Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ghostscript-x11-10.04.0-2.2 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: ghostscript-x11 Distribution: openSUSE:Factory:zSystems
Version: 10.04.0 Vendor: openSUSE
Release: 2.2 Build date: Wed Oct 30 13:27:04 2024
Group: Productivity/Publishing/PS Build host: reproducible
Size: 100880 Source RPM: ghostscript-10.04.0-2.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.ghostscript.com/
Summary: X11 library for Ghostscript
This package contains the X11 library which is needed to view PostScript and
PDF files with Ghostscript under the X Window System.

Provides

Requires

License

AGPL-3.0-only

Changelog

* Wed Oct 30 2024 Johannes Meixner <jsmeix@suse.com>
  - Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024"
    by adding the individual "bsc" numbers for each CVE, see
    https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4
    and by adding the "IMPORTANT" change in Ghostscript 10.04.0
  - spec file cleanup: removed the special cases for SLE12
    i.e. rely on "suse_version >= 1500" as given precondition
    (recent Ghostscript versions fail to build in SLE12 anyway)
* Wed Oct 23 2024 Dirk Müller <dmueller@suse.com>
  - Version upgrade to 10.04.0 (bsc#1232173):
    Highlights in this release include:
    See 'Recent Changes in Ghostscript' at Ghostscript upstream
    https://ghostscript.readthedocs.io/en/gs10.04.0/News.html
    * This release addresses:
      + CVE-2024-46951 (bsc#1232265)
      + CVE-2024-46952 (bsc#1232266)
      + CVE-2024-46953 (bsc#1232267)
      + CVE-2024-46954 (bsc#1232268)
      + CVE-2024-46955 (bsc#1232269)
      + CVE-2024-46956 (bsc#1232270)
    * IMPORTANT: In this release (10.04.0)
      we (i.e. Ghostscript upstream) have be added
      protection for device selection from PostScript input.
      This will mean that, by default, only the device specified
      on the command line will be permitted. Similar to the file
      permissions, there will be a "--permit-devices=" allowing
      a comma separation list of allowed devices. This will also
      take a single wildcard "*" allowing any device.
      Any application which relies on allowing PostScript
      to change devices during a job will have to be aware,
      and take action to deal with this change.
      The exception is "nulldevice", switching to that requires
      no special action.
* Mon Jul 01 2024 Johannes Meixner <jsmeix@suse.com>
  - Version upgrade to 10.03.1:
    Highlights in this release include:
    See 'Recent Changes in Ghostscript' at Ghostscript upstream
    https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
    * Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
      CVE-2024-33871 and CVE-2024-29510
  - Regarding CVE-2024-33869 see bsc#1226946 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
    https://bugs.ghostscript.com/show_bug.cgi?id=707691
  - Regarding CVE-2023-52722 see bsc#1223852 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
  - Regarding CVE-2024-33870 see bsc#1226944 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
    https://bugs.ghostscript.com/show_bug.cgi?id=707686
  - Regarding CVE-2024-33871 see bsc#1225491 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
  - Regarding CVE-2024-29510 see bsc#1226945 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
* Tue Mar 26 2024 Johannes Meixner <jsmeix@suse.com>
  - Version upgrade to 10.03.0:
    For openSUSE and SUSE Ghostscript is built '--without-tesseract'
    (see the entry below dated 'Mon Jul 18 07:28:54 UTC 2022').
    Highlights in this release include:
    See 'Recent Changes in Ghostscript' at Ghostscript upstream
    https://ghostscript.readthedocs.io/en/gs10.03.0/News.html
    * As of this release (10.03.0) pdfwrite creates PDF files
      with XRef streams and ObjStm streams. This can result in
      considerably smaller PDF output files. See Vector Devices
      https://ghostscript.readthedocs.io/en/latest/VectorDevices.html
      for more details.
    * Ghostscript/pdfwrite now supports passing through
      PDF "Optional Content".
    * Our efforts in code hygiene and maintainability continue.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes (the release is listed in parentheses):
    * (10.03.0) Almost all the "internal" PostScript procedures
      defined during the interpreter startup are now "executeonly",
      further reducing the attack surface of the interpreter.
      The nature of these procedures means there should be no impact
      for legitimate usage, but it is possible it will impact uses
      which abuse the previous accessibility (even for legitimate
      reasons). Such cases may now require "DELAYBIND", See DELAYBIND
      https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind
    * (10.03.0) The "makeimagedevice" non-standard operator has been
      removed. It allowed low level access to the graphics library
      in a way that was, essentially impossible to secure.
    * (10.03.0) The "putdeviceprops", "getdeviceprops",
      "finddevice", "copydevice", "findprotodevice" non-standard
      operators have all been removed. They provided functionality
      that is either accessible through standard operators,
      or should not be used by user PostScript.
    * (10.03.0) The process of "tidying" the PostScript namespace
      should have removed only non-standard and undocumented
      operators. Nevertheless, it is possible that any integrations
      or utilities that rely on those non-standard and undocumented
      operators may stop working or may change behaviour.
    If you encounter such a case, please contact us
    (Discord https://discord.gg/H9GXKwyPvY
    [#]ghostscript IRC channel https://web.libera.chat/#ghostscript
    or the gs-devel mailing list
    https://www.ghostscript.com/mailman/index.html would be best),
    but remember that free versions of Ghostscript
    come with with NO WARRANTY and NO SUPPORT.
  - Ghostscript 10.03.0 contains the fix to build with GCC 14
    (boo#1221687)
* Tue Feb 27 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Thu Feb 22 2024 Thorsten Kukuk <kukuk@suse.com>
  - Allow to disable apparmor support (ALP supports only SELinux)
* Sun Jan 28 2024 Dirk Müller <dmueller@suse.com>
  - update to 10.02.1:
    * Patch release to address some security bugs
    * This release (10.02.0) marks the final demise of the
      PostScript based PDF interpreter.
    * This 10.01.1 release removes the "-dNEWPDF=false" command
      line option to fall back to the deprecated, old PDF
      interpreter.
    * This 10.01.0 release removes the "-dNEWPDF=false" command
      line option to fall back to the deprecated, old PDF
      interpreter.
    * This release officially deprecates the old Postscript
      implementation of PDF, we will not be updating or maintaining
      that code moving forward. The option to use the old PDF
      implementation _**will**_ be removed in the next full release
      (10.01.0)
    * Important: This release includes the new PDF interpreter
      (implemented in C rather than PostScript). It is both
      integrated into Ghostscript (now ENABLED by default), and
      available as a standalone, PDF only, binary. See
      https://ghostscript.com/pdfi.html for more details.
    * This also bundles the latest zlib (1.2.12) which addresses a
      security issue (CVE-2018-25032)
    * **Important**: This release includes the new PDF interpreter
      (implemented in C rather than PostScript). It is both
      integrated into Ghostscript (now **ENABLED** by default), and
      available as a standalone, PDF only, binary. See
      https://ghostscript.com/pdfi.html for more details.
  - drop CVE-2023-28879.patch, CVE-2023-36664.patch,
      CVE-2023-38559.patch, CVE-2023-43115.patch,
      CVE-2023-46751.patch: upstream
  - drop remove-zlib-h-dependency.patch: unused
* Wed Jan 03 2024 Johannes Meixner <jsmeix@suse.com>
  - CVE-2023-46751.patch is
    https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
    adapted for Ghostscript-9.56.1 that fixes
    https://bugs.ghostscript.com/show_bug.cgi?id=707264
    which includes a fix for CVE-2023-46751
    "dangling pointer in gdev_prn_open_printer_seekable()"
    (bsc#1217871)
* Mon Dec 18 2023 Dominique Leuenberger <dimstar@opensuse.org>
  - Recommend cups-filters only when cups is present.
* Wed Sep 20 2023 Johannes Meixner <jsmeix@suse.com>
  - CVE-2023-43115.patch is
    https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
    that fixes CVE-2023-43115 "remote code execution
    via crafted PostScript documents in gdevijs.c"
    see https://bugs.ghostscript.com/show_bug.cgi?id=707051
    (bsc#1215466)
* Wed Jul 26 2023 Johannes Meixner <jsmeix@suse.com>
  - CVE-2023-38559.patch fixes CVE-2023-38559
    "out of bounds read devn_pcx_write_rle() could result in DoS"
    see bsc#1213637
    and https://bugs.ghostscript.com/show_bug.cgi?id=706897
    which is in base/gdevdevn.c the same issue
    "ordering in if expression to avoid out-of-bounds access"
    as the already fixed CVE-2020-16305 in devices/gdevpcx.c
    see https://bugs.ghostscript.com/show_bug.cgi?id=701819
* Tue Jul 04 2023 Johannes Meixner <jsmeix@suse.com>
  - CVE-2023-36664.patch fixes CVE-2023-36664
    see https://bugs.ghostscript.com/show_bug.cgi?id=706761
    "OS command injection in %pipe% access"
    and https://bugs.ghostscript.com/show_bug.cgi?id=706778
    "%pipe% allowed_path bypass"
    and bsc#1212711
    "permission validation mishandling for pipe devices
    (with the %pipe% prefix or the | pipe character prefix)"
* Wed Apr 26 2023 Jan Engelhardt <jengelh@inai.de>
  - Replace BuildRequire on xorg-x11-devel by pkgconfig(...)
* Tue Apr 11 2023 Johannes Meixner <jsmeix@suse.com>
  - CVE-2023-28879.patch fixes CVE-2023-28879
    Buffer Overflow in s_xBCPE_process
    cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
    (bsc#1210062)
* Mon Jul 18 2022 Dirk Müller <dmueller@suse.com>
  - update to 9.56.1:
    Highlights in this release include
    (excerpts from the Ghostscript upstream release summary
    in https://ghostscript.com/docs/9.56.1/News.htm):
    * New PDF Interpreter: This is an entirely new implementation
      written in C (rather than PostScript, as before)
    * Calling Ghostscript via the GS API is now thread safe. The one
      limitation is that the X11 devices for Unix-like systems (x11,
      x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2,
      x11gray4 and x11mono) cannot be made thread safe, due to their
      interaction with the X11 server, those devices have been
      modified to only allow one instance in an executable.
    * The PSD output device now writes ICC profiles to their output
      files, for improved color fidelity.
    * Our efforts in code hygiene and maintainability continue.
    * The usual round of bug fixes, compatibility changes, and
      incremental improvements.
    * We have added the capability to build with the Tesseract OCR
      engine. In such a build, new devices are available
      (pdfocr8/pdfocr24/pdfocr32) which render the output file to an
      image, OCR that image, and output the image "wrapped" up as a
      PDF file, with the OCR generated text information included
      as "invisible" text (in PDF terms, text rendering mode 3).
      Mainly due to time constraints, we only support including
      Tesseract from source included in our release packages,
      and not linking to Tesseract/Leptonica shared libraries.
      Whether we add this capability will be largely dependent
      on community demand for the feature. See Enabling OCR
      at https://www.ghostscript.com/ocr.html for more details.
    For a release summary see:
    https://www.ghostscript.com/doc/9.54.0/News.htm
    For details see the News.htm and History9.htm files.
  - Configure --without-tesseract because this requires C++ (it
    might be added if Tesseract support in Ghostscript is needed).
  - Drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream
* Mon Jul 18 2022 Dirk Müller <dmueller@suse.com>
  - Use _multibuild
* Wed Apr 13 2022 Dirk Müller <dmueller@suse.com>
  - Use system zlib (bsc#1198449)
* Thu Apr 07 2022 Frederic Crozat <fcrozat@suse.com>
  - Do no longer require apparmor-abstractions, it is not mandatory
    to use Ghostscript (bsc#1134289).
* Tue Jan 11 2022 jsmeix@suse.de
  - CVE-2021-45949.patch fixes CVE-2021-45949
    heap-based buffer overflow in sampled_data_finish
    cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
    (bsc#1194304)
  - CVE-2021-45944 use-after-free in sampled_data_sample
    is already fixed in the Ghostscript 9.54.0 upstream sources
    (bsc#1194303)
* Fri Sep 10 2021 jsmeix@suse.de
  - CVE-2021-3781.patch fixes CVE-2021-3781
    Trivial -dSAFER bypass
    cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
    (bsc#1190381)
* Fri May 21 2021 jsmeix@suse.de
  - Version upgrade to 9.54.0
    Highlights in this release include
    (excerpts from the Ghostscript upstream release summary
    in https://www.ghostscript.com/doc/9.54.0/News.htm):
    * The 9.54.0 release is a maintenance release,
      and also adds new functionality.
    * Overprint simulation is now available to all output devices,
      allowing quality previewing/proofing of PostScript and
      PDF jobs that rely on overprint. See the -dOverprint option
      documentation in: doc/9.54.0/Use.htm#Overprint
    * The "docxwrite" device adds the ability to output
      to Microsoft Word "docx" format.
      See: doc/9.54.0/VectorDevices.htm#DOCX
    * The pdfwrite device is now capable of using the Tesseract OCR
      engine when it is built into Ghostscript to improve
      searchability and copy and paste functionality when the input
      lacks the metadata for that purpose.
      See: doc/9.54.0/VectorDevices.htm#UseOCR
    * Ghostscript/GhostPDL now includes a "map text to black"
      function, where text drawn by an input job (except when drawn
      using a Type 3 font) can be forced to draw in solid black.
      See: doc/9.54.0/Use.htm#BlackText
    * Ghostscript/GhostPDL now supports simple N-up imposition
      "internally". See: doc/9.54.0/Use.htm#NupControl
    * Our efforts in code hygiene and maintainability continue.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    * For a list of open issues, or to report problems, please visit
      bugs.ghostscript.com
    For a release summary see:
    https://www.ghostscript.com/doc/9.54.0/News.htm
    For details see the News.htm and History9.htm files.
  - 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer
    needed because it is fixed in the upstream sources.
* Wed Apr 14 2021 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - Hardening: compile with PIC, link as PIE

Files

/usr/lib64/ghostscript/10.04.0/X11.so


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Dec 25 23:53:00 2024