Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ghostscript-devel-10.04.0-slfo.1.1.3 RPM for ppc64le

From OpenSuSE Leap 16.0 for ppc64le

Name: ghostscript-devel Distribution: SUSE Linux Framework One
Version: 10.04.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.3 Build date: Wed Oct 30 13:27:04 2024
Group: Development/Libraries/C and C++ Build host: reproducible
Size: 62857 Source RPM: ghostscript-10.04.0-slfo.1.1.3.src.rpm
Packager: https://www.suse.com/
Url: https://www.ghostscript.com/
Summary: Development files for Ghostscript
This package contains the development files for Ghostscript.

Provides

Requires

License

AGPL-3.0-only

Changelog

* Wed Oct 30 2024 [email protected]
  - Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024"
    by adding the individual "bsc" numbers for each CVE, see
    https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4
    and by adding the "IMPORTANT" change in Ghostscript 10.04.0
  - spec file cleanup: removed the special cases for SLE12
    i.e. rely on "suse_version >= 1500" as given precondition
    (recent Ghostscript versions fail to build in SLE12 anyway)
* Wed Oct 23 2024 [email protected]
  - Version upgrade to 10.04.0 (bsc#1232173):
    Highlights in this release include:
    See 'Recent Changes in Ghostscript' at Ghostscript upstream
    https://ghostscript.readthedocs.io/en/gs10.04.0/News.html
    * This release addresses:
      + CVE-2024-46951 (bsc#1232265)
      + CVE-2024-46952 (bsc#1232266)
      + CVE-2024-46953 (bsc#1232267)
      + CVE-2024-46954 (bsc#1232268)
      + CVE-2024-46955 (bsc#1232269)
      + CVE-2024-46956 (bsc#1232270)
    * IMPORTANT: In this release (10.04.0)
      we (i.e. Ghostscript upstream) have be added
      protection for device selection from PostScript input.
      This will mean that, by default, only the device specified
      on the command line will be permitted. Similar to the file
      permissions, there will be a "--permit-devices=" allowing
      a comma separation list of allowed devices. This will also
      take a single wildcard "*" allowing any device.
      Any application which relies on allowing PostScript
      to change devices during a job will have to be aware,
      and take action to deal with this change.
      The exception is "nulldevice", switching to that requires
      no special action.
* Mon Jul 01 2024 [email protected]
  - Version upgrade to 10.03.1:
    Highlights in this release include:
    See 'Recent Changes in Ghostscript' at Ghostscript upstream
    https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
    * Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
      CVE-2024-33871 and CVE-2024-29510
  - Regarding CVE-2024-33869 see bsc#1226946 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
    https://bugs.ghostscript.com/show_bug.cgi?id=707691
  - Regarding CVE-2023-52722 see bsc#1223852 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
  - Regarding CVE-2024-33870 see bsc#1226944 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
    https://bugs.ghostscript.com/show_bug.cgi?id=707686
  - Regarding CVE-2024-33871 see bsc#1225491 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
  - Regarding CVE-2024-29510 see bsc#1226945 and
    https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
* Tue Mar 26 2024 [email protected]
  - Version upgrade to 10.03.0:
    For openSUSE and SUSE Ghostscript is built '--without-tesseract'
    (see the entry below dated 'Mon Jul 18 07:28:54 UTC 2022').
    Highlights in this release include:
    See 'Recent Changes in Ghostscript' at Ghostscript upstream
    https://ghostscript.readthedocs.io/en/gs10.03.0/News.html
    * As of this release (10.03.0) pdfwrite creates PDF files
      with XRef streams and ObjStm streams. This can result in
      considerably smaller PDF output files. See Vector Devices
      https://ghostscript.readthedocs.io/en/latest/VectorDevices.html
      for more details.
    * Ghostscript/pdfwrite now supports passing through
      PDF "Optional Content".
    * Our efforts in code hygiene and maintainability continue.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes (the release is listed in parentheses):
    * (10.03.0) Almost all the "internal" PostScript procedures
      defined during the interpreter startup are now "executeonly",
      further reducing the attack surface of the interpreter.
      The nature of these procedures means there should be no impact
      for legitimate usage, but it is possible it will impact uses
      which abuse the previous accessibility (even for legitimate
      reasons). Such cases may now require "DELAYBIND", See DELAYBIND
      https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind
    * (10.03.0) The "makeimagedevice" non-standard operator has been
      removed. It allowed low level access to the graphics library
      in a way that was, essentially impossible to secure.
    * (10.03.0) The "putdeviceprops", "getdeviceprops",
      "finddevice", "copydevice", "findprotodevice" non-standard
      operators have all been removed. They provided functionality
      that is either accessible through standard operators,
      or should not be used by user PostScript.
    * (10.03.0) The process of "tidying" the PostScript namespace
      should have removed only non-standard and undocumented
      operators. Nevertheless, it is possible that any integrations
      or utilities that rely on those non-standard and undocumented
      operators may stop working or may change behaviour.
    If you encounter such a case, please contact us
    (Discord https://discord.gg/H9GXKwyPvY
    [#]ghostscript IRC channel https://web.libera.chat/#ghostscript
    or the gs-devel mailing list
    https://www.ghostscript.com/mailman/index.html would be best),
    but remember that free versions of Ghostscript
    come with with NO WARRANTY and NO SUPPORT.
  - Ghostscript 10.03.0 contains the fix to build with GCC 14
    (boo#1221687)
* Tue Feb 27 2024 [email protected]
  - Use %patch -P N instead of deprecated %patchN.
* Thu Feb 22 2024 [email protected]
  - Allow to disable apparmor support (ALP supports only SELinux)
* Sun Jan 28 2024 [email protected]
  - update to 10.02.1:
    * Patch release to address some security bugs
    * This release (10.02.0) marks the final demise of the
      PostScript based PDF interpreter.
    * This 10.01.1 release removes the "-dNEWPDF=false" command
      line option to fall back to the deprecated, old PDF
      interpreter.
    * This 10.01.0 release removes the "-dNEWPDF=false" command
      line option to fall back to the deprecated, old PDF
      interpreter.
    * This release officially deprecates the old Postscript
      implementation of PDF, we will not be updating or maintaining
      that code moving forward. The option to use the old PDF
      implementation _**will**_ be removed in the next full release
      (10.01.0)
    * Important: This release includes the new PDF interpreter
      (implemented in C rather than PostScript). It is both
      integrated into Ghostscript (now ENABLED by default), and
      available as a standalone, PDF only, binary. See
      https://ghostscript.com/pdfi.html for more details.
    * This also bundles the latest zlib (1.2.12) which addresses a
      security issue (CVE-2018-25032)
    * **Important**: This release includes the new PDF interpreter
      (implemented in C rather than PostScript). It is both
      integrated into Ghostscript (now **ENABLED** by default), and
      available as a standalone, PDF only, binary. See
      https://ghostscript.com/pdfi.html for more details.
  - drop CVE-2023-28879.patch, CVE-2023-36664.patch,
      CVE-2023-38559.patch, CVE-2023-43115.patch,
      CVE-2023-46751.patch: upstream
  - drop remove-zlib-h-dependency.patch: unused
* Wed Jan 03 2024 [email protected]
  - CVE-2023-46751.patch is
    https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
    adapted for Ghostscript-9.56.1 that fixes
    https://bugs.ghostscript.com/show_bug.cgi?id=707264
    which includes a fix for CVE-2023-46751
    "dangling pointer in gdev_prn_open_printer_seekable()"
    (bsc#1217871)
* Mon Dec 18 2023 [email protected]
  - Recommend cups-filters only when cups is present.
* Wed Sep 20 2023 [email protected]
  - CVE-2023-43115.patch is
    https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
    that fixes CVE-2023-43115 "remote code execution
    via crafted PostScript documents in gdevijs.c"
    see https://bugs.ghostscript.com/show_bug.cgi?id=707051
    (bsc#1215466)
* Wed Jul 26 2023 [email protected]
  - CVE-2023-38559.patch fixes CVE-2023-38559
    "out of bounds read devn_pcx_write_rle() could result in DoS"
    see bsc#1213637
    and https://bugs.ghostscript.com/show_bug.cgi?id=706897
    which is in base/gdevdevn.c the same issue
    "ordering in if expression to avoid out-of-bounds access"
    as the already fixed CVE-2020-16305 in devices/gdevpcx.c
    see https://bugs.ghostscript.com/show_bug.cgi?id=701819
* Tue Jul 04 2023 [email protected]
  - CVE-2023-36664.patch fixes CVE-2023-36664
    see https://bugs.ghostscript.com/show_bug.cgi?id=706761
    "OS command injection in %pipe% access"
    and https://bugs.ghostscript.com/show_bug.cgi?id=706778
    "%pipe% allowed_path bypass"
    and bsc#1212711
    "permission validation mishandling for pipe devices
    (with the %pipe% prefix or the | pipe character prefix)"
* Wed Apr 26 2023 [email protected]
  - Replace BuildRequire on xorg-x11-devel by pkgconfig(...)
* Tue Apr 11 2023 [email protected]
  - CVE-2023-28879.patch fixes CVE-2023-28879
    Buffer Overflow in s_xBCPE_process
    cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
    (bsc#1210062)
* Mon Jul 18 2022 [email protected]
  - update to 9.56.1:
    Highlights in this release include
    (excerpts from the Ghostscript upstream release summary
    in https://ghostscript.com/docs/9.56.1/News.htm):
    * New PDF Interpreter: This is an entirely new implementation
      written in C (rather than PostScript, as before)
    * Calling Ghostscript via the GS API is now thread safe. The one
      limitation is that the X11 devices for Unix-like systems (x11,
      x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2,
      x11gray4 and x11mono) cannot be made thread safe, due to their
      interaction with the X11 server, those devices have been
      modified to only allow one instance in an executable.
    * The PSD output device now writes ICC profiles to their output
      files, for improved color fidelity.
    * Our efforts in code hygiene and maintainability continue.
    * The usual round of bug fixes, compatibility changes, and
      incremental improvements.
    * We have added the capability to build with the Tesseract OCR
      engine. In such a build, new devices are available
      (pdfocr8/pdfocr24/pdfocr32) which render the output file to an
      image, OCR that image, and output the image "wrapped" up as a
      PDF file, with the OCR generated text information included
      as "invisible" text (in PDF terms, text rendering mode 3).
      Mainly due to time constraints, we only support including
      Tesseract from source included in our release packages,
      and not linking to Tesseract/Leptonica shared libraries.
      Whether we add this capability will be largely dependent
      on community demand for the feature. See Enabling OCR
      at https://www.ghostscript.com/ocr.html for more details.
    For a release summary see:
    https://www.ghostscript.com/doc/9.54.0/News.htm
    For details see the News.htm and History9.htm files.
  - Configure --without-tesseract because this requires C++ (it
    might be added if Tesseract support in Ghostscript is needed).
  - Drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream
* Mon Jul 18 2022 [email protected]
  - Use _multibuild
* Wed Apr 13 2022 [email protected]
  - Use system zlib (bsc#1198449)
* Thu Apr 07 2022 [email protected]
  - Do no longer require apparmor-abstractions, it is not mandatory
    to use Ghostscript (bsc#1134289).
* Tue Jan 11 2022 [email protected]
  - CVE-2021-45949.patch fixes CVE-2021-45949
    heap-based buffer overflow in sampled_data_finish
    cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
    (bsc#1194304)
  - CVE-2021-45944 use-after-free in sampled_data_sample
    is already fixed in the Ghostscript 9.54.0 upstream sources
    (bsc#1194303)
* Fri Sep 10 2021 [email protected]
  - CVE-2021-3781.patch fixes CVE-2021-3781
    Trivial -dSAFER bypass
    cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
    (bsc#1190381)
* Fri May 21 2021 [email protected]
  - Version upgrade to 9.54.0
    Highlights in this release include
    (excerpts from the Ghostscript upstream release summary
    in https://www.ghostscript.com/doc/9.54.0/News.htm):
    * The 9.54.0 release is a maintenance release,
      and also adds new functionality.
    * Overprint simulation is now available to all output devices,
      allowing quality previewing/proofing of PostScript and
      PDF jobs that rely on overprint. See the -dOverprint option
      documentation in: doc/9.54.0/Use.htm#Overprint
    * The "docxwrite" device adds the ability to output
      to Microsoft Word "docx" format.
      See: doc/9.54.0/VectorDevices.htm#DOCX
    * The pdfwrite device is now capable of using the Tesseract OCR
      engine when it is built into Ghostscript to improve
      searchability and copy and paste functionality when the input
      lacks the metadata for that purpose.
      See: doc/9.54.0/VectorDevices.htm#UseOCR
    * Ghostscript/GhostPDL now includes a "map text to black"
      function, where text drawn by an input job (except when drawn
      using a Type 3 font) can be forced to draw in solid black.
      See: doc/9.54.0/Use.htm#BlackText
    * Ghostscript/GhostPDL now supports simple N-up imposition
      "internally". See: doc/9.54.0/Use.htm#NupControl
    * Our efforts in code hygiene and maintainability continue.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    * For a list of open issues, or to report problems, please visit
      bugs.ghostscript.com
    For a release summary see:
    https://www.ghostscript.com/doc/9.54.0/News.htm
    For details see the News.htm and History9.htm files.
  - 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer
    needed because it is fixed in the upstream sources.
* Wed Apr 14 2021 [email protected]
  - Hardening: compile with PIC, link as PIE
* Tue Oct 20 2020 [email protected]
  - 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch
    fixes compilation with FreeType 2.10.3+
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
    c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985
* Tue Oct 20 2020 [email protected]
  - Version upgrade to 9.53.3
    Highlights in this release include
    (excerpts from the Ghostscript upstream release summary
    in https://www.ghostscript.com/doc/9.53.3/News.htm):
    * The 9.53.3 release is primarily maintenance.
    * Issues arose with 9.53.0/1/2 that prompted the release
      of a .3 patch:
      A crash related to management of ICC profile objects.
      A parameter type mismatch that would cause Ghostscript
      to error out during initialisation, which
      affected 64 big, big endian architectures.
      An unexpected side effect of another change that prevented
      multithreaded rendering and background rendering
      from working correctly.
    * The most obvious change is the (re-)introduction of the
      patch level to the version number, this helps facilitate
      a revised policy on handling security related issues.
      To clarify: in the event we decide to release a patch revision,
      it will replace the release with the previous patch number.
      Release notes, highlights and warnings will remain the same,
      except for the addition of whatever fix(es) prompted the patch.
    * Our efforts in code hygiene and maintainability continue.
    * We have added Python bindings for the gsapi interface, can be
      found in demos/python. These are experimental, and we welcome
      feedback from interested developers.
    * For those integrating Ghostscript/GhostPDL via the gsapi
      interface, we have added new capabilities to that, specifically
      in terms of setting and interrogating device parameters. These,
      along with the existing interface calls, are documented in:
      Ghostscript Interpreter API at
      https://www.ghostscript.com/doc/9.53.3/API.htm
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    * For a list of open issues, or to report problems, please visit
      bugs.ghostscript.com
    Incompatible changes:
    * As of 9.53.0, we have (re-)introduced the patch level to the
      version number, this helps facilitate a revised policy
      on handling security related issues.
      Note for GSView Users: The patch level addition breaks
      GSView 5 (it is hardcoded to check for versions 704-999).
      It is possible, but not guaranteed that a GSView update might
      be forthcoming to resolve this.
    For a release summary see:
    https://www.ghostscript.com/doc/9.53.3/News.htm
    For details see the News.htm and History9.htm files.
  - CVE-2020-15900.patch is no longer needed
    because it is fixed in the upstream sources.
  - Ghostscript 9.53.3 fixes in particular txtwrite memory issues
    (boo#1177922).
* Tue Jul 28 2020 [email protected]
  - CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption
    cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
    (bsc#1174415)
* Wed Apr 29 2020 [email protected]
  - The version upgrade to 9.52 fixes in particular
    CVE-2020-12268: jbic2dec: heap-based buffer overflow
    in jbig2_image_compose (bsc#1170603)
  - Version upgrade to 9.52
    Highlights in this release include:
    * The 9.52 release replaces the 9.51 release after a problem
      was reported with 9.51 which warranted the quick turnaround.
      Thus, like 9.51, 9.52 is primarily a maintenance release,
      consolidating the changes we introduced in 9.50.
    * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt
      (the "mt" indicating "multi-thread").
      LCMS2 is not thread-safe, and cannot be made thread-safe
      without breaking the ABI. Our fork will be thread-safe and
      include performance enhancements (these changes have all
      been offered and rejected upstream). We will maintain
      compatibility between Ghostscript and LCMS2 for a time,
      but not in perpetuity. If there is sufficient interest,
      our fork will be available as its own package separately
      from Ghostscript (and MuPDF).
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes:
    * New option -dALLOWPSTRANSPARENCY: The transparency compositor
      (and related features), whilst we are improving it, remains
      sensitive to being driven correctly, and incorrect use
      can have unexpected/undefined results. Hence, as part of
      improving security, we limited access to these operators,
      originally using the -dSAFER feature. As we made "SAFER"
      the default mode, that became unacceptable, hence the
      new option -dALLOWPSTRANSPARENCY which enables access
      to the operators, cf.
      https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY
    For a release summary see:
    https://www.ghostscript.com/doc/9.52/News.htm
    For details see the News.htm and History9.htm files.
  - Version upgrade to 9.51
    Highlights in this release include:
    * 9.51 is primarily a maintainance release, consolidating
      the changes we introduced in 9.50.
    * We have continued our work on code hygiene for this release,
      with a focus on the static analysis tool Coverity
      (from Synopsys, Inc) and we are now maintaining a policy of
      zero Coverity issues in the Ghostscript/GhostPDL source base.
    * IMPORTANT: In consultation with a representative of
      OpenPrinting (http://www.openprinting.org/) it is our
      intention to deprecate and, in the not distant future,
      remove the OpenPrinting Vector/Raster Printer Drivers
      (that is, the opvp and oprp devices).
      If you rely on either of these devices, please get in touch
      with us (i.e. Ghostscript upstream), so we can discuss your
      use case, and revise our plans accordingly.
    * We (i.e. Ghostscript upstream) are in the process of forking
      LittleCMS, cf. the other release notes entries below.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    For a release summary see:
    https://www.ghostscript.com/doc/9.51/News.htm
    For details see the News.htm and History9.htm files.
  - Version upgrade to 9.50
    Highlights in this release include:
    * The change to version 9.50 follows recognition
      of the extent and importance of the file access control
      redesign/reimplementation outlined below.
    * The file access control capability (enable with -dSAFER)
      has been completely rewritten, with a ground-up rethink
      of the design. For more details, see: "SAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#Safer
    * It is important to note that -dSAFER now only enables the
      file access controls, and no longer applies restrictions
      to standard Postscript functionality (specifically,
      restrictions on setpagedevice). If your application relies
      on these Postscript restrictions, see "OLDSAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer
      and please get in touch, as we do plan to remove those
      Postscript restrictions unless we have reason not to.
    IMPORTANT: File access controls are now enabled by default.
      In order to run Ghostscript without these controls,
      see "NOSAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer
    * We (i.e. Ghostscript upstream) are in the process of forking
      LittleCMS, cf. the other release notes entries below.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes:
    * There are a couple of subtle incompatibilities between the old
      and new SAFER implementations. Firstly, as mentioned above,
      SAFER now leaves standard Postcript functionality unchanged
      (except for the file access limitations). Secondly, the
      interaction with save/restore operations, see "SAFER" at
      https://www.ghostscript.com/doc/9.50/Use.htm#Safer
    * The following is not strictly speaking new to 9.50,
      as not much has changed since 9.27 in this area,
      but for those who don't upgrade with every release:
      The process of "tidying" the Postscript name space should have
      removed only non-standard and undocumented operators.
      Nevertheless, it is possible that any integrations or utilities
      that rely on those non-standard and undocumented operators
      may stop working, or may change behaviour.
      If you encounter such a case, please contact us
      (i.e. Ghostscript upstream, either the #ghostscript IRC channel
      or the gs-devel mailing list would be best), and we'll work
      with you to either find an alternative solution or return the
      previous functionality, if there is genuinely no other option.
      One case we know this has occurred is GSView 5 (and earlier).
      GSView 5 support for PDF files relied upon internal use only
      features which are no longer available. GSView 5 will still
      work as previously for Postscript files. For PDF files,
      users are encouraged to look at MuPDF https://www.mupdf.com/
    For a release summary see:
    https://www.ghostscript.com/doc/9.50/News.htm
    For details see the News.htm and History9.htm files.
  - CVE-2019-10216.patch
    gs-CVE-2019-14811-885444fc.patch
    gs-CVE-2019-14817-cd1b1cac.patch
    openjpeg4gs-CVE-2018-6616-8ee33522.patch
    are fixed in the version 9.52 upstream sources.
* Fri Jan 31 2020 [email protected]
  - Use system openjpeg2 on Tumbleweed/Factory.
* Mon Sep 23 2019 [email protected]
  - Made ghostscript profile enforcing and limit it to the ghostscript
    binaries (bsc#1150338)
* Mon Sep 16 2019 [email protected]
  - Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882
    for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813
  - Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884
    for CVE-2019-14817
* Fri Sep 13 2019 [email protected]
  - Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359
    for CVE-2019-12973
* Thu Aug 22 2019 [email protected]
  - Update RPM groups.
* Tue Aug 13 2019 [email protected]
  - Use update-alternatives to get the real ghostscript binary from
    /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to
    use this with its wrapper script
* Mon Aug 12 2019 [email protected]
  - CVE-2019-10216.patch fixes CVE-2019-10216
    forceput/superexec in .buildfont1 is still accessible
    https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621
    https://bugs.ghostscript.com/show_bug.cgi?id=701394
* Wed May 08 2019 [email protected]
  - Set AA profile to complain and added fixes for ps2epsi (boo#1134327)
* Thu Apr 04 2019 [email protected]
  - Version upgrade to 9.27
    Highlights in this release include:
    * We (i.e. Ghostscript upstream) have extensively cleaned up
      the Postscript name space: removing access to internal and/or
      undocumented Postscript operators, procedures and data.
      This has benefits for security and maintainability.
      Incompatible changes:
      The process of "tidying" the Postscript name space should
      have removed only non-standard and undocumented operators.
      Nevertheless, it is possible that any integrations or
      utilities that rely on those non-standard and undocumented
      operators may stop working, or may change behaviour.
      If you encounter such a case, please contact us (i.e.
      Ghostscript upstream) - (either the #ghostscript IRC channel,
      or the gs-devel mailing list would be best), and we'll work
      with you to either find an alternative solution.
    * Fontmap can now reference invidual fonts in a TrueType
      Collection for font subsitution. Previously, a Fontmap entry
      could only reference a TrueType collection and use the default
      (first) font.
      Now, the Fontmap syntax allows for specifying a specific index
      in a TTC. See the comments at the top of (the default)
      Fontmap.GS for details.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    IMPORTANT: It is our intention, within the next 12 months
      (ideally sooner, in time for the next release) to make SAFER
      the default mode of operation. For many users this will have
      no effect, since they use SAFER explicitly, but some niche
      uses which rely on SAFER being disabled may need to start
      explicitly adding the "-dNOSAFER" option.
    IMPORTANT: We (i.e. Ghostscript upstream) are in the process of
      forking LittleCMS. LCMS2 is not thread safe, and cannot be made
      thread safe without breaking the ABI. Our fork will be thread
      safe, and include performance enhancements (these changes have
      all be been offered and rejected upstream). We will maintain
      compatibility between Ghostscript and LCMS2 for a time, but not
      in perpetuity. Our fork will be available as its own package
      separately from Ghostscript (and MuPDF).
    For a release summary see:
    http://www.ghostscript.com/doc/9.27/News.htm
    For details see the News.htm and History9.htm files.
    The Ghostscript 9.27 release should fix (cf. the entry below
    dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
    in particular those security issues:
    * CVE-2019-3838 forceput in DefineResource is still accessible
      https://bugzilla.suse.com/show_bug.cgi?id=1129186 bsc#1129186
      https://bugs.ghostscript.com/show_bug.cgi?id=700576
    * CVE-2019-3835: superexec operator is available
      https://bugzilla.suse.com/show_bug.cgi?id=1129180 bsc#1129180
      https://bugs.ghostscript.com/show_bug.cgi?id=700585
  - ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
    is no longer needed because it is fixed in the upstream sources.
* Thu Mar 14 2019 [email protected]
  - Added AA rules for dvips (bsc#1127934)
  - Allow execution of dirname (bsc#1128697)
  - Allow execution of hpijs (bsc#1128467). For now this is in
    complain mode
  - Sane profile name "ghostscript", moved profile from
    /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript
    (bsc#1128607)
  - Improved AA packaging (bsc#1128608)
    Thanks to Christian Boltz for his help
* Fri Mar 08 2019 [email protected]
  - Fix IJS printing problem (bsc#1128467)
    * added ijs_exec_server_dont_use_sh.patch
    * allow exec'ing hpijs in apparmor profile
* Thu Feb 07 2019 [email protected]
  - Added apparmor_usr.bin.gs. This profile prevents execution of
    executables to serve as hardening for the binaries that process
    ghostscript. This is of limited use but prevents simple exploits.
* Wed Jan 23 2019 [email protected]
  - Version upgrade to 9.26a
    The version 9.26a is a special security bugfix version to fix
    * CVE-2019-6116: subroutines within pseudo-operators
      must themselves be pseudo-operators
      https://bugs.ghostscript.com/show_bug.cgi?id=700317
      https://bugzilla.suse.com/show_bug.cgi?id=1122319 bsc#1122319
* Thu Jan 10 2019 [email protected]
  - ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
    fixes Ghostscript issue #700315 and bsc#1121490
    https://bugs.ghostscript.com/show_bug.cgi?id=700315
    Segfault in GS 9.26 with certain PDFs with -dLastPage=1
* Fri Nov 30 2018 [email protected]
  - Version upgrade to 9.26
    Highlights in this release include:
    * Security issues have been the primary focus of this release,
      including solving several (well publicised) real and potential
      exploits.
      Thanks to Man Yue Mo of Semmle Security Research Team,
      Jens Mueller of Ruhr-Universitaet Bochum and
      Tavis Ormandy of Google's Project Zero
      for their help to identify specific security issues.
      PLEASE NOTE:
      We (i.e. Ghostscript upstream) strongly urge users to upgrade
      to this latest release to avoid these issues.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    For a release summary see:
    http://www.ghostscript.com/doc/9.26/News.htm
    For details see the News.htm and History9.htm files.
    The Ghostscript 9.26 release should fix (cf. the entry below
    dated 'Fri Sep 14 10:47:33 CEST 2018' what "should fix" means)
    in particular those security issues (bsc#1117331)
    * CVE-2018-19475: psi/zdevice2.c allows attackers to bypass
      intended access restrictions
      https://bugs.ghostscript.com/show_bug.cgi?id=700153
      https://bugzilla.suse.com/show_bug.cgi?id=1117327 bsc#1117327
    * CVE-2018-19476: psi/zicc.c allows attackers to bypass
      intended access restrictions because of a setcolorspace
      type confusion
      https://bugs.ghostscript.com/show_bug.cgi?id=700169
      https://bugzilla.suse.com/show_bug.cgi?id=1117313 bsc#1117313
    * CVE-2018-19477: psi/zfjbig2.c allows attackers to bypass
      intended access restrictions because of a JBIG2Decode
      type confusion
      https://bugs.ghostscript.com/show_bug.cgi?id=700168
      https://bugzilla.suse.com/show_bug.cgi?id=1117274 bsc#1117274
    * CVE-2018-19409: LockSafetyParams is not checked correctly
      if another device is used
      https://bugs.ghostscript.com/show_bug.cgi?id=700176
      https://bugzilla.suse.com/show_bug.cgi?id=1117022 bsc#1117022
    and those security issues
    * CVE-2018-18284: 1Policy operator gives access to .forceput
      https://bugs.ghostscript.com/show_bug.cgi?id=69963
      https://bugzilla.suse.com/show_bug.cgi?id=1112229 bsc#1112229
    * CVE-2018-18073: saved execution stacks can leak operator arrays
      https://bugs.ghostscript.com/show_bug.cgi?id=699927
      https://bugzilla.suse.com/show_bug.cgi?id=1111480 bsc#1111480
    * CVE-2018-17961: bypassing executeonly to escape -dSAFER sandbox
      https://bugs.ghostscript.com/show_bug.cgi?id=699816
      https://bugzilla.suse.com/show_bug.cgi?id=1111479 bsc#1111479
    * CVE-2018-17183: remote attackers could be able to supply
      crafted PostScript to potentially overwrite or replace
      error handlers to inject code
      https://bugs.ghostscript.com/show_bug.cgi?id=699708
      https://bugzilla.suse.com/show_bug.cgi?id=1109105 bsc#1109105
* Fri Nov 09 2018 [email protected]
  - Version upgrade to 9.26rc1 (first release candidate for 9.26).
    Highlights in this release include:
    * Purely security and a few bug fixes, there are no new features,
      and no API changes to report.
* Fri Sep 14 2018 [email protected]
  - Version upgrade to 9.25
    For the highlights in this release see the highlights in the
    9.25rc1 first release candidate for 9.25 entry below.
    PLEASE NOTE:
    We (i.e. Ghostscript upstream) strongly urge users to upgrade
    to this latest release to avoid these issues.
    For a release summary see:
    http://www.ghostscript.com/doc/9.25/News.htm
    For details see the News.htm and History9.htm files.
    The Ghostscript 9.25 release should fix (see below)
    in particular those security issues:
    * CVE-2018-15909: shading_param incomplete type checking
      https://bugs.ghostscript.com/show_bug.cgi?id=699660
      https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172
    * CVE-2018-15908: .tempfile file permission issues
      https://bugs.ghostscript.com/show_bug.cgi?id=699657
      https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171
    * CVE-2018-15910: LockDistillerParams type confusion
      https://bugs.ghostscript.com/show_bug.cgi?id=699656
      https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173
    * CVE-2018-15911: uninitialized memory access in the aesdecode
      https://bugs.ghostscript.com/show_bug.cgi?id=699665
      https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195
    * CVE-2018-16513: setcolor missing type check
      https://bugs.ghostscript.com/show_bug.cgi?id=699655
      https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412
    * CVE-2018-16509: /invalidaccess bypass after failed restore
      https://bugs.ghostscript.com/show_bug.cgi?id=699654
      https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410
    * CVE-2018-16510: Incorrect exec stack handling in the "CS"
      and "SC" PDF primitives
      https://bugs.ghostscript.com/show_bug.cgi?id=699671
      https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411
    * CVE-2018-16542: .definemodifiedfont memory corruption
      if /typecheck is handled
      https://bugs.ghostscript.com/show_bug.cgi?id=699668
      https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413
    * CVE-2018-16541 incorrect free logic in pagedevice replacement
      https://bugs.ghostscript.com/show_bug.cgi?id=699664
      https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421
    * CVE-2018-16540 use-after-free in copydevice handling
      https://bugs.ghostscript.com/show_bug.cgi?id=699661
      https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420
    * CVE-2018-16539: incorrect access checking in temp file
      handling to disclose contents of files
      https://bugs.ghostscript.com/show_bug.cgi?id=699658
      https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422
    * CVE-2018-16543: gssetresolution and gsgetresolution allow
      for unspecified impact
      https://bugs.ghostscript.com/show_bug.cgi?id=699670
      https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423
    * CVE-2018-16511: type confusion in "ztype" could be used by
      remote attackers able to supply crafted PostScript to crash
      the interpreter or possibly have unspecified other impact
      https://bugs.ghostscript.com/show_bug.cgi?id=699659
      https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426
    * CVE-2018-16585 .setdistillerkeys PostScript command is
      accepted even though it is not intended for use
      https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581
    * CVE-2018-16802: Incorrect"restoration of privilege" checking
      when running out of stack during exceptionhandling could be
      used by attackers able to supply crafted PostScript to execute
      code using the "pipe" instruction. This is due to an incomplete
      fix for CVE-2018-16509
      https://bugs.ghostscript.com/show_bug.cgi?id=699714
      https://bugs.ghostscript.com/show_bug.cgi?id=699718
      https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027
    Regarding what the above "should fix" means:
    PostScript is a general purpose Turing-complete programming
    language (cf. https://en.wikipedia.org/wiki/PostScript)
    that supports in particular file access on the system disk.
    When Ghostscript processes PostScript it runs a PostScript
    program as the user who runs Ghostscript.
    When Ghostscript processes an arbitrary PostScript file,
    the user who runs Ghostscript runs an arbitrary program
    which can do anything on the system where Ghostscript runs
    that this user is allowed to do on that system.
    To make it safer when Ghostscript runs a PostScript program
    the Ghostscript command line option '-dSAFER' disables
    certain file access functionality, for details see
    /usr/share/doc/ghostscript/9.25/Use.htm
    Its name 'SAFER' says everything: It makes it 'safer'
    to let Ghostscript run a PostScript program,
    but it does not make it completely safe.
    In theory software is safe against misuse (i.e. has no bugs).
    In practice there is an endless sequence of various kind of
    security issues (i.e. software can be misused to do more than
    what is intended) that get fixed issue by issue ad infinitum.
    In the end all that means:
    In practice the user who runs Ghostscript must not let it
    process arbitrary PostScript files from untrusted origin.
    In particular Ghostscript is usually run when printing
    documents (with the '-dSAFER' option set), see the part about
    "It is crucial to limit access to CUPS to trusted users" in
    https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
* Thu Sep 13 2018 [email protected]
  - Version upgrade to 9.25rc1 (first release candidate for 9.25).
    Highlights in this release include:
    * This release fixes problems with argument handling, some
      unintended results of the security fixes to the SAFER file
      access restrictions (specifically accessing ICC profile files),
      and some additional security issues over the 9.24 release.
    * Security issues have been the primary focus of this release,
      including solving several (well publicised) real
      and potential exploits.
      PLEASE NOTE:
      We (i.e. Ghostscript upstream) strongly urge users to upgrade
      to this latest release to avoid these issues.
    * Avoid that ps2epsi fails with
      'Error: /undefined in --setpagedevice--'
      Recent changes required to harden SAFER mode mean that
      it is no longer possible to run ps2epsi in SAFER mode,
      because it relies upon unsafe Ghostscript non-standard
      extension operators.
      Removing SAFER and DELAYSAFER, and the code to reset SAFER,
      allow ps2epsi to run as well as it ever did (ie badly).
      This program (i.e. ps2epsi) should now be considered unsafe,
      you should not use it on untrusted PostScript programs.
      Likely we (i.e. Ghostscript upstream) will deprecate and
      remove this program in future.
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
* Thu Sep 13 2018 [email protected]
  - Version upgrade to 9.24
    Highlights in this release include:
    * Security issues have been the primary focus of this release,
      including solving several (well publicised)
      real and potential exploits.
      PLEASE NOTE:
      We (i.e. Ghostscript upstream) strongly urge users to upgrade
      to this latest release to avoid these issues.
    * As well as Ghostscript itself, jbig2dec has had a significant
      amount of work improving its robustness in the face of
      out specification files.
    * IMPORTANT: We (i.e. Ghostscript upstream) are in the process
      of forking LittleCMS. LCMS2 is not thread safe, and cannot
      be made thread safe without breaking the ABI. Our fork
      will be thread safe, and include performance enhancements
      (these changes have all be been offered and rejected upstream).
      We will maintain compatibility between Ghostscript and LCMS2
      for a time, but not in perpetuity. Our fork will be available
      as its own package separately from Ghostscript (and MuPDF).
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    For a release summary see:
    http://www.ghostscript.com/doc/9.24/News.htm
    For details see the News.htm and History9.htm files.
  - fix_ln_docdir_gsdatadir.patch is no longer needed
    because the issue is fixed in the upstream sources.
  - CVE-2018-10194.patch is no longer needed
    because the issue is fixed in the upstream sources.
* Tue Jun 05 2018 [email protected]
  - CVE-2018-10194.patch fixes stack-based buffer overflow
    in gdevpdts.c (bsc#1090099), see
    https://bugs.ghostscript.com/show_bug.cgi?id=699255 and
    http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
* Thu Mar 22 2018 [email protected]
  - Version upgrade to 9.23
    Highlights in this release include:
    * Ghostscript now has a family of 'pdfimage' devices
      (pdfimage8, pdfimage24 and pdfimage32) which produce
      rendered output wrapped up as an image in a PDF.
      Additionally, there is a 'pclm' device which
      produces PCLm format output.
    * There is now a ColorAccuracy parameter allowing the user
      to decide between speed or accuracy in ICC color transforms.
    * JPEG Passthrough: devices which support it can now receive
      the 'raw' JPEG stream from the interpreter.
      The main use of this is the pdfwrite/ps2write family of devices
      that can now take JPEG streams from the input file(s) and write
      them unchanged to the output (thus avoiding additional
      quantization effects).
    * PDF transparency performance improvements
    * IMPORTANT: We (i.e. Ghostscript upstream) are in the process
      of forking LittleCMS.
      LCMS2 is not thread safe, and cannot be made thread safe
      without breaking the ABI. Our fork will be thread safe,
      and include performance enhancements (these changes have all
      be been offered and rejected upstream). We will maintain
      compatibility between Ghostscript and LCMS2 for a time,
      but not in perpetuity. Our fork will be available as its own
      package separately from Ghostscript (and MuPDF).
    * We have continued the focus on code hygiene in this release
      cleaning up security issues, ignored return values,
      and compiler warnings.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes
    * The planned device API tidy has, unfortunately, been
      indefinitely postponed, until appropriate resources
      are available.
    For a release summary see:
    http://www.ghostscript.com/doc/9.23/News.htm
    For details see the News.htm and History9.htm files.
    See also the entries below since "Version upgrade to 9.22"
    (boo#1082896 and boo#1074266).
* Fri Mar 16 2018 [email protected]
  - For now use lcms2 from SUSE because that is what currently
    Ghostscript upstream recommends according to
    https://ghostscript.com/pipermail/gs-devel/2018-March/010061.html
    because since Ghostscript 9.23rc1 there is no longer lcms2
    in Ghostscript but now it is lcms2art which is the beginning
    of a lcms2 fork, see News.htm that reads in particular
    "LCMS2 is not thread safe ... Our fork will be thread safe ...
    We will maintain compatibility between Ghostscript and LCMS2
    for a time, but not in perpetuity", see also
    https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c14
  - On SLE11 and on SLE12-SP1 there is liblcms2-2-2.5
    which is too old so that configure fails there with
      configure: error: lcms2 not found, or too old
    but there is no configure option to build it without lcms2
    so that for SLE11 and SLE12-SP1 it is built with
    the lcms2art in Ghostscript.
  - ppc64le-support.patch is no longer needed because it only
    contained a fix for lcms2art/include/lcms2art.h in Ghostscript
    but currently lcms2 from SUSE is used instead (see above).
  - Do no longer require any fonts packages in particular
    neither require ghostscript-fonts-std because the PostScript
    Base35 fonts are provided by Ghostscript (in 'Resource')
    nor require ghostscript-fonts-other (provides Bitream Charter,
    Adobe Utopia, URW Antiqua, URW Grotesq and Hershey fonts where
    all but the last are also provided by texlive-<name>-fonts) and
    those fonts are not required for PostScript compliance, see
    https://bugzilla.opensuse.org/show_bug.cgi?id=1082896#c13
* Thu Mar 15 2018 [email protected]
  - Version upgrade to 9.23rc1 (first release candidate for 9.23).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
  - Adapted ppc64le-support.patch: In Ghostscript 9.23 there is now
    lcms2art/include/lcms2art.h (instead of lcms2/include/lcms2.h).
  - ghostscript-fix-debug-use.patch is no longer needed
    because the issue is fixed in the upstream sources.
  - fix_ln_docdir_gsdatadir.patch avoids
    "base/unixinst.mak:162: recipe for target 'install-doc' failed"
  - Adapted spec file to the new Ghostscript upstream documentation
    directory /usr/share/doc/ghostscript/9.23/
* Wed Feb 28 2018 [email protected]
  - Use -p /sbin/ldconfig instead of shell post(un) scriptlet, drop
    explicit Prereq for ldconfig
  - Use shared libgs library for gs binary instead of static linked
    version
  - Use --disable-compile-inits, to allow unbundling of Resource files
  - Remove --disable-omni switch, has been removed in GS 9.20
  - Keep patch ordering in full/mini consistent
  - Remove patch backup files to avoid packaging
* Tue Feb 27 2018 [email protected]
  - Add ghostscript-fix-debug-use.patch from upstream to fix broken
    printing with some drivers (especially Dell Printers) from
    https://bugs.ghostscript.com/show_bug.cgi?id=698837
  - Fix build for SLE targets
* Wed Nov 29 2017 [email protected]
  - Version upgrade to 9.22.
    For details see the News.htm and History9.htm files.
    Highlights in this release include:
    * Ghostscript can now consume and produce (via the pdfwrite
      device) PDF 2.0 compliant files.
    * The main focus of this release has been security and code
      cleanliness. Hence many AddressSanitizer, Valgrind and
      Coverity issues have been addressed.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes
    * The planned device API tidy (still!) did not happen for
      this release, due to time pressures, but we still intend
      to undertake the following: We plan to somewhat tidy up
      the device API. We intend to remove deprecated device procs
      (methods/function pointers) and change the device API
      so every device proc takes a graphics state parameter
      (rather than the current scheme where only a very few procs
      take an imager state parameter). This should serve as notice
      to anyone maintaining a Ghostscript device outside the
      canonical source tree that you may (probably will) need
      to update your device(s) when these changes happen.
      Devices using only the non-deprecated procs should be
      trivial to update.
  - Up to 9.22rc1 it "just built" for all openSUSE versions but
    since 9.22rc2 the libijs part does no longer buid for any
    released openSUSE version where if fails with messages like
      libtool: Version mismatch error.
      This is libtool 2.4.6 Debian-2.4.6-2, but the
      definition of this LT_INIT comes from libtool 2.4.2.
      You should recreate aclocal.m4 with macros from
      libtool 2.4.6 Debian-2.4.6-2 and run autoconf again.
      Makefile: recipe for target 'ijs.lo' failed
    so that currently it only builds for Tumbleweed/Factory.
    Presumably it is not too complicated to make it build again
    also for released openSUSE versions but currently I have
    less than zero energy to fix such "latest breaking changes"
    so that for now Ghostscript 9.22 is only provided for
    openSUSE Tumbleweed/Factory and the upcoming SLE15/Leap15.
* Fri Sep 29 2017 [email protected]
  - Version upgrade to 9.22rc2 (second release candidate for 9.22).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
* Thu Sep 14 2017 [email protected]
  - Version upgrade to 9.22rc1 (first release candidate for 9.22).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
  - Since Ghostscript 9.22rc1 font2c and wftopfa are removed.
  - CVE-2017-5951.patch CVE-2017-7207.patch
    CVE-2017-8291.patch and CVE-2017-9216.patch
    are fixed in the version 9.22rc1 upstream sources.
* Fri Jun 02 2017 [email protected]
  - CVE-2017-7207.patch fixes a NULL pointer dereference
    in mem_get_bits_rectangle
    see https://bugs.ghostscript.com/show_bug.cgi?id=697676
    (bsc#1030263)
  - CVE-2017-9216.patch fixes a NULL pointer dereference
    in jbig2_huffman_get
    see https://bugs.ghostscript.com/show_bug.cgi?id=697934
    (bsc#1040643)
* Tue May 02 2017 [email protected]
  - CVE-2017-8291.patch fixes
    a type confusion in .rsdparams and .eqproc
    see https://bugs.ghostscript.com/show_bug.cgi?id=697808
    and https://bugs.ghostscript.com/show_bug.cgi?id=697799
    (bsc#1036453).
* Wed Apr 12 2017 [email protected]
  - CVE-2016-10317 (bsc#1032230)
    heap buffer overflow in fill_threshhold_buffer()
    is not yet fixed because there is no fix available at
    https://bugs.ghostscript.com/show_bug.cgi?id=697459
  - CVE-2016-10219 (bsc#1032138)
    divide by zero in intersect()
    https://bugs.ghostscript.com/show_bug.cgi?id=697453
    is fixed in the version 9.21 upstream sources
  - CVE-2016-10218 (bsc#1032135)
    null pointer dereference in pdf14_pop_transparency_group()
    https://bugs.ghostscript.com/show_bug.cgi?id=697444
    is fixed in the version 9.21 upstream sources.
  - CVE-2016-10217 (bsc#1032130)
    use-after-free in pdf14_cleanup_parent_color_profiles()
    that is related to pdf14_open() in base/gdevp14.c
    https://bugs.ghostscript.com/show_bug.cgi?id=697456
    is fixed in the version 9.21 upstream sources.
  - CVE-2016-10220 (bsc#1032120)
    null pointer dereference in gx_device_finalize() that is
    related to gs_makewordimagedevice() in base/gsdevmem.c
    https://bugs.ghostscript.com/show_bug.cgi?id=697450
    is fixed in the version 9.21 upstream sources.
  - CVE-2017-5951.patch fixes
    null pointer dereference in ref_stack_index() that is
    related to mem_get_bits_rectangle() in base/gdevmem.c
    https://bugs.ghostscript.com/show_bug.cgi?id=697548
    (bsc#1032114)
* Mon Apr 10 2017 [email protected]
  - Version upgrade to 9.21.
    For details see the News.htm and History9.htm files.
    Highlights in this release include:
    * pdfwrite now preserves annotations from
      input PDFs (where possible).
    * The GhostXPS interpreter now provides the pdfwrite device
      with the data it requires to emit a ToUnicode CMap: thus
      allowing fully searchable PDFs to be created from XPS
      input (in the vast majority of cases).
    * Ghostscript now allows the default color space
      for PDF transparency blends.
    * The Ghostscript/GhostPDL configure script now has much
      better/fuller support for cross compiling.
    * The tiffscaled and tiffscaled4 devices can now
      use ETS (Even Tone Screening)
    * The toolbin/pdf_info.ps utility can now emit
      the PDF XML metadata.
    * Ghostscript has a new scan converter available
      (currently optional, but will become the default in a near
      future release). It can be enabled by using the command line
      option: '-dSCANCONVERTERTYPE=2'. This new implementation
      provides vastly improved performance with large and complex
      paths.
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes:
    * The planned device API tidy (still!) did not happen for
      this release, due to time pressures, but we still intend
      to undertake the following: We plan to somewhat tidy up
      the device API. We intend to remove deprecated device
      procs (methods/function pointers) and change the device API
      so every device proc takes a graphics state parameter
      (rather than the current scheme where only a very few procs
      take an imager state parameter). This should serve as notice
      to anyone maintaining a Ghostscript device outside the
      canonical source tree that you may (probably will) need to
      update your device(s) when these changes happen. Devices using
      only the non-deprecated procs should be trivial to update.
  - CVE-2016-7976.patch and CVE-2016-7977.patch and
    CVE-2016-7978.patch and CVE-2016-7979.patch and
    CVE-2016-8602.patch are no longer needed because
    those issues are fixed in the upstream sources.
  - 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch
    and
    0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch
    are no longer needed because both are included
    in the upstream sources, see the upstream issue
    https://bugs.ghostscript.com/show_bug.cgi?id=697484
  - Again use the zlib sources from Ghostscript upstream
    and disable remove-zlib-h-dependency.patch because
    Ghostscript 9.21 does no longer build this way,
    cf. the entry below dated "Wed Nov 18 11:46:58 UTC 2015"
* Thu Jan 12 2017 [email protected]
  - Set SOURCE_DATE_EPOCH based on changelog head
  - Add 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch
    * Use SOURCE_DATE_EPOCH for mkromfs output for reproducible build
  - Add 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch
    * Sort ROM contents for deterministic output
* Mon Oct 17 2016 [email protected]
  - CVE-2013-5653 (getenv and filenameforall ignore -dSAFER)
    is fixed in the Ghostscript 9.20 upstream sources
    see http://bugs.ghostscript.com/show_bug.cgi?id=694724
    (bsc#1001951).
  - CVE-2016-7976.patch fixes that
    various userparams allow %pipe% in paths, allowing
    remote shell command execution
    see http://bugs.ghostscript.com/show_bug.cgi?id=697178
    (bsc#1001951).
  - CVE-2016-7977.patch fixes that
    .libfile doesn't check PermitFileReading array, allowing
    remote file disclosure
    see http://bugs.ghostscript.com/show_bug.cgi?id=697169
    (bsc#1001951).
  - CVE-2016-7978.patch fixes that
    reference leak in .setdevice allows
    use-after-free and remote code execution
    see http://bugs.ghostscript.com/show_bug.cgi?id=697179
    (bsc#1001951).
  - CVE-2016-7979.patch fixes that
    type confusion in .initialize_dsc_parser allows
    remote code execution
    see http://bugs.ghostscript.com/show_bug.cgi?id=697190
    (bsc#1001951).
  - CVE-2016-8602.patch fixes a NULL dereference in .sethalftone5
    see http://bugs.ghostscript.com/show_bug.cgi?id=697203
    (bsc#1004237).
* Thu Sep 29 2016 [email protected]
  - Version upgrade to 9.20. Purely a maintenance release.
    For details see the News.htm and History9.htm files.
    Highlights in this release include:
    * The usual round of bug fixes, compatibility changes,
      and incremental improvements.
    Incompatible changes:
    * The planned device API tidy did not happen for this release,
      due to time pressures, but we still intend to undertake the
      following: We plan to somewhat tidy up the device API.
      We intend to remove deprecated device procs
      (methods/function pointers) and change the device API
      so every device proc takes a graphics state parameter (rather
      than the current scheme where only a very few procs take an
      imager state parameter). This should serve as notice to anyone
      maintaining a Ghostscript device outside the canonical source
      tree that you may (probably will) need to  update your
      device(s) when these changes happen. Devices using only
      the non-deprecated procs should be trivial to update.
* Thu Sep 15 2016 [email protected]
  - Version upgrade to 9.20rc1 (first release candidate for 9.20).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
* Wed Mar 23 2016 [email protected]
  - Version upgrade to 9.19. Mainly a maintenance release.
    For details see the News.htm and History9.htm files.
    Highlights in this release include:
    * Metadata pdfmark is now implemented. This allows the user
      to specify an XMP stream which will be written to the
      Catalog of the PDF file. A new pdfmark 'Ext_Metadata' has
      been defined. This takes a string parameter which contains
      XML to be add to the XMP normally created by pdfwrite.
      See "pdfwrite pdfmark extensions" for more information.
    * An experimental, rudimentary raster trapping implementation
      has been added to the Ghostscript graphics library.
      See "Trapping" for details.
    Incompatible changes:
    * (Minor) API change: copy_alpha now supports 8 bit depth
      (as well as the previous 2 and 4).
    * The gs man pages are woefully out of date and basically
      unmaintained. With the release following 9.19, we intend
      to replace their contents with a very limited summary
      of (unlikely to ever change aspects of) calling
      Ghostscript, and a pointer to the (maintained) HTML
      documentation. That is, unless a volunteer is willing
      to update, and commit to maintaining the man pages.
    * ijs-config is no longer provided
    Planned incompatible changes:
    * We plan (ideally for the release following 9.19) to somewhat
      tidy up the device API. We plan to remove deprecated device
      procs (methods/function pointers). We also intend to merge
      the imager state and graphics state (thus eliminating the
      imager state), and change the device API so every device proc
      takes a graphics state parameter (rather than the current
      scheme where only a very few procs take an imager state
      parameter). This should serve as notice to anyone maintaining
      a Ghostscript device outside the canonical source tree that
      you may (probably will) need to update your device(s) when
      these changes happen. Devices using only the non-deprecated
      procs should be trivial to update.
  - fix_make_install.patch fixes and
    add_brackets_for_old_autoconf.patch are no longer needed
    because both issues are fixed in the upstream sources.
* Fri Mar 18 2016 [email protected]
  - Version upgrade to 9.19rc1 (first release candidate for 9.19).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
  - ijs-config is no longer provided
  - fix_make_install.patch fixes an install error and
    add_brackets_for_old_autoconf.patch fixes an autoconf error
    see http://bugs.ghostscript.com/show_bug.cgi?id=696665
  - fix_ijs_and_x11_for_FirstPage_and_LastPage.patch is no longer
    needed because it is fixed in the upstream sources.
  - install_gserrors.h.patch is no longer needed because it is fixed
    in the upstream sources.
* Wed Nov 18 2015 [email protected]
  - Do not use library sources for freetype jpeg libpng tiff zlib
    from the Ghostscript upstream tarball because we prefer to use
    for long-established standard libraries the ones from SUSE
    in particular to automatically get SUSE security updates
    for standard libraries.
    In contrast we use e.g. lcms2 from the Ghostscript upstream
    tarball because this one is specially modified to work with
    Ghostscript so that we cannot use lcms2 from SUSE.
  - remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
    in makefiles as we do not use the zlib sources from the
    Ghostscript upstream tarball.
* Thu Nov 05 2015 [email protected]
  - An incompatible change appeared when building other software
    with Ghostscript 9.18.
    Since version 9.18 Ghostscript does no longer provide
    e_<SomeError> (e.g. e_NeedInput) in its header files
    (gserrors.h and ierrors.h).
    When building other software with Ghostscript 9.18
    gs_error_<SomeError> (e.g. gs_error_NeedInput)
    must be used, see boo#953149 and
    http://bugs.ghostscript.com/show_bug.cgi?id=696317
* Fri Oct 30 2015 [email protected]
  - install_gserrors.h.patch installs gserrors.h to fix
    http://bugs.ghostscript.com/show_bug.cgi?id=696301
    because without gserrors.h several other packages fail to build
    (in particular texlive, libspectre, gimp,...).
* Mon Oct 12 2015 [email protected]
  - fix_ijs_and_x11_for_FirstPage_and_LastPage.patch
    fixes the Ghostscript device ijs and the x11* devices
    so that they also work when -dFirstPage/-dLastPage is used,
    see http://bugs.ghostscript.com/show_bug.cgi?id=696246
* Tue Oct 06 2015 [email protected]
  - Version upgrade to 9.18. A maintenance release.
    There are no recorded incompatible changes (as of this writing).
    Highlights in this release include:
    * A substantial revision of the build system and GhostPDL
      directory structure. Ghostscript-only users should
      not be affected by this change.
    * A new method of internally inserting devices into the device
      chain has been developed, named "device subclassing".
      This allows suitably written devices to be more easily and
      consistently as "filter" devices.
      The first fruit of this is a new implementation of
      the "-dFirstPage"/"-dLastPage" feature which functions
      a device filter in the Ghostscript graphics library, meaning
      it works consistently with all input languages.
    * Plus the usual round of bug fixes, compatibility changes,
      and incremental improvements.
    See http://www.ghostscript.com/doc/9.18/News.htm
    For details see the News.htm and History9.htm files.
* Tue Sep 29 2015 [email protected]
  - Version upgrade to 9.18rc2 (second release candidate for 9.18).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
  - assign_pointer_not_value_in_gximono.c.patch is no longer needed
    because it is fixed in the upstream sources.
* Thu Sep 24 2015 [email protected]
  - Version upgrade to 9.18rc1 (first release candidate for 9.18).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
  - CVE-2015-3228.patch is no longer needed because it is fixed
    in the upstream sources.
  - assign_pointer_not_value_in_gximono.c.patch attempts to fix a
    "assignment makes pointer from integer without a cast" compiler
    warning by assigning the pointer and not the integer value.
  - Removed --disable-compile-inits from configure, see
    http://bugs.ghostscript.com/show_bug.cgi?id=696223
    and "Precompiled run-time data" in
    /usr/share/ghostscript/9.18/doc/Make.htm
* Wed Jul 29 2015 [email protected]
  - CVE-2015-3228.patch fixes out of bound read/write cause
    by integer overflow in gsmalloc.c (boo#939342).
* Tue Mar 31 2015 [email protected]
  - Version upgrade to 9.16. Primarily a maintenance release.
    There are no recorded incompatible changes (as of this writing).
    Highlights in this release include:
    * "LockColorants" command line option for tiffsep and psdcmyk
      devices.
    * Improved high level devices handling of Forms.
    See http://www.ghostscript.com/doc/9.16/News.htm
    For details see the News.htm and History9.htm files.
  - fix.including.pread.pwrite.pthread_mutexattr_settype.diff
    is no longer needed because it is fixed in the upstream sources.
* Wed Mar 25 2015 [email protected]
  - fix.including.pread.pwrite.pthread_mutexattr_settype.diff
    fixes on SLE11 implicit declaration of function warnings
    for 'pread' 'pwrite' 'pthread_mutexattr_settype' see
    http://bugs.ghostscript.com/show_bug.cgi?id=695882
  - ppc64le-support.patch is a remainder of the previous patch
    now the hunk for LCMS (lcms/include/lcms.h) is removed
    because LCMS 1.x is removed since Ghostscript 9.16
    but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
    see http://bugs.ghostscript.com/show_bug.cgi?id=695544
* Fri Mar 20 2015 [email protected]
  - Version upgrade to 9.16rc2 (second release candidate for 9.16).
    For details see the News.htm and History9.htm files.
    Regarding installing packages (in particular release candidates)
    from the openSUSE build service development project "Printing"
    see https://build.opensuse.org/project/show/Printing
* Fri Mar 20 2015 [email protected]
  - For SLE12 build it with traditional CUPS 1.5.4 to ensure
    it works on SLE12 both with CUPS 1.7.5 and CUPS 1.5.4.
* Sun Sep 28 2014 [email protected]
  - readd ppc64le patch ppc64le-support.patch (adapted for lcms2 in
    Ghostscript version 9.15): the tests in lcms2.h cannot work
    without "include <endian.h>" that is now added and
    regardless that lcms is not used by default (unless the
    configure option --with-lcms is set), lcms is again fixed
    (see http://bugs.ghostscript.com/show_bug.cgi?id=695544).
* Tue Sep 23 2014 [email protected]
  - Version upgrade to 9.15. Primarily a maintenance release.
    There are no recorded incompatible changes (as of this writing).
    Highlights in this release include:
    * Ghostscript now supports the PDF security handler revision 6.
    * The pdfwrite and ps2write (and related) devices can now be
      forced to "flatten" glyphs into "basic" marking operations
      (rather than writing fonts to the output), by giving
      the -dNoOutputFonts command line option (defaults to "false").
    * PostScript programs can now use get_params or get_param to
      determine if a page contains color markings by reading the
      pageneutralcolor state from the device (so whether the page
      is "color" or "mono"). Note that this is only accurate when in
      clist mode, so -dMaxBitmap=0 and -dGrayDetection=true should
      both be used.
    * The pdfwrite device now supports Link annotations with GoTo
      and GoToR actions.
    * The pdfwrite device now supports BMC/BDC/EMC pdfmarks
    * Regarding the new color management for the pdfwrite device
      introduced in the previous release, the proscription on using
      the new color management when producing PDF/A-1 compliant files
      is now lifted. To reiterate, also, with the new color
      management implementation, using the UseCIEColor option is
      strongly discouraged. For further information on the new
      pdfwrite color management, see in Ps2pdf.htm the
      "Color Conversion and Management" section.
    * Plus the usual round of bug fixes, compatibility changes,
      and incremental improvements.
    For details see the News.htm and History9.htm files.
* Wed Sep 17 2014 [email protected]
  - Version upgrade to 9.15rc2 (second release candidate for 9.15).
    Ghostscript upstream QA highlighted a couple of issues
    that they felt warranted a fresh release candidate.
    For details see the History9.htm file.
* Tue Sep 09 2014 [email protected]
  - Version upgrade to 9.15rc1 (first release candidate for 9.15).
    For details see the News.htm and History9.htm files.
  - ppc64le-support.patch is no longer needed because
    it is fixed in the upstream sources.
  - Removed trailing whitespaces in spec file and changes file.
* Mon Aug 18 2014 [email protected]
  - gs does not seem to require libopenssl-devel for building.
* Thu Mar 27 2014 [email protected]
  - Version upgrade to 9.14. Primarily a maintenance release.
    Highlights in this release include (excerpt):
    * pdfwrite now uses the same color management engine as
      Ghostscript rendering devices (by default LCMS2). For
      the duration of this release a new switch -dPDFUseOldCMS
      is available which will restore the old color management.
      See: "Color Conversion and Management" in Ps2pdf.htm
      Due to constraints of the PDF/A-1 specification, the new color
      management does not yet apply when producing PDF/A files.
    * A new device 'eps2write' has been added which allows for the
      creation of EPS files using the ps2write device instead of
      the deprecated and removed pswrite device. The epswrite device
      is now also deprecated and will be removed in a future release.
    * Ghostscript has a new "pwgraster" output device for PWG Raster
      output.
    * The CUPS device now has improved support for PPD-less printing.
    For details see the News.htm and History9.htm files.
* Fri Dec 13 2013 [email protected]
  - ppc64le-support.patch from IBM fixes endianness
    in lcms (the Little-CMS library) to support the new
    architecture ppc64le (IBM Power PC Little Endian architecture)
    because ppc64 is big-endian and ppc64le is little-endian
    and lcms has a hard-coded check that assumes PowerPC
    is always big-endian which is incorrect on ppc64le.
    The fix is already in the main Little-CMS repository
    by this Git commit
    https://github.com/mm2/Little-CMS/commit/b4f5c91a2c1582bd284f0d0f49cb43e2c2235a79
    (There are some cosmetic changes in the upstream patch.)
    It is not yet in the imported copy in Ghostscript.
    IBM will work with upstream to get the fix imported too.
* Tue Sep 03 2013 [email protected]
  - Version upgrade to 9.10. Primarily a maintenance release.
    Highlights in this release include:
    * LittleCMS2 and libpng have both been updated to the
      latest versions.
    * The URW Postscript font set has been updated to the
      latest version, fixing many compatibility problems
      with the Adobe fonts.
    * The CUPS filters gstoraster and gstopxl have been
      removed from Ghostscript. Those filters are now provided by
      cups-filters (a free software package hosted by OpenPrinting)
      that contains all CUPS filters needed by CUPS under Linux
      (see also the openSUSE issue bnc#735404 comment#44 at
      https://bugzilla.novell.com/show_bug.cgi?id=735404#c44).
    For details see the News.htm and History9.htm files.
  - fix-undefined-operation.patch is no longer needed because
    it is fixed in the upstream sources.
* Thu Aug 29 2013 [email protected]
  - Version upgrade to 9.10rc1 (release candidate for the 9.10 version).
    For details see the News.htm and History9.htm files.
  - Prepare spec files to build both releases and release candidates
    easily in the future by using special different version strings.
  - fix-undefined-operation.patch fixes
    http://bugs.ghostscript.com/show_bug.cgi?id=694546
  - Removed BuildRequires for liblcms-devel because it is not needed
    when we build Ghostscript that works in compliance with upstream
    (see https://bugzilla.novell.com/show_bug.cgi?id=828751#c5).
* Wed Mar 27 2013 [email protected]
  - Added url as source.
    Please see http://en.opensuse.org/SourceUrls
* Tue Feb 19 2013 [email protected]
  - Version upgrade to 9.07.
    * As of this release (9.07), Ghostscript is distributed
      under the GNU Affero General Public License (AGPL).
    * Ghostscript has been extended to support file sizes >4Gb
      in particular reading and writing PDF files.
    * Color management enhancements. Full details of the color
      management features can be found in: GS9_Color_Management.pdf
    * The pdfwrite devices now supports linearized (or optimized
      for fast web view) output directly ("-dFastWebView").
    * With the addition of linearisation to pdfwrite, pdfopt.ps
      has become redundant. Since it is difficult to maintain,
      has a number of bugs, and is believed not to work properly
      anyway, it is removed. Accordingly the pdfopt shell script
      that used pdfopt.ps is also removed.
* Thu Jan 03 2013 [email protected]
  - Provide libijs (that is not done via "configure --with-ijs")
    because libijs is needed by the pdftoijs filter in the
    cups-filters package (see the README file in cups-filters).
* Thu Sep 27 2012 [email protected]
  - Version upgrade to 9.06. Mainly a bugfix release.
    * pdfwrite announcements:
      pdfwrite now supports the creation of PDF/A-2 files.
      For further details see the NEWS file.
    * removed moribund dumphint tool, see History9.htm and
      http://bugs.ghostscript.com/show_bug.cgi?id=693223
* Mon Sep 24 2012 [email protected]
  - "export SUSE_ASNEEDED=0" disables -Wl,--as-needed linker flags,
    see http://bugs.ghostscript.com/show_bug.cgi?id=693100
* Thu May 10 2012 [email protected]
  - Require Ghostscript's font packages because the
    Ghostscript package provides the "Fontmap" file
    /usr/share/ghostscript/<version>/Resource/Init/Fontmap.GS
    which lists Ghostscript's fonts but the fonts itself
    are provided in the separated packages ghostscript-fonts-std
    and ghostscript-fonts-other so that a RPM requirement
    is needed to make sure that Ghostscript has its fonts.
  - Extract the catalog of devices which are actually built-in
    in exactly this Ghostscript and provide it as catalog.devices
    in the Ghostscript package.
* Fri Apr 27 2012 [email protected]
  - BuildRequires dbus-1-devel for "configure --enable-dbus"
    to have colord support in gstoraster (see the entry regarding
    "color management daemon" in doc/History9.htm).
* Tue Apr 24 2012 [email protected]
  - Install documentation which is not installed by default
    (LICENSE doc/AUTHORS doc/COPYING doc/thirdparty.htm
    doc/WhatIsGS.htm doc/GS9_Color_Management.pdf
    doc/gs-vms.hlp doc/Ps2ps2.htm).
  - Add a link from SUSE's usual documentation directory
    (/usr/share/doc/packages/ghostscript/) to Ghostscript's
    documentation directory (/usr/share/ghostscript/9.05/doc/)
    because "configure --docdir=..." does not work.
* Thu Apr 05 2012 [email protected]
  - Removed BuildRequires docbook-toys which is not needed
    (db2ps and db2pdf called in ijs/Makefile.am to make ijs_spec.ps
    and ijs_spec.pdf but neither of them is made - both are
    provided in the sources) but docbook-toys pulls in packages
    like texlive-bin-jadetex and texlive-jadetex which needlessly
    blow up the build system.
* Wed Mar 28 2012 [email protected]
  - Require the basic fonts for Ghostscript
    (package ghostscript-fonts-std) and recommend the
    optional fonts (package ghostscript-fonts-other).
* Fri Mar 23 2012 [email protected]
  - Cleaned up BuildRequires.
  - Added ghostscript-mini.spec with minimal BuildRequires.
  - Explicitly specify configure --with-* versus --without-*
    in ghostscript.spec versus ghostscript-mini.spec
    to make the differences clear.
* Fri Mar 16 2012 [email protected]
  - Unfortunately ghostscript-library.spec and ghostscript-mini.spec
    have unversioned "Provides: ghostscript" and for RPM this means
    that both ghostscript-library and ghostscript-mini
    provide any version of ghostscript. Therefore any non-matching
    version of ghostscript-library and ghostscript-mini fulfill
    any RPM requirement for ghostscript in the ghostscript-x11
    and ghostscript-devel sub-packages which is wrong.
    Therefore explicit conflicts with ghostscript-library and
    ghostscript-mini are specified in the ghostscript-x11
    and ghostscript-devel sub-packages to avoid the mess.
* Thu Mar 15 2012 [email protected]
  - Configure --without-libpaper disables libpaper support
    because SUSE does not have libpaper.
* Thu Mar 15 2012 [email protected]
  - Configure --without-jasper and --enable-openjpeg because
    since Ghostscript 9.05 JasPer is deprecated and Ghostscript
    now ships modified OpenJPEG sources for JPEG2000 decoding
    (replacing JasPer). Performance, reliability and memory use
    whilst decoding JPX streams are all improved. Accordingly
    the BuildRequires libjasper-devel is removed.
  - Configure --without-ufst and --without-luratech because
    those are relevant to commercial releases only
    which would require a commercial license.
  - Added BuildRequires libtool which requires automake and
    automake requires autoconf to fix build requirements
    for openSUSE:Factory.
* Fri Feb 24 2012 [email protected]
  - Using fixed /usr/lib/cups/filter (no lib64) because CUPS
    in the Printing project uses it in any case.
* Fri Feb 24 2012 [email protected]
  - Adapt RPM dependencies to what is actually used
    in openSUSE:Factory (dated 22 Feb. 2012).
* Thu Feb 16 2012 [email protected]
  - Added RPM dependencies to make sure ghostscript-x11 and the
    main-package have exact matching version-release because both
    could have any kind of Ghostscript-internal dependencies.
    This is only an approximation to have ghostscript-x11 and
    the main-package from the same build where the main-package
    and its sub-package have been made but currently there is
    no clean way to specify a 'same build' RPM dependency.
    Therefore currently ghostscript-x11 and the main-package could
    have same version-release but nevertheless come from different
    projects/repositories (e.g. with different patches or
    whatever kind of differences).
* Wed Feb 15 2012 [email protected]
  - Split files which require X11 stuff into a ghostscript-x11
    sub-package (currently only /usr/lib/ghostscript/9.05/X11.so)
    so that the ghostscript package can be installed without X11.
* Thu Feb 09 2012 [email protected]
  - Upgrade to version 9.05 (see bnc#735824):
    New simple ink-coverage device (inkconv).
    The ps2write device has a large number of improvements.
    Fixes and improvements for the CUPS Raster output device
    (in particular Ghostscript bug 691922 regarding color model).
    Renamed the PXL CUPS filter from "pstopxl" to "gstopxl".
    For details see the doc/News.htm file.
  - Removed "make cups" and "make cups-install" from spec file
    using "configure ... --with-install-cups" instead
    (new since version 9.04, see "configure --help").
* Tue Dec 13 2011 [email protected]
  - Upgrade to version 9.04 (see bnc#735824):
    For details see the doc/News.htm file.
  - Added "make cups" and "make cups-install" to spec file.
* Tue Mar 15 2011 [email protected]
  - Initial ghostscript package.

Files

/usr/include/ghostscript
/usr/include/ghostscript/gdevdsp.h
/usr/include/ghostscript/gserrors.h
/usr/include/ghostscript/iapi.h
/usr/include/ghostscript/ierrors.h
/usr/include/ijs
/usr/include/ijs/ijs.h
/usr/include/ijs/ijs_client.h
/usr/include/ijs/ijs_server.h
/usr/lib64/libgs.so
/usr/lib64/libijs.so
/usr/lib64/pkgconfig/ijs.pc


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Dec 11 23:24:38 2024