Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2017-12-10 18:13:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript" Sun Dec 10 18:13:29 2017 rev:29 rq:554966 version:9.22 Changes: -------- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2017-06-17 10:19:27.241673334 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new/ghostscript-mini.changes 2017-12-10 18:14:08.820619777 +0100 @@ -1,0 +2,65 @@ +Wed Nov 29 16:04:48 CET 2017 - [email protected] + +- Version upgrade to 9.22. + For details see the News.htm and History9.htm files. + Highlights in this release include: + * Ghostscript can now consume and produce (via the pdfwrite + device) PDF 2.0 compliant files. + * The main focus of this release has been security and code + cleanliness. Hence many AddressSanitizer, Valgrind and + Coverity issues have been addressed. + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + Incompatible changes + * The planned device API tidy (still!) did not happen for + this release, due to time pressures, but we still intend + to undertake the following: We plan to somewhat tidy up + the device API. We intend to remove deprecated device procs + (methods/function pointers) and change the device API + so every device proc takes a graphics state parameter + (rather than the current scheme where only a very few procs + take an imager state parameter). This should serve as notice + to anyone maintaining a Ghostscript device outside the + canonical source tree that you may (probably will) need + to update your device(s) when these changes happen. + Devices using only the non-deprecated procs should be + trivial to update. +- Up to 9.22rc1 it "just built" for all openSUSE versions but + since 9.22rc2 the libijs part does no longer buid for any + released openSUSE version where if fails with messages like + libtool: Version mismatch error. + This is libtool 2.4.6 Debian-2.4.6-2, but the + definition of this LT_INIT comes from libtool 2.4.2. + You should recreate aclocal.m4 with macros from + libtool 2.4.6 Debian-2.4.6-2 and run autoconf again. + Makefile: recipe for target 'ijs.lo' failed + so that currently it only builds for Tumbleweed/Factory. + Presumably it is not too complicated to make it build again + also for released openSUSE versions but currently I have + less than zero energy to fix on such "latest breaking changes" + so that for now Ghostscript 9.22 is only provided for + openSUSE Tumbleweed/Factory and the upcoming SLE15/Leap15. + +------------------------------------------------------------------- +Fri Sep 29 09:12:06 CEST 2017 - [email protected] + +- Version upgrade to 9.22rc2 (second release candidate for 9.22). + For details see the News.htm and History9.htm files. + Regarding installing packages (in particular release candidates) + from the openSUSE build service development project "Printing" + see https://build.opensuse.org/project/show/Printing + +------------------------------------------------------------------- +Thu Sep 14 15:19:40 CEST 2017 - [email protected] + +- Version upgrade to 9.22rc1 (first release candidate for 9.22). + For details see the News.htm and History9.htm files. + Regarding installing packages (in particular release candidates) + from the openSUSE build service development project "Printing" + see https://build.opensuse.org/project/show/Printing +- Since Ghostscript 9.22rc1 font2c and wftopfa are removed. +- CVE-2017-5951.patch CVE-2017-7207.patch + CVE-2017-8291.patch and CVE-2017-9216.patch + are fixed in the version 9.22rc1 upstream sources. + +------------------------------------------------------------------- @@ -4 +69,2 @@ -- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle +- CVE-2017-7207.patch fixes a NULL pointer dereference + in mem_get_bits_rectangle @@ -7 +73,2 @@ -- CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get +- CVE-2017-9216.patch fixes a NULL pointer dereference + in jbig2_huffman_get ghostscript.changes: same change Old: ---- CVE-2017-5951.patch CVE-2017-7207.patch CVE-2017-8291.patch CVE-2017-9216.patch ghostscript-9.21.tar.gz New: ---- ghostscript-9.22.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript-mini.spec ++++++ --- /var/tmp/diff_new_pack.J7vaSB/_old 2017-12-10 18:14:11.112510613 +0100 +++ /var/tmp/diff_new_pack.J7vaSB/_new 2017-12-10 18:14:11.116510423 +0100 @@ -36,32 +36,33 @@ # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: -#Version: 9.19pre20rc1 +#Version: 9.21pre22rc2 # Normal version for Ghostscript releases is the upstream version: -Version: 9.21 +Version: 9.22 Release: 0 # tarball_version is used below to specify the directory via "setup -n": # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): %define tarball_version %{version} -#define tarball_version 9.20rc1 +#define tarball_version 9.22rc2 # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): %define built_version %{version} -#define built_version 9.20 +#define built_version 9.22 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: -# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz +# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz # How to download it: -# wget -O ghostscript-9.20rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz +# wget -O ghostscript-9.22rc2.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: -# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz +# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz # How to download it: -# wget -O ghostscript-9.21.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz -# URL for MD5 checksums: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/MD5SUMS -# MD5 checksum for Source0: 5f213281761d2750fcf27476c404d17f +# wget -O ghostscript-9.22.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz +# URL for MD5 checksums: +# wget -O gs922.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/MD5SUMS +# MD5 checksum for Source0: eff6bc41b1d7e26e988d2a5c813889d1 Source0: ghostscript-%{version}.tar.gz # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream: @@ -77,25 +78,6 @@ # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch -# Patch101 CVE-2017-5951.patch fixes -# null pointer dereference in ref_stack_index() that is -# related to mem_get_bits_rectangle() in base/gdevmem.c -# https://bugs.ghostscript.com/show_bug.cgi?id=697548 -# (bsc#1032114) -Patch101: CVE-2017-5951.patch -# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc -# see https://bugs.ghostscript.com/show_bug.cgi?id=697808 -# and https://bugs.ghostscript.com/show_bug.cgi?id=697799 -# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453 -Patch102: CVE-2017-8291.patch -# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function -# see https://bugs.ghostscript.com/show_bug.cgi?id=697934 -# and https://bugzilla.suse.com/show_bug.cgi?id=1040643 -Patch103: CVE-2017-9216.patch -# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle -# see https://bugs.ghostscript.com/show_bug.cgi?id=697676 -# and https://bugzilla.suse.com/show_bug.cgi?id=1030263 -Patch104: CVE-2017-7207.patch # RPM dependencies: Conflicts: ghostscript @@ -181,25 +163,7 @@ # is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE: #rm -rf freetype jpeg libpng tiff zlib rm -rf freetype jpeg libpng tiff -# Patch101 CVE-2017-5951.patch fixes -# null pointer dereference in ref_stack_index() that is -# related to mem_get_bits_rectangle() in base/gdevmem.c -# https://bugs.ghostscript.com/show_bug.cgi?id=697548 -# (bsc#1032114) -%patch101 -b .CVE-2017-5951.orig -# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc -# see https://bugs.ghostscript.com/show_bug.cgi?id=697808 -# and https://bugs.ghostscript.com/show_bug.cgi?id=697799 -# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453 -%patch102 -p1 -b .CVE-2017-8291.orig -# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function -# see https://bugs.ghostscript.com/show_bug.cgi?id=697934 -# and https://bugzilla.suse.com/show_bug.cgi?id=1040643 -%patch103 -p1 -b .CVE-2017-9216.orig -# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle -# see https://bugs.ghostscript.com/show_bug.cgi?id=697676 -# and https://bugzilla.suse.com/show_bug.cgi?id=1030263 -%patch104 -p1 -b .CVE-2017-7207.orig + %build # Derive build timestamp from latest changelog entry export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) @@ -280,6 +244,12 @@ rm %{buildroot}%{_bindir}/ijs_client_example rm %{buildroot}%{_bindir}/ijs_server_example rm %{buildroot}%{_libdir}/libijs.la +# Since Ghostscript 9.22rc1 bin/font2c and bin/wftopfa are removed +# but the matching man pages are still installed which are hereby also removed: +#rm %{buildroot}%{_mandir}/man1/font2c.1 +#rm %{buildroot}%{_mandir}/man1/wftopfa.1 +#rm %{buildroot}%{_mandir}/de/man1/font2c.1 +#rm %{buildroot}%{_mandir}/de/man1/wftopfa.1 # Install documentation which is not installed by default # see http://bugs.ghostscript.com/show_bug.cgi?id=693002 # and fail intentionally as notification if something changed: @@ -328,7 +298,6 @@ %defattr(-, root, root) %{_bindir}/dvipdf %{_bindir}/eps2eps -%{_bindir}/font2c %{_bindir}/gs %{_bindir}/gsx %{_bindir}/gsc @@ -355,10 +324,8 @@ %{_bindir}/ps2ps %{_bindir}/ps2ps2 %{_bindir}/unix-lpr.sh -%{_bindir}/wftopfa %doc %{_mandir}/man1/dvipdf.1.gz %doc %{_mandir}/man1/eps2eps.1.gz -%doc %{_mandir}/man1/font2c.1.gz %doc %{_mandir}/man1/gs.1.gz %doc %{_mandir}/man1/gsbj.1.gz %doc %{_mandir}/man1/gsdj.1.gz @@ -379,10 +346,8 @@ %doc %{_mandir}/man1/ps2pdf14.1.gz %doc %{_mandir}/man1/ps2pdfwr.1.gz %doc %{_mandir}/man1/ps2ps.1.gz -%doc %{_mandir}/man1/wftopfa.1.gz %doc %{_mandir}/de/man1/dvipdf.1.gz %doc %{_mandir}/de/man1/eps2eps.1.gz -%doc %{_mandir}/de/man1/font2c.1.gz %doc %{_mandir}/de/man1/gsnd.1.gz %doc %{_mandir}/de/man1/pdf2dsc.1.gz %doc %{_mandir}/de/man1/pdf2ps.1.gz @@ -393,7 +358,6 @@ %doc %{_mandir}/de/man1/ps2pdf13.1.gz %doc %{_mandir}/de/man1/ps2pdf14.1.gz %doc %{_mandir}/de/man1/ps2ps.1.gz -%doc %{_mandir}/de/man1/wftopfa.1.gz %doc %{_defaultdocdir}/ghostscript %dir %{_datadir}/ghostscript %dir %{_datadir}/ghostscript/%{built_version} ++++++ ghostscript.spec ++++++ --- /var/tmp/diff_new_pack.J7vaSB/_old 2017-12-10 18:14:11.132509661 +0100 +++ /var/tmp/diff_new_pack.J7vaSB/_new 2017-12-10 18:14:11.136509470 +0100 @@ -56,32 +56,33 @@ # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: -#Version: 9.19pre20rc1 +#Version: 9.21pre22rc2 # Normal version for Ghostscript releases is the upstream version: -Version: 9.21 +Version: 9.22 Release: 0 # tarball_version is used below to specify the directory via "setup -n": # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): %define tarball_version %{version} -#define tarball_version 9.20rc1 +#define tarball_version 9.22rc2 # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): %define built_version %{version} -#define built_version 9.20 +#define built_version 9.22 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: -# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz +# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz # How to download it: -# wget -O ghostscript-9.20rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz +# wget -O ghostscript-9.22rc2.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: -# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz +# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz # How to download it: -# wget -O ghostscript-9.21.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz -# URL for MD5 checksums: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/MD5SUMS -# MD5 checksum for Source0: 5f213281761d2750fcf27476c404d17f +# wget -O ghostscript-9.22.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz +# URL for MD5 checksums: +# wget -O gs922.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/MD5SUMS +# MD5 checksum for Source0: eff6bc41b1d7e26e988d2a5c813889d1 Source0: ghostscript-%{version}.tar.gz # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream: @@ -97,25 +98,6 @@ # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch -# Patch101 CVE-2017-5951.patch fixes -# null pointer dereference in ref_stack_index() that is -# related to mem_get_bits_rectangle() in base/gdevmem.c -# https://bugs.ghostscript.com/show_bug.cgi?id=697548 -# (bsc#1032114) -Patch101: CVE-2017-5951.patch -# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc -# see https://bugs.ghostscript.com/show_bug.cgi?id=697808 -# and https://bugs.ghostscript.com/show_bug.cgi?id=697799 -# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453 -Patch102: CVE-2017-8291.patch -# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function -# see https://bugs.ghostscript.com/show_bug.cgi?id=697934 -# and https://bugzilla.suse.com/show_bug.cgi?id=1040643 -Patch103: CVE-2017-9216.patch -# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle -# see https://bugs.ghostscript.com/show_bug.cgi?id=697676 -# and https://bugzilla.suse.com/show_bug.cgi?id=1030263 -Patch104: CVE-2017-7207.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from @@ -243,6 +225,7 @@ %package x11 Summary: X11 library for Ghostscript +Group: Productivity/Publishing/PS # Require the exact matching version-release of the ghostscript main-package because # a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault) # because all Ghostscript software is built from one same Ghostscript source tar ball @@ -250,7 +233,6 @@ # The exact matching version-release of the ghostscript main-package is available # on the same package repository where the ghostscript-x11 sub-package is because # all are built simulaneously from the same Ghostscript source package: -Group: Productivity/Publishing/PS Requires: ghostscript = %{version}-%{release} # Unfortunately ghostscript-library.spec and ghostscript-mini.spec have # an unversioned "Provides: ghostscript" and for RPM this means that both @@ -317,25 +299,6 @@ # is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE: #rm -rf freetype jpeg libpng tiff zlib rm -rf freetype jpeg libpng tiff -# Patch101 CVE-2017-5951.patch fixes -# null pointer dereference in ref_stack_index() that is -# related to mem_get_bits_rectangle() in base/gdevmem.c -# https://bugs.ghostscript.com/show_bug.cgi?id=697548 -# (bsc#1032114) -%patch101 -b .CVE-2017-5951.orig -# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc -# see https://bugs.ghostscript.com/show_bug.cgi?id=697808 -# and https://bugs.ghostscript.com/show_bug.cgi?id=697799 -# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453 -%patch102 -p1 -b .CVE-2017-8291.orig -# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function -# see https://bugs.ghostscript.com/show_bug.cgi?id=697934 -# and https://bugzilla.suse.com/show_bug.cgi?id=1040643 -%patch103 -p1 -b .CVE-2017-9216.orig -# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle -# see https://bugs.ghostscript.com/show_bug.cgi?id=697676 -# and https://bugzilla.suse.com/show_bug.cgi?id=1030263 -%patch104 -p1 -b .CVE-2017-7207.orig %build # Derive build timestamp from latest changelog entry @@ -417,6 +380,12 @@ rm %{buildroot}%{_bindir}/ijs_client_example rm %{buildroot}%{_bindir}/ijs_server_example rm %{buildroot}%{_libdir}/libijs.la +# Since Ghostscript 9.22rc1 bin/font2c and bin/wftopfa are removed +# but the matching man pages are still installed which are hereby also removed: +#rm %{buildroot}%{_mandir}/man1/font2c.1 +#rm %{buildroot}%{_mandir}/man1/wftopfa.1 +#rm %{buildroot}%{_mandir}/de/man1/font2c.1 +#rm %{buildroot}%{_mandir}/de/man1/wftopfa.1 # Install documentation which is not installed by default # see http://bugs.ghostscript.com/show_bug.cgi?id=693002 # and fail intentionally as notification if something changed: @@ -465,7 +434,6 @@ %defattr(-, root, root) %{_bindir}/dvipdf %{_bindir}/eps2eps -%{_bindir}/font2c %{_bindir}/gs %{_bindir}/gsx %{_bindir}/gsc @@ -492,10 +460,8 @@ %{_bindir}/ps2ps %{_bindir}/ps2ps2 %{_bindir}/unix-lpr.sh -%{_bindir}/wftopfa %doc %{_mandir}/man1/dvipdf.1.gz %doc %{_mandir}/man1/eps2eps.1.gz -%doc %{_mandir}/man1/font2c.1.gz %doc %{_mandir}/man1/gs.1.gz %doc %{_mandir}/man1/gsbj.1.gz %doc %{_mandir}/man1/gsdj.1.gz @@ -516,10 +482,8 @@ %doc %{_mandir}/man1/ps2pdf14.1.gz %doc %{_mandir}/man1/ps2pdfwr.1.gz %doc %{_mandir}/man1/ps2ps.1.gz -%doc %{_mandir}/man1/wftopfa.1.gz %doc %{_mandir}/de/man1/dvipdf.1.gz %doc %{_mandir}/de/man1/eps2eps.1.gz -%doc %{_mandir}/de/man1/font2c.1.gz %doc %{_mandir}/de/man1/gsnd.1.gz %doc %{_mandir}/de/man1/pdf2dsc.1.gz %doc %{_mandir}/de/man1/pdf2ps.1.gz @@ -530,7 +494,6 @@ %doc %{_mandir}/de/man1/ps2pdf13.1.gz %doc %{_mandir}/de/man1/ps2pdf14.1.gz %doc %{_mandir}/de/man1/ps2ps.1.gz -%doc %{_mandir}/de/man1/wftopfa.1.gz %doc %{_defaultdocdir}/ghostscript %dir %{_datadir}/ghostscript %dir %{_datadir}/ghostscript/%{built_version} ++++++ ghostscript-9.21.tar.gz -> ghostscript-9.22.tar.gz ++++++ /work/SRC/openSUSE:Factory/ghostscript/ghostscript-9.21.tar.gz /work/SRC/openSUSE:Factory/.ghostscript.new/ghostscript-9.22.tar.gz differ: char 5, line 1
