From 4afbca2c1ec7a9e28b88359344d5475c8ecef682 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Mon, 11 Dec 2023 11:23:20 +0800 Subject: [PATCH] update to ghostscript-9.54.0-14.src.rpm Signed-off-by: Zhao Hang --- dist | 1 + ghostscript-9.54.0-CVE-2023-28879.patch | 44 ++++++ ghostscript-9.54.0-CVE-2023-36664.patch | 142 +++++++++++++++++ ghostscript-9.54.0-CVE-2023-38559.patch | 27 ++++ ghostscript-9.54.0-CVE-2023-43115.patch | 21 +++ ...ite-Substituted-TTF-CIDFont-CID-hand.patch | 106 +++++++++++++ ghostscript.spec | 149 ++++++++++-------- 7 files changed, 428 insertions(+), 62 deletions(-) create mode 100644 dist create mode 100644 ghostscript-9.54.0-CVE-2023-28879.patch create mode 100644 ghostscript-9.54.0-CVE-2023-36664.patch create mode 100644 ghostscript-9.54.0-CVE-2023-38559.patch create mode 100644 ghostscript-9.54.0-CVE-2023-43115.patch create mode 100644 ghostscript-9.54.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch diff --git a/dist b/dist new file mode 100644 index 0000000..0b1f29d --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an9_3 diff --git a/ghostscript-9.54.0-CVE-2023-28879.patch b/ghostscript-9.54.0-CVE-2023-28879.patch new file mode 100644 index 0000000..0629e99 --- /dev/null +++ b/ghostscript-9.54.0-CVE-2023-28879.patch @@ -0,0 +1,44 @@ +From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Fri, 24 Mar 2023 13:19:57 +0000 +Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding + +Bug #706494 "Buffer Overflow in s_xBCPE_process" + +As described in detail in the bug report, if the write buffer is filled +to one byte less than full, and we then try to write an escaped +character, we overrun the buffer because we don't check before +writing two bytes to it. + +This just checks if we have two bytes before starting to write an +escaped character and exits if we don't (replacing the consumed byte +of the input). + +Up for further discussion; why do we even permit a BCP encoding filter +anyway ? I think we should remove this, at least when SAFER is true. +--- + base/sbcp.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/base/sbcp.c b/base/sbcp.c +index 979ae0992..47fc233ec 100644 +--- a/base/sbcp.c ++++ b/base/sbcp.c +@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr, + byte ch = *++p; + + if (ch <= 31 && escaped[ch]) { ++ /* Make sure we have space to store two characters in the write buffer, ++ * if we don't then exit without consuming the input character, we'll process ++ * that on the next time round. ++ */ ++ if (pw->limit - q < 2) { ++ p--; ++ break; ++ } + if (p == rlimit) { + p--; + break; +-- +2.39.2 + diff --git a/ghostscript-9.54.0-CVE-2023-36664.patch b/ghostscript-9.54.0-CVE-2023-36664.patch new file mode 100644 index 0000000..dc5c234 --- /dev/null +++ b/ghostscript-9.54.0-CVE-2023-36664.patch @@ -0,0 +1,142 @@ +From 505eab7782b429017eb434b2b95120855f2b0e3c Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Wed, 7 Jun 2023 10:23:06 +0100 +Subject: [PATCH] Bug 706761: Don't "reduce" %pipe% file names for permission + validation + +For regular file names, we try to simplfy relative paths before we use them. + +Because the %pipe% device can, effectively, accept command line calls, we +shouldn't be simplifying that string, because the command line syntax can end +up confusing the path simplifying code. That can result in permitting a pipe +command which does not match what was originally permitted. + +Special case "%pipe" in the validation code so we always deal with the entire +string. +--- + base/gpmisc.c | 31 +++++++++++++++++++-------- + base/gslibctx.c | 56 ++++++++++++++++++++++++++++++++++++------------- + 2 files changed, 64 insertions(+), 23 deletions(-) + +diff --git a/base/gpmisc.c b/base/gpmisc.c +index 5f39ebba7..2fb87f769 100644 +--- a/base/gpmisc.c ++++ b/base/gpmisc.c +@@ -1076,16 +1076,29 @@ gp_validate_path_len(const gs_memory_t *mem, + && !memcmp(path + cdirstrl, dirsepstr, dirsepstrl)) { + prefix_len = 0; + } +- rlen = len+1; +- bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); +- if (bufferfull == NULL) +- return gs_error_VMerror; +- +- buffer = bufferfull + prefix_len; +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; + ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { ++ bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len+1; ++ bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); ++ if (bufferfull == NULL) ++ return gs_error_VMerror; ++ ++ buffer = bufferfull + prefix_len; ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + while (1) { + switch (mode[0]) + { +diff --git a/base/gslibctx.c b/base/gslibctx.c +index eb566ed06..d2a1aa91d 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -740,14 +740,28 @@ gs_add_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, co + return gs_error_rangecheck; + } + +- rlen = len+1; +- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); +- if (buffer == NULL) +- return gs_error_VMerror; ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { ++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len + 1; + +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; ++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_add_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + + n = control->num; + for (i = 0; i < n; i++) +@@ -833,14 +847,28 @@ gs_remove_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, + return gs_error_rangecheck; + } + +- rlen = len+1; +- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); +- if (buffer == NULL) +- return gs_error_VMerror; ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { ++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len+1; + +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; ++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_remove_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + + n = control->num; + for (i = 0; i < n; i++) { +-- +2.41.0 + diff --git a/ghostscript-9.54.0-CVE-2023-38559.patch b/ghostscript-9.54.0-CVE-2023-38559.patch new file mode 100644 index 0000000..19e6ecc --- /dev/null +++ b/ghostscript-9.54.0-CVE-2023-38559.patch @@ -0,0 +1,27 @@ +From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 17 Jul 2023 14:06:37 +0100 +Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from + devices/gdevpcx.c + +Bounds check the buffer, before dereferencing the pointer. +--- + base/gdevdevn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/base/gdevdevn.c b/base/gdevdevn.c +index 7b14d9c71..6351fb77a 100644 +--- a/base/gdevdevn.c ++++ b/base/gdevdevn.c +@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file + byte data = *from; + + from += step; +- if (data != *from || from == end) { ++ if (from >= end || data != *from) { + if (data >= 0xc0) + gp_fputc(0xc1, file); + } else { +-- +2.41.0 + diff --git a/ghostscript-9.54.0-CVE-2023-43115.patch b/ghostscript-9.54.0-CVE-2023-43115.patch new file mode 100644 index 0000000..184cb39 --- /dev/null +++ b/ghostscript-9.54.0-CVE-2023-43115.patch @@ -0,0 +1,21 @@ +--- a/devices/gdevijs.c ++++ b/devices/gdevijs.c +@@ -934,6 +934,9 @@ + static const char rgb[] = "DeviceRGB"; + gx_device_ijs *ijsdev = (gx_device_ijs *)dev; + ++ if (ijsdev->memory->gs_lib_ctx->core->path_control_active) ++ return_error(gs_error_invalidaccess); ++ + code = gx_default_finish_copydevice(dev, from_dev); + if(code < 0) + return code; +@@ -1363,7 +1366,7 @@ + if (code >= 0) + code = gsijs_read_string(plist, "IjsServer", + ijsdev->IjsServer, sizeof(ijsdev->IjsServer), +- dev->LockSafetyParams, is_open); ++ ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); + + if (code >= 0) + code = gsijs_read_string_malloc(plist, "DeviceManufacturer", diff --git a/ghostscript-9.54.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch b/ghostscript-9.54.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch new file mode 100644 index 0000000..29dbebb --- /dev/null +++ b/ghostscript-9.54.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch @@ -0,0 +1,106 @@ +From 346f12459aa67cdb5ff9e267c2c8cccc17f4a376 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Wed, 15 Mar 2023 15:38:29 +0000 +Subject: [PATCH] Bug 706478: pdfwrite: Substituted TTF CIDFont CID handling + +The PS interpreter callback that handles converting a CID to a TTF GID did +not handle the case of substituted CIDFonts. + +It requires looking up the CID on the Decoding (to get a Unicode code point), +and then looking up the code point in the TTF cmap table to get the GID. + +The rendering code already handled it. +--- + psi/zfcid1.c | 73 +++++++++++++++++++++++++++++++++------------------- + 1 file changed, 46 insertions(+), 27 deletions(-) + +diff --git a/psi/zfcid1.c b/psi/zfcid1.c +index fd502ff12..55de85d45 100644 +--- a/psi/zfcid1.c ++++ b/psi/zfcid1.c +@@ -77,37 +77,56 @@ + int gdbytes = pfont->cidata.common.GDBytes; + int gnum = 0; + const byte *data; +- int i, code; ++ int i, code = -1; + ref rcid; + ref *prgnum; ++ ref *p, *fdict = pfont_dict(pfont); ++ ++ if (r_has_type(fdict, t_dictionary) && dict_find_string(fdict, "Path", &p)) { ++ ref *Decoding = NULL, *TT_cmap = NULL, *SubstNWP = NULL, src_type, dst_type; ++ uint c; ++ ++ code = dict_find_string(fdict, "Decoding", &Decoding); ++ if (code > 0) ++ code = dict_find_string(fdict, "TT_cmap", &TT_cmap); ++ if (code > 0) ++ code = dict_find_string(fdict, "SubstNWP", &SubstNWP); ++ if (code > 0) { ++ code = cid_to_TT_charcode(pfont->memory, Decoding, TT_cmap, SubstNWP, cid, &c, &src_type, &dst_type); ++ if (code >= 0) ++ gnum = c; ++ } ++ } + +- switch (r_type(pcidmap)) { +- case t_string: +- if (cid >= r_size(pcidmap) / gdbytes) +- return_error(gs_error_rangecheck); +- data = pcidmap->value.const_bytes + cid * gdbytes; +- break; +- case t_integer: +- return cid + pcidmap->value.intval; +- case t_dictionary: +- make_int(&rcid, cid); +- code = dict_find(pcidmap, &rcid, &prgnum); +- if (code <= 0) +- return (code < 0 ? code : gs_note_error(gs_error_undefined)); +- if (!r_has_type(prgnum, t_integer)) +- return_error(gs_error_typecheck); +- return prgnum->value.intval; +- default: /* array type */ +- code = string_array_access_proc(pfont->memory, pcidmap, 1, cid * gdbytes, +- gdbytes, NULL, NULL, &data); ++ if (code < 0) { ++ switch (r_type(pcidmap)) { ++ case t_string: ++ if (cid >= r_size(pcidmap) / gdbytes) ++ return_error(gs_error_rangecheck); ++ data = pcidmap->value.const_bytes + cid * gdbytes; ++ break; ++ case t_integer: ++ return cid + pcidmap->value.intval; ++ case t_dictionary: ++ make_int(&rcid, cid); ++ code = dict_find(pcidmap, &rcid, &prgnum); ++ if (code <= 0) ++ return (code < 0 ? code : gs_note_error(gs_error_undefined)); ++ if (!r_has_type(prgnum, t_integer)) ++ return_error(gs_error_typecheck); ++ return prgnum->value.intval; ++ default: /* array type */ ++ code = string_array_access_proc(pfont->memory, pcidmap, 1, cid * gdbytes, ++ gdbytes, NULL, NULL, &data); + +- if (code < 0) +- return code; +- if ( code > 0 ) +- return_error(gs_error_invalidfont); ++ if (code < 0) ++ return code; ++ if ( code > 0 ) ++ return_error(gs_error_invalidfont); ++ } ++ for (i = 0; i < gdbytes; ++i) ++ gnum = (gnum << 8) + data[i]; + } +- for (i = 0; i < gdbytes; ++i) +- gnum = (gnum << 8) + data[i]; + if (gnum >= pfont->data.trueNumGlyphs) + return_error(gs_error_invalidfont); + return gnum; +-- +2.39.2 + diff --git a/ghostscript.spec b/ghostscript.spec index e43c770..beb0dc6 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -39,56 +39,56 @@ # ============================================================================= -Name: ghostscript -Summary: Interpreter for PostScript language & PDF -Version: 9.54.0 -Release: 9%{?dist} +Name: ghostscript +Summary: Interpreter for PostScript language & PDF +Version: 9.54.0 +Release: 14%{?dist} -License: AGPLv3+ +License: AGPLv3+ -URL: https://ghostscript.com/ -Source: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs%{version_short}/ghostscript-%{version}.tar.xz +URL: https://ghostscript.com/ +Source: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs%{version_short}/ghostscript-%{version}.tar.xz -Requires: libgs%{?_isa} = %{version}-%{release} -Requires: jbig2dec-libs = %{jbig2dec_version} -Requires: %{name}-tools-fonts%{?_isa} = %{version}-%{release} -Requires: %{name}-tools-printing%{?_isa} = %{version}-%{release} +Requires: libgs%{?_isa} = %{version}-%{release} +Requires: jbig2dec-libs = %{jbig2dec_version} +Requires: %{name}-tools-fonts%{?_isa} = %{version}-%{release} +Requires: %{name}-tools-printing%{?_isa} = %{version}-%{release} -Provides: ghostscript-core = %{version}-%{release} -Obsoletes: ghostscript-core < 9.53.3-6 +Provides: ghostscript-core = %{version}-%{release} +Obsoletes: ghostscript-core < 9.53.3-6 # Auxiliary build requirements: -BuildRequires: automake -BuildRequires: gcc -BuildRequires: git +BuildRequires: automake +BuildRequires: gcc +BuildRequires: git # Already packaged Resources -- needed to build package correctly: -BuildRequires: adobe-mappings-cmap-devel -BuildRequires: adobe-mappings-pdf-devel -BuildRequires: google-droid-sans-fonts -BuildRequires: urw-base35-fonts-devel +BuildRequires: adobe-mappings-cmap-devel +BuildRequires: adobe-mappings-pdf-devel +BuildRequires: google-droid-sans-fonts +BuildRequires: urw-base35-fonts-devel # Already packaged software -- needed for debundling of Ghostscript: -BuildRequires: cups-devel -BuildRequires: dbus-devel -BuildRequires: fontconfig-devel -BuildRequires: freetype-devel -BuildRequires: jbig2dec-devel = %{jbig2dec_version} -BuildRequires: jbig2dec-libs = %{jbig2dec_version} -BuildRequires: lcms2-devel -BuildRequires: libidn2-devel -BuildRequires: libijs-devel -BuildRequires: libjpeg-turbo-devel -BuildRequires: libpng-devel -BuildRequires: libpaper-devel -BuildRequires: libtiff-devel -BuildRequires: openjpeg2-devel -BuildRequires: zlib-devel +BuildRequires: cups-devel +BuildRequires: dbus-devel +BuildRequires: fontconfig-devel +BuildRequires: freetype-devel +BuildRequires: jbig2dec-devel = %{jbig2dec_version} +BuildRequires: jbig2dec-libs = %{jbig2dec_version} +BuildRequires: lcms2-devel +BuildRequires: libidn2-devel +BuildRequires: libijs-devel +BuildRequires: libjpeg-turbo-devel +BuildRequires: libpng-devel +BuildRequires: libpaper-devel +BuildRequires: libtiff-devel +BuildRequires: openjpeg2-devel +BuildRequires: zlib-devel # Enabling the GUI possibilities of Ghostscript: -BuildRequires: gtk3-devel -BuildRequires: libXt-devel -BuildRequires: make +BuildRequires: gtk3-devel +BuildRequires: libXt-devel +BuildRequires: make # ============================================================================= @@ -108,6 +108,11 @@ Patch003: ghostscript-9.54.0-covscan-fixes.patch Patch004: ghostscript-9.54.0-Fix-op-stack-management-in-sampled_data_c.patch Patch005: ghostscript-9.54.0-Deal-with-different-VM-modes-during-CIDFont-loading.patch Patch006: ghostscript-9.54.0-ESC-Page-driver-does-not-set-page-size-correctly.patch +Patch007: ghostscript-9.54.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch +Patch008: ghostscript-9.54.0-CVE-2023-28879.patch +Patch009: ghostscript-9.54.0-CVE-2023-36664.patch +Patch010: ghostscript-9.54.0-CVE-2023-38559.patch +Patch011: ghostscript-9.54.0-CVE-2023-43115.patch # Downstream patches -- these should be always included when doing rebase: # ------------------ @@ -135,12 +140,12 @@ of document pages, as well as conversions between different document formats. # Below requirements are resources, which are not detected by RPM automatically: %package -n libgs -Summary: Library providing Ghostcript's core functionality -Requires: adobe-mappings-cmap -Requires: adobe-mappings-cmap-deprecated -Requires: adobe-mappings-pdf -Requires: google-droid-sans-fonts -Requires: urw-base35-fonts +Summary: Library providing Ghostcript's core functionality +Requires: adobe-mappings-cmap +Requires: adobe-mappings-cmap-deprecated +Requires: adobe-mappings-pdf +Requires: google-droid-sans-fonts +Requires: urw-base35-fonts %description -n libgs This library provides Ghostscript's core functionality, based on Ghostscript's @@ -149,14 +154,14 @@ API, which is useful for many packages that are build on top of Ghostscript. # --------------- %package -n libgs-devel -Summary: Development files for Ghostscript's library -Requires: libgs%{?_isa} = %{version}-%{release} +Summary: Development files for Ghostscript's library +Requires: libgs%{?_isa} = %{version}-%{release} # This virtual provides is useful in case people get confused what *-devel # subpackage they should actually use (i.e. ghostscript-devel vss libgs-devel?). # By having this virtual provide both of the options above will work... -Provides: %{name}-devel = %{version}-%{release} -Provides: %{name}-devel%{?_isa} = %{version}-%{release} +Provides: %{name}-devel = %{version}-%{release} +Provides: %{name}-devel%{?_isa} = %{version}-%{release} %description -n libgs-devel This package contains development files that are useful for building packages @@ -173,9 +178,9 @@ against Ghostscript's library, which provides Ghostscript's core functionality. # more convenient (even for users) to have a direct requiremnt for the # executable instead of package. %package tools-dvipdf -Summary: Ghostscript's 'dvipdf' utility -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: /usr/bin/dvips +Summary: Ghostscript's 'dvipdf' utility +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: /usr/bin/dvips %description tools-dvipdf This package provides the utility 'dvipdf' for converting of TeX DVI files into @@ -184,8 +189,8 @@ PDF files using Ghostscript and dvips. # --------------- %package tools-fonts -Summary: Ghostscript's font utilities -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Ghostscript's font utilities +Requires: %{name}%{?_isa} = %{version}-%{release} %description tools-fonts This package provides utilities which are useful when you are working with AFM, @@ -194,8 +199,8 @@ PFB or PFA files, mostly for conversion purposes. # --------------- %package tools-printing -Summary: Ghostscript's printing utilities -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Ghostscript's printing utilities +Requires: %{name}%{?_isa} = %{version}-%{release} %description tools-printing This package provides utilities for formatting and printing text files using @@ -207,8 +212,8 @@ Hint Stream of a linearized PDF file. # --------------- %package gtk -Summary: Ghostscript's GTK-based document renderer -Requires: libgs%{?_isa} = %{version}-%{release} +Summary: Ghostscript's GTK-based document renderer +Requires: libgs%{?_isa} = %{version}-%{release} %description gtk This package provides GTK-based utility 'gsx', which can be used for displaying @@ -217,8 +222,8 @@ of various document files (including PS and PDF). # --------------- %package x11 -Summary: Ghostscript's X11-based driver for document rendering -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Ghostscript's X11-based driver for document rendering +Requires: %{name}%{?_isa} = %{version}-%{release} %description x11 This package provides X11-based driver for Ghostscript, which enables displaying @@ -227,9 +232,9 @@ of various document files (including PS and PDF). # --------------- %package doc -Summary: Documentation files for Ghostscript -Requires: %{name} = %{version}-%{release} -BuildArch: noarch +Summary: Documentation files for Ghostscript +Requires: %{name} = %{version}-%{release} +BuildArch: noarch %description doc This package provides detailed documentation files for Ghostscript software. @@ -441,6 +446,26 @@ done # ============================================================================= %changelog +* Thu Oct 12 2023 Richard Lescak - 9.54.0-14 +- fix for CVE-2023-43115 +- Resolves: RHEL-10184 + +* Fri Aug 04 2023 Richard Lescak - 9.54.0-13 +- fix for CVE-2023-38559 +- Resolves: rhbz#2224372 + +* Tue Aug 01 2023 Richard Lescak - 9.54.0-12 +- fix for CVE-2023-36664 +- Resolves: rhbz#2217810 + +* Fri May 05 2023 Richard Lescak - 9.54.0-11 +- fix for CVE-2023-28879 +- Resolves: rhbz#2188300 + +* Fri Mar 17 2023 Richard Lescak - 9.54.0-10 +- fix embedding of CIDFonts +- Resolves: rhbz#2179023 + * Thu Feb 02 2023 Richard Lescak - 9.54.0-9 - set the page size for A4 correctly in ESC/Page driver - Resolves: rhbz#2164613 -- Gitee