Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ghostscript-devel-9.54.0-4.3 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: ghostscript-devel Distribution: openSUSE Tumbleweed
Version: 9.54.0 Vendor: openSUSE
Release: 4.3 Build date: Wed Jun 15 21:11:59 2022
Group: Development/Libraries/C and C++ Build host: obs-arm-11
Size: 65617 Source RPM: ghostscript-9.54.0-4.3.src.rpm
Packager: http://bugs.opensuse.org
Url: https://www.ghostscript.com/
Summary: Development files for Ghostscript
This package contains the development files for Ghostscript.

Provides

Requires

License

AGPL-3.0-only

Changelog

* Thu Apr 07 2022 Frederic Crozat <fcrozat@suse.com>
  - Do no longer require apparmor-abstractions, it is not mandatory
    to use Ghostscript (bsc#1134289).
* Tue Jan 11 2022 jsmeix@suse.de
  - CVE-2021-45949.patch fixes CVE-2021-45949
    heap-based buffer overflow in sampled_data_finish
    cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
    (bsc#1194304)
  - CVE-2021-45944 use-after-free in sampled_data_sample
    is already fixed in the Ghostscript 9.54.0 upstream sources
    (bsc#1194303)
* Fri Sep 10 2021 jsmeix@suse.de
  - CVE-2021-3781.patch fixes CVE-2021-3781
    Trivial -dSAFER bypass
    cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
    (bsc#1190381)
* Fri May 21 2021 jsmeix@suse.de
  - Version upgrade to 9.54.0
    Highlights in this release include
    (excerpts from the Ghostscript upstream release summary
    in https://www.ghostscript.com/doc/9.54.0/News.htm):
    * The 9.54.0 release is a maintenance release,
      and also adds new functionality.
    * Overprint simulation is now available to all output devices,
      allowing quality previewing/proofing of PostScript and
      PDF jobs that rely on overprint. See the -dOverprint option
      documentation in: doc/9.54.0/Use.htm#Overprint
    * The "docxwrite" device adds the ability to output
      to Microsoft Word "docx" format.
      See: doc/9.54.0/VectorDevices.htm#DOCX
    * The pdfwrite device is now capable of using the Tesseract OCR
      engine when it is built into Ghostscript to improve
      searchability and copy and paste functionality when the input
      lacks the metadata for that purpose.
      See: doc/9.54.0/VectorDevices.htm#UseOCR
    * Ghostscript/GhostPDL now includes a "map text to black"
      function, where text drawn by an input job (except when drawn
      using a Type 3 font) can be forced to draw in solid black.
      See: doc/9.54.0/Use.htm#BlackText
    * Ghostscript/GhostPDL now supports simple N-up imposition
      "internally". See: doc/9.54.0/Use.htm#NupControl
    * Our efforts in code hygiene and maintainability continue.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    * For a list of open issues, or to report problems, please visit
      bugs.ghostscript.com
    For a release summary see:
    https://www.ghostscript.com/doc/9.54.0/News.htm
    For details see the News.htm and History9.htm files.
  - 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer
    needed because it is fixed in the upstream sources.
* Wed Apr 14 2021 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - Hardening: compile with PIC, link as PIE
* Tue Oct 20 2020 Ismail Dönmez <idonmez@suse.com>
  - 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
    fixes compilation with FreeType 2.10.3+
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
    c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
* Tue Oct 20 2020 jsmeix@suse.de
  - Version upgrade to 9.53.3
    Highlights in this release include
    (excerpts from the Ghostscript upstream release summary
    in https://www.ghostscript.com/doc/9.53.3/News.htm):
    * The 9.53.3 release is primarily maintenance.
    * Issues arose with 9.53.0/1/2 that prompted the release
      of a .3 patch:
      A crash related to management of ICC profile objects.
      A parameter type mismatch that would cause Ghostscript
      to error out during initialisation, which
      affected 64 big, big endian architectures.
      An unexpected side effect of another change that prevented
      multithreaded rendering and background rendering
      from working correctly.
    * The most obvious change is the (re-)introduction of the
      patch level to the version number, this helps facilitate
      a revised policy on handling security related issues.
      To clarify: in the event we decide to release a patch revision,
      it will replace the release with the previous patch number.
      Release notes, highlights and warnings will remain the same,
      except for the addition of whatever fix(es) prompted the patch.
    * Our efforts in code hygiene and maintainability continue.
    * We have added Python bindings for the gsapi interface, can be
      found in demos/python. These are experimental, and we welcome
      feedback from interested developers.
    * For those integrating Ghostscript/GhostPDL via the gsapi
      interface, we have added new capabilities to that, specifically
      in terms of setting and interrogating device parameters. These,
      along with the existing interface calls, are documented in:
      Ghostscript Interpreter API at
      https://www.ghostscript.com/doc/9.53.3/API.htm
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    * For a list of open issues, or to report problems, please visit
      bugs.ghostscript.com
    Incompatible changes:
    * As of 9.53.0, we have (re-)introduced the patch level to the
      version number, this helps facilitate a revised policy
      on handling security related issues.
      Note for GSView Users: The patch level addition breaks
      GSView 5 (it is hardcoded to check for versions 704-999).
      It is possible, but not guaranteed that a GSView update might
      be forthcoming to resolve this.
    For a release summary see:
    https://www.ghostscript.com/doc/9.53.3/News.htm
    For details see the News.htm and History9.htm files.
  - CVE-2020-15900.patch is no longer needed
    because it is fixed in the upstream sources.
  - Ghostscript 9.53.3 fixes in particular txtwrite memory issues
    (boo#1177922).
* Tue Jul 28 2020 jsmeix@suse.de
  - CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption
    cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
    (bsc#1174415)
* Wed Apr 29 2020 jsmeix@suse.de
  - The version upgrade to 9.52 fixes in particular
    CVE-2020-12268: jbic2dec: heap-based buffer overflow
    in jbig2_image_compose (bsc#1170603)
  - Version upgrade to 9.52
    Highlights in this release include:
    * The 9.52 release replaces the 9.51 release after a problem
      was reported with 9.51 which warranted the quick turnaround.
      Thus, like 9.51, 9.52 is primarily a maintenance release,
      consolidating the changes we introduced in 9.50.
    * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt
      (the "mt" indicating "multi-thread").
      LCMS2 is not thread-safe, and cannot be made thread-safe
      without breaking the ABI. Our fork will be thread-safe and
      include performance enhancements (these changes have all
      been offered and rejected upstream). We will maintain
      compatibility between Ghostscript and LCMS2 for a time,
      but not in perpetuity. If there is sufficient interest,
      our fork will be available as its own package separately
      from Ghostscript (and MuPDF).
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes:
    * New option -dALLOWPSTRANSPARENCY: The transparency compositor
      (and related features), whilst we are improving it, remains
      sensitive to being driven correctly, and incorrect use
      can have unexpected/undefined results. Hence, as part of
      improving security, we limited access to these operators,
      originally using the -dSAFER feature. As we made "SAFER"
      the default mode, that became unacceptable, hence the
      new option -dALLOWPSTRANSPARENCY which enables access
      to the operators, cf.
      https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY
    For a release summary see:
    https://www.ghostscript.com/doc/9.52/News.htm
    For details see the News.htm and History9.htm files.
  - Version upgrade to 9.51
    Highlights in this release include:
    * 9.51 is primarily a maintainance release, consolidating
      the changes we introduced in 9.50.
    * We have continued our work on code hygiene for this release,
      with a focus on the static analysis tool Coverity
      (from Synopsys, Inc) and we are now maintaining a policy of
      zero Coverity issues in the Ghostscript/GhostPDL source base.
    * IMPORTANT: In consultation with a representative of
      OpenPrinting (http://www.openprinting.org/) it is our
      intention to deprecate and, in the not distant future,
      remove the OpenPrinting Vector/Raster Printer Drivers
      (that is, the opvp and oprp devices).
      If you rely on either of these devices, please get in touch
      with us (i.e. Ghostscript upstream), so we can discuss your
      use case, and revise our plans accordingly.
    * We (i.e. Ghostscript upstream) are in the process of forking
      LittleCMS, cf. the other release notes entries below.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    For a release summary see:
    https://www.ghostscript.com/doc/9.51/News.htm
    For details see the News.htm and History9.htm files.
  - Version upgrade to 9.50
    Highlights in this release include:
    * The change to version 9.50 follows recognition
      of the extent and importance of the file access control
      redesign/reimplementation outlined below.
    * The file access control capability (enable with -dSAFER)
      has been completely rewritten, with a ground-up rethink
      of the design. For more details, see: "SAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#Safer
    * It is important to note that -dSAFER now only enables the
      file access controls, and no longer applies restrictions
      to standard Postscript functionality (specifically,
      restrictions on setpagedevice). If your application relies
      on these Postscript restrictions, see "OLDSAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer
      and please get in touch, as we do plan to remove those
      Postscript restrictions unless we have reason not to.
    IMPORTANT: File access controls are now enabled by default.
      In order to run Ghostscript without these controls,
      see "NOSAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer
    * We (i.e. Ghostscript upstream) are in the process of forking
      LittleCMS, cf. the other release notes entries below.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes:
    * There are a couple of subtle incompatibilities between the old
      and new SAFER implementations. Firstly, as mentioned above,
      SAFER now leaves standard Postcript functionality unchanged
      (except for the file access limitations). Secondly, the
      interaction with save/restore operations, see "SAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#Safer
    * The following is not strictly speaking new to 9.50,
      as not much has changed since 9.27 in this area,
      but for those who don't upgrade with every release:
      The process of "tidying" the Postscript name space should have
      removed only non-standard and undocumented operators.
      Nevertheless, it is possible that any integrations or utilities
      that rely on those non-standard and undocumented operators
      may stop working, or may change behaviour.
      If you encounter such a case, please contact us
      (i.e. Ghostscript upstream, either the #ghostscript IRC channel
      or the gs-devel mailing list would be best), and we'll work
      with you to either find an alternative solution or return the
      previous functionality, if there is genuinely no other option.
      One case we know this has occurred is GSView 5 (and earlier).
      GSView 5 support for PDF files relied upon internal use only
      features which are no longer available. GSView 5 will still
      work as previously for Postscript files. For PDF files,
      users are encouraged to look at MuPDF https://www.mupdf.com/
    For a release summary see:
    https://www.ghostscript.com/doc/9.50/News.htm
    For details see the News.htm and History9.htm files.
  - CVE-2019-10216.patch
    gs-CVE-2019-14811-885444fc.patch
    gs-CVE-2019-14817-cd1b1cac.patch
    openjpeg4gs-CVE-2018-6616-8ee33522.patch
    are fixed in the version 9.52 upstream sources.
* Fri Jan 31 2020 Stefan Brüns <stefan.bruens@rwth-aachen.de>
  - Use system openjpeg2 on Tumbleweed/Factory.
* Mon Sep 23 2019 Johannes Segitz <jsegitz@suse.de>
  - Made ghostscript profile enforcing and limit it to the ghostscript
    binaries (bsc#1150338)
* Mon Sep 16 2019 Dr. Werner Fink <werner@suse.de>
  - Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882
    for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813
  - Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884
    for CVE-2019-14817
* Fri Sep 13 2019 Dr. Werner Fink <werner@suse.de>
  - Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359
    for CVE-2019-12973
* Thu Aug 22 2019 Jan Engelhardt <jengelh@inai.de>
  - Update RPM groups.
* Tue Aug 13 2019 Dr. Werner Fink <werner@suse.de>
  - Use update-alternatives to get the real ghostscript binary from
    /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to
    use this with its wrapper script
* Mon Aug 12 2019 Dr. Werner Fink <werner@suse.de>
  - CVE-2019-10216.patch fixes CVE-2019-10216
    forceput/superexec in .buildfont1 is still accessible
    https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621
    https://bugs.ghostscript.com/show_bug.cgi?id=701394
* Wed May 08 2019 jsegitz@suse.com
  - Set AA profile to complain and added fixes for ps2epsi (boo#1134327)
* Thu Apr 04 2019 jsmeix@suse.de
  - Version upgrade to 9.27
    Highlights in this release include:
    * We (i.e. Ghostscript upstream) have extensively cleaned up
      the Postscript name space: removing access to internal and/or
      undocumented Postscript operators, procedures and data.
      This has benefits for security and maintainability.
      Incompatible changes:
      The process of "tidying" the Postscript name space should
      have removed only non-standard and undocumented operators.
      Nevertheless, it is possible that any integrations or
      utilities that rely on those non-standard and undocumented
      operators may stop working, or may change behaviour.
      If you encounter such a case, please contact us (i.e.
      Ghostscript upstream) - (either the #ghostscript IRC channel,
      or the gs-devel mailing list would be best), and we'll work
      with you to either find an alternative solution.
    * Fontmap can now reference invidual fonts in a TrueType
      Collection for font subsitution. Previously, a Fontmap entry
      could only reference a TrueType collection and use the default
      (first) font.
      Now, the Fontmap syntax allows for specifying a specific index
      in a TTC. See the comments at the top of (the default)
      Fontmap.GS for details.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    IMPORTANT: It is our intention, within the next 12 months
      (ideally sooner, in time for the next release) to make SAFER
      the default mode of operation. For many users this will have
      no effect, since they use SAFER explicitly, but some niche
      uses which rely on SAFER being disabled may need to start
      explicitly adding the "-dNOSAFER" option.
    IMPORTANT: We (i.e. Ghostscript upstream) are in the process of
      forking LittleCMS. LCMS2 is not thread safe, and cannot be made
      thread safe without breaking the ABI. Our fork will be thread
      safe, and include performance enhancements (these changes have
      all be been offered and rejected upstream). We will maintain
      compatibility between Ghostscript and LCMS2 for a time, but not
      in perpetuity. Our fork will be available as its own package
      separately from Ghostscript (and MuPDF).
    For a release summary see:
    http://www.ghostscript.com/doc/9.27/News.htm
    For details see the News.htm and History9.htm files.
    The Ghostscript 9.27 release should fix (cf. the entry below
    dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
    in particular those security issues:
    * CVE-2019-3838 forceput in DefineResource is still accessible
      https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186
      https://bugs.ghostscript.com/show_bug.cgi?id=700576
    * CVE-2019-3835: superexec operator is available
      https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180
      https://bugs.ghostscript.com/show_bug.cgi?id=700585
  - ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
    is no longer needed because it is fixed in the upstream sources.
* Thu Mar 14 2019 jsegitz@suse.com
  - Added AA rules for dvips (bsc#1127934)
  - Allow execution of dirname (bsc#1128697)
  - Allow execution of hpijs (bsc#1128467). For now this is in
    complain mode
  - Sane profile name "ghostscript", moved profile from
    /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript
    (bsc#1128607)
  - Improved AA packaging (bsc#1128608)
    Thanks to Christian Boltz for his help
* Fri Mar 08 2019 Martin Wilck <mwilck@suse.com>
  - Fix IJS printing problem (bsc#1128467)
    * added ijs_exec_server_dont_use_sh.patch
    * allow exec'ing hpijs in apparmor profile
* Thu Feb 07 2019 jsegitz@suse.com
  - Added apparmor_usr.bin.gs. This profile prevents execution of
    executables to serve as hardening for the binaries that process
    ghostscript. This is of limited use but prevents simple exploits.
* Wed Jan 23 2019 jsmeix@suse.de
  - Version upgrade to 9.26a
    The version 9.26a is a special security bugfix version to fix
    * CVE-2019-6116: subroutines within pseudo-operators
      must themselves be pseudo-operators
      https://bugs.ghostscript.com/show_bug.cgi?id=700317
      https://bugzilla.suse.com/show_bug.cgi?id=1122319 bsc#1122319
* Thu Jan 10 2019 jweberhofer@weberhofer.at
  - ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
    fixes Ghostscript issue #700315 and bsc#1121490
    https://bugs.ghostscript.com/show_bug.cgi?id=700315
    Segfault in GS 9.26 with certain PDFs with -dLastPage=1

Files

/usr/include/ghostscript
/usr/include/ghostscript/gdevdsp.h
/usr/include/ghostscript/gserrors.h
/usr/include/ghostscript/iapi.h
/usr/include/ghostscript/ierrors.h
/usr/include/ijs
/usr/include/ijs/ijs.h
/usr/include/ijs/ijs_client.h
/usr/include/ijs/ijs_server.h
/usr/lib/libgs.so
/usr/lib/libijs.so
/usr/lib/pkgconfig/ijs.pc


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Jul 9 11:01:08 2022