|
|
|
|
Changelog for ghostscript-devel-9.56.1-7.2.i586.rpm :
* Mon Jul 18 2022 Dirk Müller - update to 9.56.1: * New PDF Interpreter: This is an entirely new implementation written in C (rather than PostScript, as before) * Calling Ghostscript via the GS API is now thread safe. The one limitation is that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be made thread safe, due to their interaction with the X11 server, those devices have been modified to only allow one instance in an executable. * The PSD output device now writes ICC profiles to their output files, for improved color fidelity. * Our efforts in code hygiene and maintainability continue. * The usual round of bug fixes, compatibility changes, and incremental improvements. * We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/ pdfocr32) which render the output file to an image, OCR that image, and output the image \"wrapped\" up as a PDF file, with the OCR generated text information included as \"invisible\" text (in PDF terms, text rendering mode 3).- drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream * Mon Jul 18 2022 Dirk Müller - use _multibuild * Wed Apr 13 2022 Dirk Müller - use system zlib (bsc#1198449) * Thu Apr 07 2022 Frederic Crozat - Do no longer require apparmor-abstractions, it is not mandatory to use Ghostscript (bsc#1134289). * Tue Jan 11 2022 jsmeixAATTsuse.de- CVE-2021-45949.patch fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml (bsc#1194304)- CVE-2021-45944 use-after-free in sampled_data_sample is already fixed in the Ghostscript 9.54.0 upstream sources (bsc#1194303) * Fri Sep 10 2021 jsmeixAATTsuse.de- CVE-2021-3781.patch fixes CVE-2021-3781 Trivial -dSAFER bypass cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 (bsc#1190381) * Fri May 21 2021 jsmeixAATTsuse.de- Version upgrade to 9.54.0 Highlights in this release include (excerpts from the Ghostscript upstream release summary in https://www.ghostscript.com/doc/9.54.0/News.htm): * The 9.54.0 release is a maintenance release, and also adds new functionality. * Overprint simulation is now available to all output devices, allowing quality previewing/proofing of PostScript and PDF jobs that rely on overprint. See the -dOverprint option documentation in: doc/9.54.0/Use.htm#Overprint * The \"docxwrite\" device adds the ability to output to Microsoft Word \"docx\" format. See: doc/9.54.0/VectorDevices.htm#DOCX * The pdfwrite device is now capable of using the Tesseract OCR engine when it is built into Ghostscript to improve searchability and copy and paste functionality when the input lacks the metadata for that purpose. See: doc/9.54.0/VectorDevices.htm#UseOCR * Ghostscript/GhostPDL now includes a \"map text to black\" function, where text drawn by an input job (except when drawn using a Type 3 font) can be forced to draw in solid black. See: doc/9.54.0/Use.htm#BlackText * Ghostscript/GhostPDL now supports simple N-up imposition \"internally\". See: doc/9.54.0/Use.htm#NupControl * Our efforts in code hygiene and maintainability continue. * The usual round of bug fixes, compatibility changes, and incremental improvements. * For a list of open issues, or to report problems, please visit bugs.ghostscript.com For a release summary see: https://www.ghostscript.com/doc/9.54.0/News.htm For details see the News.htm and History9.htm files.- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch is no longer needed because it is fixed in the upstream sources. * Wed Apr 14 2021 Wolfgang Frisch - Hardening: compile with PIC, link as PIE * Tue Oct 20 2020 Ismail Dönmez - 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade c.f. https://bugs.ghostscript.com/show_bug.cgi?id=702985 * Tue Oct 20 2020 jsmeixAATTsuse.de- Version upgrade to 9.53.3 Highlights in this release include (excerpts from the Ghostscript upstream release summary in https://www.ghostscript.com/doc/9.53.3/News.htm): * The 9.53.3 release is primarily maintenance. * Issues arose with 9.53.0/1/2 that prompted the release of a .3 patch: A crash related to management of ICC profile objects. A parameter type mismatch that would cause Ghostscript to error out during initialisation, which affected 64 big, big endian architectures. An unexpected side effect of another change that prevented multithreaded rendering and background rendering from working correctly. * The most obvious change is the (re-)introduction of the patch level to the version number, this helps facilitate a revised policy on handling security related issues. To clarify: in the event we decide to release a patch revision, it will replace the release with the previous patch number. Release notes, highlights and warnings will remain the same, except for the addition of whatever fix(es) prompted the patch. * Our efforts in code hygiene and maintainability continue. * We have added Python bindings for the gsapi interface, can be found in demos/python. These are experimental, and we welcome feedback from interested developers. * For those integrating Ghostscript/GhostPDL via the gsapi interface, we have added new capabilities to that, specifically in terms of setting and interrogating device parameters. These, along with the existing interface calls, are documented in: Ghostscript Interpreter API at https://www.ghostscript.com/doc/9.53.3/API.htm * The usual round of bug fixes, compatibility changes, and incremental improvements. * For a list of open issues, or to report problems, please visit bugs.ghostscript.com Incompatible changes: * As of 9.53.0, we have (re-)introduced the patch level to the version number, this helps facilitate a revised policy on handling security related issues. Note for GSView Users: The patch level addition breaks GSView 5 (it is hardcoded to check for versions 704-999). It is possible, but not guaranteed that a GSView update might be forthcoming to resolve this. For a release summary see: https://www.ghostscript.com/doc/9.53.3/News.htm For details see the News.htm and History9.htm files.- CVE-2020-15900.patch is no longer needed because it is fixed in the upstream sources.- Ghostscript 9.53.3 fixes in particular txtwrite memory issues (boo#1177922). * Tue Jul 28 2020 jsmeixAATTsuse.de- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) * Wed Apr 29 2020 jsmeixAATTsuse.de- The version upgrade to 9.52 fixes in particular CVE-2020-12268: jbic2dec: heap-based buffer overflow in jbig2_image_compose (bsc#1170603)- Version upgrade to 9.52 Highlights in this release include: * The 9.52 release replaces the 9.51 release after a problem was reported with 9.51 which warranted the quick turnaround. Thus, like 9.51, 9.52 is primarily a maintenance release, consolidating the changes we introduced in 9.50. * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt (the \"mt\" indicating \"multi-thread\"). LCMS2 is not thread-safe, and cannot be made thread-safe without breaking the ABI. Our fork will be thread-safe and include performance enhancements (these changes have all been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. If there is sufficient interest, our fork will be available as its own package separately from Ghostscript (and MuPDF). * The usual round of bug fixes, compatibility changes, and incremental improvements. Incompatible changes: * New option -dALLOWPSTRANSPARENCY: The transparency compositor (and related features), whilst we are improving it, remains sensitive to being driven correctly, and incorrect use can have unexpected/undefined results. Hence, as part of improving security, we limited access to these operators, originally using the -dSAFER feature. As we made \"SAFER\" the default mode, that became unacceptable, hence the new option -dALLOWPSTRANSPARENCY which enables access to the operators, cf. https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY For a release summary see: https://www.ghostscript.com/doc/9.52/News.htm For details see the News.htm and History9.htm files.- Version upgrade to 9.51 Highlights in this release include: * 9.51 is primarily a maintainance release, consolidating the changes we introduced in 9.50. * We have continued our work on code hygiene for this release, with a focus on the static analysis tool Coverity (from Synopsys, Inc) and we are now maintaining a policy of zero Coverity issues in the Ghostscript/GhostPDL source base. * IMPORTANT: In consultation with a representative of OpenPrinting (http://www.openprinting.org/) it is our intention to deprecate and, in the not distant future, remove the OpenPrinting Vector/Raster Printer Drivers (that is, the opvp and oprp devices). If you rely on either of these devices, please get in touch with us (i.e. Ghostscript upstream), so we can discuss your use case, and revise our plans accordingly. * We (i.e. Ghostscript upstream) are in the process of forking LittleCMS, cf. the other release notes entries below. * The usual round of bug fixes, compatibility changes, and incremental improvements. For a release summary see: https://www.ghostscript.com/doc/9.51/News.htm For details see the News.htm and History9.htm files.- Version upgrade to 9.50 Highlights in this release include: * The change to version 9.50 follows recognition of the extent and importance of the file access control redesign/reimplementation outlined below. * The file access control capability (enable with -dSAFER) has been completely rewritten, with a ground-up rethink of the design. For more details, see: \"SAFER\" at https://www.ghostscript.com/doc/9.50/Use.htm#Safer * It is important to note that -dSAFER now only enables the file access controls, and no longer applies restrictions to standard Postscript functionality (specifically, restrictions on setpagedevice). If your application relies on these Postscript restrictions, see \"OLDSAFER\" at https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer and please get in touch, as we do plan to remove those Postscript restrictions unless we have reason not to. IMPORTANT: File access controls are now enabled by default. In order to run Ghostscript without these controls, see \"NOSAFER\" at https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer * We (i.e. Ghostscript upstream) are in the process of forking LittleCMS, cf. the other release notes entries below. * The usual round of bug fixes, compatibility changes, and incremental improvements. Incompatible changes: * There are a couple of subtle incompatibilities between the old and new SAFER implementations. Firstly, as mentioned above, SAFER now leaves standard Postcript functionality unchanged (except for the file access limitations). Secondly, the interaction with save/restore operations, see \"SAFER\" at https://www.ghostscript.com/doc/9.50/Use.htm#Safer * The following is not strictly speaking new to 9.50, as not much has changed since 9.27 in this area, but for those who don\'t upgrade with every release: The process of \"tidying\" the Postscript name space should have removed only non-standard and undocumented operators. Nevertheless, it is possible that any integrations or utilities that rely on those non-standard and undocumented operators may stop working, or may change behaviour. If you encounter such a case, please contact us (i.e. Ghostscript upstream, either the #ghostscript IRC channel or the gs-devel mailing list would be best), and we\'ll work with you to either find an alternative solution or return the previous functionality, if there is genuinely no other option. One case we know this has occurred is GSView 5 (and earlier). GSView 5 support for PDF files relied upon internal use only features which are no longer available. GSView 5 will still work as previously for Postscript files. For PDF files, users are encouraged to look at MuPDF https://www.mupdf.com/ For a release summary see: https://www.ghostscript.com/doc/9.50/News.htm For details see the News.htm and History9.htm files.- CVE-2019-10216.patch gs-CVE-2019-14811-885444fc.patch gs-CVE-2019-14817-cd1b1cac.patch openjpeg4gs-CVE-2018-6616-8ee33522.patch are fixed in the version 9.52 upstream sources. * Fri Jan 31 2020 Stefan Brüns - Use system openjpeg2 on Tumbleweed/Factory.
|
|
|