable-dynamic \ --disable-compile-inits \ + --without-local-zlib \ --with-ijs \ --enable-cups \ --with-drivers=ALL \
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2022-04-19 09:58:01 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1941 (New) Package is "ghostscript" Tue Apr 19 09:58:01 2022 rev:54 rq:970583 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2022-01-14 23:13:15.858632706 +0100 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1941/ghostscript.changes 2022-04-19 09:58:05.883551284 +0200 @@ -1,0 +2,6 @@ +Thu Apr 7 08:14:51 UTC 2022 - Frederic Crozat + +- Do no longer require apparmor-abstractions, it is not mandatory + to use Ghostscript (bsc#1134289). + +--- Other differences: -- ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.fYnj3o/_old 2022-04-19 09:58:06.675552313 +0200 +++ /var/tmp/diff_new_pack.fYnj3o/_new 2022-04-19 09:58:06.679552318 +0200 @@ -53,7 +53,6 @@ %if 0%{?suse_version} >= 1500 BuildRequires: apparmor-abstractions BuildRequires: apparmor-rpm-macros -Requires: apparmor-abstractions %endif Requires(post): update-alternatives Requires(preun):update-alternatives
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2022-01-14 23:12:43 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1892 (New) Package is "ghostscript" Fri Jan 14 23:12:43 2022 rev:53 rq:945779 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-09-13 16:25:10.582789466 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1892/ghostscript-mini.changes 2022-01-14 23:13:15.826632685 +0100 @@ -1,0 +2,11 @@ +Tue Jan 11 13:40:10 CET 2022 - jsm...@suse.de + +- CVE-2021-45949.patch fixes CVE-2021-45949 + heap-based buffer overflow in sampled_data_finish + cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml + (bsc#1194304) +- CVE-2021-45944 use-after-free in sampled_data_sample + is already fixed in the Ghostscript 9.54.0 upstream sources + (bsc#1194303) + +--- ghostscript.changes: same change New: CVE-2021-45949.patch Other differences: -- ++ ghostscript-mini.spec ++ --- /var/tmp/diff_new_pack.yrTocG/_old 2022-01-14 23:13:16.566633162 +0100 +++ /var/tmp/diff_new_pack.yrTocG/_new 2022-01-14 23:13:16.570633165 +0100 @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -89,6 +89,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 Patch102: CVE-2021-3781.patch +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish +# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml +# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 +Patch103: CVE-2021-45949.patch # RPM dependencies: # The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" # so other packages can build with any available Ghostscript implementation, @@ -172,6 +178,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 %patch102 -p1 +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish +# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml +# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 +%patch103 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.yrTocG/_old 2022-01-14 23:13:16.586633175 +0100 +++ /var/tmp/diff_new_pack.yrTocG/_new 2022-01-14 23:13:16.590633178 +0100 @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -118,6 +118,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 Patch102: CVE-2021-3781.patch +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish +# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml +# and https://bugzilla.suse.com/show_bug.cgi?id=1194304 +Patch103: CVE-2021-45949.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -313,6 +319,12 @@ # cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 # and https://bugzilla.suse.com/show_bug.cgi?id=1190381 %patch102 -p1 +# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +# tha
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2021-09-13 16:24:27 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1899 (New) Package is "ghostscript" Mon Sep 13 16:24:27 2021 rev:52 rq:917942 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-06-01 10:33:53.172447799 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1899/ghostscript-mini.changes 2021-09-13 16:25:10.582789466 +0200 @@ -1,0 +2,8 @@ +Fri Sep 10 09:37:46 CEST 2021 - jsm...@suse.de + +- CVE-2021-3781.patch fixes CVE-2021-3781 + Trivial -dSAFER bypass + cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 + (bsc#1190381) + +--- ghostscript.changes: same change New: CVE-2021-3781.patch Other differences: -- ++ ghostscript-mini.spec ++ --- /var/tmp/diff_new_pack.Yq2PaE/_old 2021-09-13 16:25:11.354790359 +0200 +++ /var/tmp/diff_new_pack.Yq2PaE/_new 2021-09-13 16:25:11.358790363 +0200 @@ -83,6 +83,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +Patch102: CVE-2021-3781.patch # RPM dependencies: # The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" # so other packages can build with any available Ghostscript implementation, @@ -160,6 +166,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +%patch102 -p1 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.Yq2PaE/_old 2021-09-13 16:25:11.386790396 +0200 +++ /var/tmp/diff_new_pack.Yq2PaE/_new 2021-09-13 16:25:11.390790400 +0200 @@ -112,6 +112,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +Patch102: CVE-2021-3781.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -301,6 +307,12 @@ # Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 +# Patch102 CVE-2021-3781.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=a9bd3dec9fde +# that fixes CVE-2021-3781 Trivial -dSAFER bypass +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 +# and https://bugzilla.suse.com/show_bug.cgi?id=1190381 +%patch102 -p1 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++ CVE-2021-3781.patch ++ >From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 From: Chris Liddell Date: Tue, 7 Sep 2021 20:36:12 +0100 Subject: [PATCH] Bug 704342: Include device specifier strings in access validation for the "%pipe%", %handle%" and %printer% io devices. We previously validated only the part after the "%pipe%" Postscript device specifier, but this proved insufficient. This rebuilds the original file name string, and validates it complete. The slight complication for "%pipe%" is it can be reached implicitly using "|" so we have to check both prefixes. Addresses CVE-2021-3781 --- base/gdevpipe.c | 22 +++- base/gp_mshdl.c | 11 +++- base/gp_msprn.c
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2021-06-01 10:33:40 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1898 (New) Package is "ghostscript" Tue Jun 1 10:33:40 2021 rev:51 rq:895991 version:9.54.0 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-04-18 21:44:55.236702580 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1898/ghostscript-mini.changes 2021-06-01 10:33:53.172447799 +0200 @@ -2 +2,39 @@ -Wed Apr 14 11:57:25 UTC 2021 - Wolfgang Frisch +Fri May 21 13:40:56 CEST 2021 - jsm...@suse.de + +- Version upgrade to 9.54.0 + Highlights in this release include + (excerpts from the Ghostscript upstream release summary + in https://www.ghostscript.com/doc/9.54.0/News.htm): + * The 9.54.0 release is a maintenance release, +and also adds new functionality. + * Overprint simulation is now available to all output devices, +allowing quality previewing/proofing of PostScript and +PDF jobs that rely on overprint. See the -dOverprint option +documentation in: doc/9.54.0/Use.htm#Overprint + * The "docxwrite" device adds the ability to output +to Microsoft Word "docx" format. +See: doc/9.54.0/VectorDevices.htm#DOCX + * The pdfwrite device is now capable of using the Tesseract OCR +engine when it is built into Ghostscript to improve +searchability and copy and paste functionality when the input +lacks the metadata for that purpose. +See: doc/9.54.0/VectorDevices.htm#UseOCR + * Ghostscript/GhostPDL now includes a "map text to black" +function, where text drawn by an input job (except when drawn +using a Type 3 font) can be forced to draw in solid black. +See: doc/9.54.0/Use.htm#BlackText + * Ghostscript/GhostPDL now supports simple N-up imposition +"internally". See: doc/9.54.0/Use.htm#NupControl + * Our efforts in code hygiene and maintainability continue. + * The usual round of bug fixes, compatibility changes, +and incremental improvements. + * For a list of open issues, or to report problems, please visit +bugs.ghostscript.com + For a release summary see: + https://www.ghostscript.com/doc/9.54.0/News.htm + For details see the News.htm and History9.htm files. +- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer + needed because it is fixed in the upstream sources. + +--- +Wed Apr 14 11:56:22 UTC 2021 - Wolfgang Frisch --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2021-04-18 21:44:55.284702661 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1898/ghostscript.changes 2021-06-01 10:33:53.256447942 +0200 @@ -1,0 +2,38 @@ +Fri May 21 13:40:56 CEST 2021 - jsm...@suse.de + +- Version upgrade to 9.54.0 + Highlights in this release include + (excerpts from the Ghostscript upstream release summary + in https://www.ghostscript.com/doc/9.54.0/News.htm): + * The 9.54.0 release is a maintenance release, +and also adds new functionality. + * Overprint simulation is now available to all output devices, +allowing quality previewing/proofing of PostScript and +PDF jobs that rely on overprint. See the -dOverprint option +documentation in: doc/9.54.0/Use.htm#Overprint + * The "docxwrite" device adds the ability to output +to Microsoft Word "docx" format. +See: doc/9.54.0/VectorDevices.htm#DOCX + * The pdfwrite device is now capable of using the Tesseract OCR +engine when it is built into Ghostscript to improve +searchability and copy and paste functionality when the input +lacks the metadata for that purpose. +See: doc/9.54.0/VectorDevices.htm#UseOCR + * Ghostscript/GhostPDL now includes a "map text to black" +function, where text drawn by an input job (except when drawn +using a Type 3 font) can be forced to draw in solid black. +See: doc/9.54.0/Use.htm#BlackText + * Ghostscript/GhostPDL now supports simple N-up imposition +"internally". See: doc/9.54.0/Use.htm#NupControl + * Our efforts in code hygiene and maintainability continue. + * The usual round of bug fixes, compatibility changes, +and incremental improvements. + * For a list of open issues, or to report problems, please visit +bugs.ghostscript.com + For a release summary see: + https://www.ghostscript.com/doc/9.54.0/News.htm + For details see the News.htm and History9.htm files. +- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer + needed because it is fixed in the upstream sources. + +--- Old: 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch ghostscript-9.53.3.ta
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2021-04-18 21:44:42 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.12324 (New) Package is "ghostscript" Sun Apr 18 21:44:42 2021 rev:50 rq:885580 version:9.53.3 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-04-14 10:10:27.341440665 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.12324/ghostscript-mini.changes 2021-04-18 21:44:55.236702580 +0200 @@ -1,0 +2,5 @@ +Wed Apr 14 11:57:25 UTC 2021 - Wolfgang Frisch + +- Hardening: compile with PIC, link as PIE + +--- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2020-10-23 12:19:25.796561718 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.12324/ghostscript.changes 2021-04-18 21:44:55.284702661 +0200 @@ -1,0 +2,5 @@ +Wed Apr 14 11:56:22 UTC 2021 - Wolfgang Frisch + +- Hardening: compile with PIC, link as PIE + +--- Other differences: -- ++ ghostscript-mini.spec ++ --- /var/tmp/diff_new_pack.QWWNPV/_old 2021-04-18 21:44:56.000703871 +0200 +++ /var/tmp/diff_new_pack.QWWNPV/_new 2021-04-18 21:44:56.000703871 +0200 @@ -215,8 +215,9 @@ # Derive build timestamp from latest changelog entry export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) # Set our preferred architecture-specific flags for the compiler and linker: -export CFLAGS="%{optflags} -fno-strict-aliasing" -export CXXFLAGS="%{optflags} -fno-strict-aliasing" +export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC" +export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC" +export LDFLAGS="-pie" autoreconf -fi # --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used. # --disable-cups and --without-pdftoraster ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.QWWNPV/_old 2021-04-18 21:44:56.016703898 +0200 +++ /var/tmp/diff_new_pack.QWWNPV/_new 2021-04-18 21:44:56.020703905 +0200 @@ -356,8 +356,9 @@ # Derive build timestamp from latest changelog entry export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) # Set our preferred architecture-specific flags for the compiler and linker: -export CFLAGS="%{optflags} -fno-strict-aliasing" -export CXXFLAGS="%{optflags} -fno-strict-aliasing" +export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC" +export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC" +export LDFLAGS="-pie" autoreconf -fi # --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used. # --enable-cups but no longer --with-pdftoraster --enable-dbus --with-install-cups because
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2021-04-14 10:10:12 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.2401 (New) Package is "ghostscript" Wed Apr 14 10:10:12 2021 rev:49 rq:881824 version:9.53.3 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2021-03-16 15:44:12.677018640 +0100 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.2401/ghostscript-mini.changes 2021-04-14 10:10:27.341440665 +0200 @@ -1,0 +2,16 @@ +Fri Mar 26 13:42:05 UTC 2021 - Dominique Leuenberger + +- Do not rely on apparmor at all for the -mini flavor: + + Drop apparmor-abstraction and apparmor-rpm-macros +BuildRequires. + + Do not package apparmor files. + +--- +Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger + +- Do not require apparmor-abstractions: with the mini package being + used only during build (and never on end user workstations), + apparmor is not going to be enabled (build is in chroot/vm). + Keeping the dep-chain of the -mini flavor as small as possible. + +--- Other differences: -- ++ ghostscript-mini.spec ++ --- /var/tmp/diff_new_pack.T2JnMl/_old 2021-04-14 10:10:28.133442002 +0200 +++ /var/tmp/diff_new_pack.T2JnMl/_new 2021-04-14 10:10:28.137442009 +0200 @@ -26,13 +26,8 @@ BuildRequires: pkg-config BuildRequires: update-alternatives BuildRequires: zlib-devel -%if 0%{?suse_version} >= 1500 -BuildRequires: apparmor-abstractions -BuildRequires: apparmor-rpm-macros -Requires: apparmor-abstractions -%endif Requires(post): update-alternatives -Requires(preun): update-alternatives +Requires(preun):update-alternatives Summary:Minimal Ghostscript for minimal build requirements License:AGPL-3.0-only Group: Productivity/Office/Other @@ -104,9 +99,9 @@ # in openSUSE products, cf. https://build.opensuse.org/request/show/877083 Provides: ghostscript_any = %{version} Conflicts: ghostscript -Conflicts: ghostscript-x11 Conflicts: ghostscript-devel Conflicts: ghostscript-library +Conflicts: ghostscript-x11 # Install into this non-root directory (required when norootforbuild is used): BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -149,9 +144,9 @@ Group: Development/Libraries/C and C++ Requires: ghostscript-mini = %{version} Conflicts: ghostscript -Conflicts: ghostscript-x11 Conflicts: ghostscript-devel Conflicts: ghostscript-library +Conflicts: ghostscript-x11 %description devel This package contains the development files for Minimal Ghostscript. @@ -349,7 +344,6 @@ # Switch back to the usual build log messages: set -x install -m 644 catalog.devices $DOCDIR -install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript # Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives install -d %buildroot%{_sysconfdir}/alternatives @@ -359,9 +353,6 @@ %post /sbin/ldconfig -%if 0%{?suse_version} >= 1500 -%apparmor_reload /etc/apparmor.d/ghostscript -%endif %{_sbindir}/update-alternatives \ --install %{_bindir}/gs gs %{_bindir}/gs.bin 15 @@ -449,10 +440,6 @@ %{_libdir}/libgs.so.* %{_libdir}/ghostscript/ %{_libdir}/libijs-0.35.so -%if 0%{?suse_version} < 1500 -%dir %{_sysconfdir}/apparmor.d -%endif -%{_sysconfdir}/apparmor.d/ghostscript %files devel %defattr(-,root,root) ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.T2JnMl/_old 2021-04-14 10:10:28.161442050 +0200 +++ /var/tmp/diff_new_pack.T2JnMl/_new 2021-04-14 10:10:28.165442056 +0200 @@ -56,7 +56,7 @@ Requires: apparmor-abstractions %endif Requires(post): update-alternatives -Requires(preun): update-alternatives +Requires(preun):update-alternatives Summary:The Ghostscript interpreter for PostScript and PDF License:AGPL-3.0-only Group: Productivity/Office/Other
commit ghostscript for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2021-03-16 15:43:06 Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.2401 (New) Package is "ghostscript" Tue Mar 16 15:43:06 2021 rev:48 rq:879172 version:9.53.3 Changes: --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2020-10-23 12:19:25.756561697 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.2401/ghostscript-mini.changes 2021-03-16 15:44:12.677018640 +0100 @@ -1,0 +2,6 @@ +Fri Mar 5 12:35:16 UTC 2021 - Dominique Leuenberger + +- Provide ghostscript_any by ghostscript-mini: this is a valid + replacement for consumers. + +--- Other differences: -- ++ ghostscript-mini.spec ++ --- /var/tmp/diff_new_pack.zCFHm8/_old 2021-03-16 15:44:13.401019799 +0100 +++ /var/tmp/diff_new_pack.zCFHm8/_new 2021-03-16 15:44:13.401019799 +0100 @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -93,6 +93,16 @@ # additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch # RPM dependencies: +# The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" +# so other packages can build with any available Ghostscript implementation, +# either ghostscript or ghostscript-mini ("BuildRequires: ghostscript-mini" should not +# be used because ghostscript-mini does not exist outside of OBS so other packages that +# use "BuildRequires: ghostscript-mini" could not be built in published products). +# The "Provides: ghostscript_any" does not affect end-users who should not get +# ghostscript-mini installed (but only the full featured ghostscript package) +# because ghostscript-mini (and ghostscript-mini-devel) are not published +# in openSUSE products, cf. https://build.opensuse.org/request/show/877083 +Provides: ghostscript_any = %{version} Conflicts: ghostscript Conflicts: ghostscript-x11 Conflicts: ghostscript-devel ++ ghostscript.spec ++ --- /var/tmp/diff_new_pack.zCFHm8/_old 2021-03-16 15:44:13.417019824 +0100 +++ /var/tmp/diff_new_pack.zCFHm8/_new 2021-03-16 15:44:13.421019831 +0100 @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -153,7 +153,16 @@ # hylafax Requires gs_lib # graphviz-plugins BuildRequires ghostscript-mini # Provide the additional RPM Provides of the ghostscript-library package -# (ghostscript_x11 is provided by the ghostscript-x11 sub-package, see below): +# (ghostscript_x11 is provided by the ghostscript-x11 sub-package, see below). +# The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any" +# so other packages can build with any available Ghostscript implementation, +# either ghostscript or ghostscript-mini ("BuildRequires: ghostscript-mini" should not +# be used because ghostscript-mini does not exist outside of OBS so other packages that +# use "BuildRequires: ghostscript-mini" could not be built in published products). +# The "Provides: ghostscript_any" does not affect end-users who should not get +# ghostscript-mini installed (but only the full featured ghostscript package) +# because ghostscript-mini (and ghostscript-mini-devel) are not published +# in openSUSE products, cf. https://build.opensuse.org/request/show/877083 Provides: ghostscript_any Provides: gs Provides: gs_lib