Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2020-10-23 12:19:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript" Fri Oct 23 12:19:09 2020 rev:47 rq:843002 version:9.53.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2020-07-31 15:52:39.804043267 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.3463/ghostscript-mini.changes 2020-10-23 12:19:25.756561697 +0200 @@ -1,0 +2,62 @@ +Tue Oct 20 16:38:24 CEST 2020 - Ismail Dönmez <idon...@suse.com> + +- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch + fixes compilation with FreeType 2.10.3+ + http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade + c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 + +------------------------------------------------------------------- +Tue Oct 20 16:03:48 CEST 2020 - jsm...@suse.de + +- Version upgrade to 9.53.3 + Highlights in this release include + (excerpts from the Ghostscript upstream release summary + in https://www.ghostscript.com/doc/9.53.3/News.htm): + * The 9.53.3 release is primarily maintenance. + * Issues arose with 9.53.0/1/2 that prompted the release + of a .3 patch: + A crash related to management of ICC profile objects. + A parameter type mismatch that would cause Ghostscript + to error out during initialisation, which + affected 64 big, big endian architectures. + An unexpected side effect of another change that prevented + multithreaded rendering and background rendering + from working correctly. + * The most obvious change is the (re-)introduction of the + patch level to the version number, this helps facilitate + a revised policy on handling security related issues. + To clarify: in the event we decide to release a patch revision, + it will replace the release with the previous patch number. + Release notes, highlights and warnings will remain the same, + except for the addition of whatever fix(es) prompted the patch. + * Our efforts in code hygiene and maintainability continue. + * We have added Python bindings for the gsapi interface, can be + found in demos/python. These are experimental, and we welcome + feedback from interested developers. + * For those integrating Ghostscript/GhostPDL via the gsapi + interface, we have added new capabilities to that, specifically + in terms of setting and interrogating device parameters. These, + along with the existing interface calls, are documented in: + Ghostscript Interpreter API at + https://www.ghostscript.com/doc/9.53.3/API.htm + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + * For a list of open issues, or to report problems, please visit + bugs.ghostscript.com + Incompatible changes: + * As of 9.53.0, we have (re-)introduced the patch level to the + version number, this helps facilitate a revised policy + on handling security related issues. + Note for GSView Users: The patch level addition breaks + GSView 5 (it is hardcoded to check for versions 704-999). + It is possible, but not guaranteed that a GSView update might + be forthcoming to resolve this. + For a release summary see: + https://www.ghostscript.com/doc/9.53.3/News.htm + For details see the News.htm and History9.htm files. +- CVE-2020-15900.patch is no longer needed + because it is fixed in the upstream sources. +- Ghostscript 9.53.3 fixes in particular txtwrite memory issues + (boo#1177922). + +------------------------------------------------------------------- ghostscript.changes: same change Old: ---- CVE-2020-15900.patch ghostscript-9.52.tar.gz New: ---- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch ghostscript-9.53.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript-mini.spec ++++++ --- /var/tmp/diff_new_pack.K92Eu2/_old 2020-10-23 12:19:27.260562474 +0200 +++ /var/tmp/diff_new_pack.K92Eu2/_new 2020-10-23 12:19:27.264562476 +0200 @@ -47,7 +47,7 @@ # so that we keep additionally the previous version number to upgrade from the previous version: # Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. #Version: 9.25pre26rc1 -Version: 9.52 +Version: 9.53.3 Release: 0 # Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": @@ -58,8 +58,8 @@ # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): -#define built_version %{version} -%define built_version 9.52 +%define built_version %{version} +#define built_version 9.26 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -71,20 +71,17 @@ #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz +# wget -O ghostscript-9.53.3.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/ghostscript-9.53.3.tar.gz # URL for MD5 checksums: -# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS -# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz +# wget -O gs9533.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/MD5SUMS +# MD5 checksum for Source0: 807a5c4934a814e8a6cd83eff702f212 ghostscript-9.53.3.tar.gz Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: -# Patch1 CVE-2020-15900.patch is -# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b -# that fixes CVE-2020-15900 Memory Corruption -# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 -# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 -Patch1: CVE-2020-15900.patch +# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+ +# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade +# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 +Patch2: 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -153,13 +150,10 @@ # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -# Patch1 CVE-2020-15900.patch is -# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b -# that fixes CVE-2020-15900 Memory Corruption -# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 -# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 -%patch1 +# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+ +# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade +# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 +%patch2 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream @@ -188,6 +182,9 @@ %else rm -rf freetype jpeg libpng tiff %endif +%if 0%{?suse_version} >= 1550 +rm -rf openjpeg +%endif # In contrast to the above we use lcms2 from SUSE since Ghostscript 9.23rc1 # because that is what Ghostscript upstream recommends according to # https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html @@ -327,14 +324,15 @@ # Extract the catalog of devices which are actually built-in in exactly this Ghostscript: # If a needed source file is no longer accessible fail intentionally as notification # that something changed which needs adaptions here: -for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak +catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak" +for F in $catalog_devices_source_files do test -r $F || exit 99 done # Do not pollute the build log file with zillions of meaningless messages: set +x cat /dev/null >catalog.devices for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' ) -do for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak +do for F in $catalog_devices_source_files do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices done done ++++++ ghostscript.spec ++++++ --- /var/tmp/diff_new_pack.K92Eu2/_old 2020-10-23 12:19:27.284562487 +0200 +++ /var/tmp/diff_new_pack.K92Eu2/_new 2020-10-23 12:19:27.288562488 +0200 @@ -71,7 +71,7 @@ # so that we keep additionally the previous version number to upgrade from the previous version: # Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. #Version: 9.25pre26rc1 -Version: 9.52 +Version: 9.53.3 Release: 0 # Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": @@ -82,8 +82,8 @@ # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): -#define built_version %{version} -%define built_version 9.52 +%define built_version %{version} +#define built_version 9.26 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -95,20 +95,17 @@ #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz +# wget -O ghostscript-9.53.3.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/ghostscript-9.53.3.tar.gz # URL for MD5 checksums: -# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS -# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz +# wget -O gs9533.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/MD5SUMS +# MD5 checksum for Source0: 807a5c4934a814e8a6cd83eff702f212 ghostscript-9.53.3.tar.gz Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: -# Patch1 CVE-2020-15900.patch is -# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b -# that fixes CVE-2020-15900 Memory Corruption -# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 -# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 -Patch1: CVE-2020-15900.patch +# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+ +# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade +# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 +Patch2: 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -290,13 +287,10 @@ # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -# Patch1 CVE-2020-15900.patch is -# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b -# that fixes CVE-2020-15900 Memory Corruption -# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c -# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 -# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 -%patch1 +# Patch2 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+ +# http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade +# c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 +%patch2 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream @@ -467,14 +461,15 @@ # Extract the catalog of devices which are actually built-in in exactly this Ghostscript: # If a needed source file is no longer accessible fail intentionally as notification # that something changed which needs adaptions here: -for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak +catalog_devices_source_files="devices/devs.mak devices/dcontrib.mak contrib/contrib.mak" +for F in $catalog_devices_source_files do test -r $F || exit 99 done # Do not pollute the build log file with zillions of meaningless messages: set +x cat /dev/null >catalog.devices for D in $( LD_LIBRARY_PATH=%{buildroot}/%{_libdir} %{buildroot}/usr/bin/gs -h | sed -n -e '/^Available devices:/,/^Search path:/p' | egrep -v '^Available devices:|^Search path:' ) -do for F in devices/devs.mak devices/contrib.mak contrib/contrib.mak +do for F in $catalog_devices_source_files do sed -n -e '/ Catalog /,/ End of catalog /p' $F | grep "[[:space:]]$D[[:space:]]" | grep -o '[[:alnum:]].*' | tr -s '[:blank:]' ' ' | sed -e 's/ /\t/' | expand -t16 >>catalog.devices done done ++++++ 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch ++++++ >From 41ef9a0bc36b9db7115fbe9623f989bfb47bbade Mon Sep 17 00:00:00 2001 From: Chris Liddell <chris.lidd...@artifex.com> Date: Tue, 20 Oct 2020 09:49:45 +0100 Subject: [PATCH] Bug 702985: drop use of FT_CALLBACK_DEF() def >From 2.10.3, Freetype disappeared the FT_CALLBACK_DEF() macro, which is what we used when defining our callbacks from Freetype. No guidance forthcoming from the Freetype developer who made those changes, so change to explicitly declaring the callbacks file static. Should fix the reported build failures. --- base/fapi_ft.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/base/fapi_ft.c b/base/fapi_ft.c index 65fa6dcf4..21aef2f06 100644 --- a/base/fapi_ft.c +++ b/base/fapi_ft.c @@ -125,7 +125,7 @@ static void delete_inc_int_info(gs_fapi_server * a_server, FT_IncrementalRec * a_inc_int_info); -FT_CALLBACK_DEF(void *) +static void * FF_alloc(FT_Memory memory, long size) { gs_memory_t *mem = (gs_memory_t *) memory->user; @@ -133,7 +133,7 @@ FF_alloc(FT_Memory memory, long size) return (gs_malloc(mem, size, 1, "FF_alloc")); } -FT_CALLBACK_DEF(void *) +static void * FF_realloc(FT_Memory memory, long cur_size, long new_size, void *block) { gs_memory_t *mem = (gs_memory_t *) memory->user; @@ -153,7 +153,7 @@ FT_CALLBACK_DEF(void *) return (tmp); } -FT_CALLBACK_DEF(void) +static void FF_free(FT_Memory memory, void *block) { gs_memory_t *mem = (gs_memory_t *) memory->user; -- 2.17.1 ++++++ ghostscript-9.52.tar.gz -> ghostscript-9.53.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/ghostscript/ghostscript-9.52.tar.gz /work/SRC/openSUSE:Factory/.ghostscript.new.3463/ghostscript-9.53.3.tar.gz differ: char 5, line 1
