diff --git a/ghostscript-9.23-100-run-dvipdf-securely.patch b/ghostscript-9.23-100-run-dvipdf-securely.patch deleted file mode 100644 index 80b0b7daf0b3c753121ef6d0d380d992181464e2..0000000000000000000000000000000000000000 --- a/ghostscript-9.23-100-run-dvipdf-securely.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 91c9c6d17d445781ee572c281b8b9d75d96f9df8 Mon Sep 17 00:00:00 2001 -From: "David Kaspar [Dee'Kej]" -Date: Fri, 7 Oct 2016 13:57:01 +0200 -Subject: [PATCH] Make sure 'dvipdf' is being run securely - ---- - lib/dvipdf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/dvipdf b/lib/dvipdf -index 802aeab..c92dfb0 100755 ---- a/lib/dvipdf -+++ b/lib/dvipdf -@@ -43,4 +43,4 @@ fi - - # We have to include the options twice because -I only takes effect if it - # appears before other options. --exec dvips -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS -c .setpdfwrite - -+exec dvips -R -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS -c .setpdfwrite - --- -2.14.3 - diff --git a/ghostscript-9.54.0-Fix-op-stack-management-in-sampled_data_c.patch b/ghostscript-9.54.0-Fix-op-stack-management-in-sampled_data_c.patch new file mode 100644 index 0000000000000000000000000000000000000000..27ca0b2751c85d4705f36e2c8295808782af7c80 --- /dev/null +++ b/ghostscript-9.54.0-Fix-op-stack-management-in-sampled_data_c.patch @@ -0,0 +1,64 @@ +From 2a3129365d3bc0d4a41f107ef175920d1505d1f7 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Tue, 1 Jun 2021 19:57:16 +0100 +Subject: [PATCH] Bug 703902: Fix op stack management in + sampled_data_continue() + +Replace pop() (which does no checking, and doesn't handle stack extension +blocks) with ref_stack_pop() which does do all that. + +We still use pop() in one case (it's faster), but we have to later use +ref_stack_pop() before calling sampled_data_sample() which also accesses the +op stack. + +Fixes: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 +--- + psi/zfsample.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 0e8e4bc8d..00cd0cfdd 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -533,15 +533,19 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + for (j = 0; j < bps; j++) + data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8)); /* MSB first */ + } +- pop(num_out); /* Move op to base of result values */ + +- /* Check if we are done collecting data. */ ++ pop(num_out); /* Move op to base of result values */ + ++ /* From here on, we have to use ref_stack_pop() rather than pop() ++ so that it handles stack extension blocks properly, before calling ++ sampled_data_sample() which also uses the op stack. ++ */ ++ /* Check if we are done collecting data. */ + if (increment_cube_indexes(params, penum->indexes)) { + if (stack_depth_adjust == 0) +- pop(O_STACK_PAD); /* Remove spare stack space */ ++ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ + else +- pop(stack_depth_adjust - num_out); ++ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); + /* Execute the closing procedure, if given */ + code = 0; + if (esp_finish_proc != 0) +@@ -554,11 +558,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + if ((O_STACK_PAD - stack_depth_adjust) < 0) { + stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); + check_op(stack_depth_adjust); +- pop(stack_depth_adjust); ++ ref_stack_pop(&o_stack, stack_depth_adjust); + } + else { + check_ostack(O_STACK_PAD - stack_depth_adjust); +- push(O_STACK_PAD - stack_depth_adjust); ++ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); + for (i=0;ivdev; + const gs_matrix *const pmat = &state->scale_mat; +diff -ur ghostscript-9.54.0/base/gdevvec.h ghostscript-9.54.0-patched/base/gdevvec.h +--- ghostscript-9.54.0/base/gdevvec.h ++++ ghostscript-9.54.0-patched/base/gdevvec.h +@@ -306,7 +306,7 @@ + + /* Write a segment of a path using the default implementation. */ + int gdev_vector_dopath_segment(gdev_vector_dopath_state_t *state, int pe_op, +- gs_fixed_point vs[3]); ++ gs_fixed_point *vs); + + typedef struct gdev_vector_path_seg_record_s { + int op; +diff -ur ghostscript-9.54.0/base/gxclpath.c ghostscript-9.54.0-patched/base/gxclpath.c +--- ghostscript-9.54.0/base/gxclpath.c 2021-03-30 09:40:28.000000000 +0200 ++++ ghostscript-9.54.0-patched/base/gxclpath.c 2021-11-23 11:06:14.670137576 +0100 +@@ -715,10 +715,10 @@ + } else { + code = set_cmd_put_op(&dp, cldev, pcls, cmd_opv_set_color_space, + 2 + sizeof(clist_icc_color_t)); +- memcpy(dp + 2, &(cldev->color_space.icc_info), +- sizeof(clist_icc_color_t)); + if (code < 0) + return code; ++ memcpy(dp + 2, &(cldev->color_space.icc_info), ++ sizeof(clist_icc_color_t)); + } + dp[1] = cldev->color_space.byte1; + pcls->known |= color_space_known; +diff -ur ghostscript-9.54.0/extract/src/mem.c ghostscript-9.54.0-patched/extract/src/mem.c +--- ghostscript-9.54.0/extract/src/mem.c 2021-03-30 09:40:28.000000000 +0200 ++++ ghostscript-9.54.0-patched/extract/src/mem.c 2021-11-23 11:11:37.293082828 +0100 +@@ -19,14 +19,24 @@ + int extract_vasprintf(extract_alloc_t* alloc, char** out, const char* format, va_list va) + { + int n; +- int n2; ++ int ret; + va_list va2; + va_copy(va2, va); + n = vsnprintf(NULL, 0, format, va); +- if (n < 0) return n; +- if (extract_malloc(alloc, out, n + 1)) return -1; +- n2 = vsnprintf(*out, n + 1, format, va2); ++ if (n < 0) ++ { ++ ret = n; ++ goto end; ++ } ++ if (extract_malloc(alloc, out, n + 1)) ++ { ++ ret = -1; ++ goto end; ++ } ++ vsnprintf(*out, n + 1, format, va2); ++ ret = 0; ++ ++ end: + va_end(va2); +- assert(n2 == n); +- return n2; ++ return ret; + } +diff -ur ghostscript-9.54.0/psi/icie.h ghostscript-9.54.0-patched/psi/icie.h +--- ghostscript-9.54.0/psi/icie.h 2021-03-30 09:40:28.000000000 +0200 ++++ ghostscript-9.54.0-patched/psi/icie.h 2021-10-29 12:48:43.405814563 +0200 +@@ -53,7 +53,7 @@ + + /* Get 3 procedures from a dictionary. */ + int dict_proc3_param(const gs_memory_t *mem, const ref *pdref, +- const char *kstr, ref proc3[3]); ++ const char *kstr, ref *proc3); + + /* Get WhitePoint and BlackPoint values. */ + int cie_points_param(const gs_memory_t *mem, +diff -ur ghostscript-9.54.0/psi/zcie.c ghostscript-9.54.0-patched/psi/zcie.c +--- ghostscript-9.54.0/psi/zcie.c 2021-03-30 09:40:28.000000000 +0200 ++++ ghostscript-9.54.0-patched/psi/zcie.c 2021-11-02 14:36:28.463448728 +0100 +@@ -144,7 +144,7 @@ + + /* Get 3 procedures from a dictionary. */ + int +-dict_proc3_param(const gs_memory_t *mem, const ref *pdref, const char *kstr, ref proc3[3]) ++dict_proc3_param(const gs_memory_t *mem, const ref *pdref, const char *kstr, ref *proc3) + { + return dict_proc_array_param(mem, pdref, kstr, 3, proc3); + } diff --git a/ghostscript-9.54.0-gdevtxtw-null-also-pointers.patch b/ghostscript-9.54.0-gdevtxtw-null-also-pointers.patch new file mode 100644 index 0000000000000000000000000000000000000000..90b98597902fb7557f35c7bbe8d88b695ecce44b --- /dev/null +++ b/ghostscript-9.54.0-gdevtxtw-null-also-pointers.patch @@ -0,0 +1,46 @@ +diff --git a/devices/vector/gdevtxtw.c b/devices/vector/gdevtxtw.c +index c6b95ed5b..f103d598b 100644 +--- a/devices/vector/gdevtxtw.c ++++ b/devices/vector/gdevtxtw.c +@@ -1982,16 +1982,26 @@ textw_text_release(gs_text_enum_t *pte, client_name_t cname) + gx_device_txtwrite_t *const tdev = (gx_device_txtwrite_t *) pte->dev; + + /* Free the working buffer where the Unicode was assembled from the enumerated text */ +- if (penum->TextBuffer) ++ if (penum->TextBuffer) { + gs_free(tdev->memory, penum->TextBuffer, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer"); +- if (penum->Widths) ++ penum->TextBuffer = NULL; ++ } ++ if (penum->Widths) { + gs_free(tdev->memory, penum->Widths, sizeof(float), pte->text.size, "txtwrite free temporary widths array"); +- if (penum->Advs) ++ penum->Widths = NULL; ++ } ++ if (penum->Advs) { + gs_free(tdev->memory, penum->Advs, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer"); +- if (penum->GlyphWidths) ++ penum->Advs = NULL; ++ } ++ if (penum->GlyphWidths) { + gs_free(tdev->memory, penum->GlyphWidths, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer"); +- if (penum->SpanDeltaX) ++ penum->GlyphWidths = NULL; ++ } ++ if (penum->SpanDeltaX) { + gs_free(tdev->memory, penum->SpanDeltaX, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer"); ++ penum->SpanDeltaX = NULL; ++ } + /* If this is copied away when we complete the text enumeration succesfully, then + * we set the pointer to NULL, if we get here with it non-NULL , then there was + * an error. +@@ -2008,6 +2018,7 @@ textw_text_release(gs_text_enum_t *pte, client_name_t cname) + if (penum->text_state->FontName) + gs_free(tdev->memory, penum->text_state->FontName, 1, penum->TextBufferIndex, "txtwrite free temporary font name copy"); + gs_free(tdev->memory, penum->text_state, 1, sizeof(penum->text_state), "txtwrite free text state"); ++ penum->text_state = NULL; + } + } + +-- +2.17.1 diff --git a/ghostscript-9.54.0-include-pipe-handle-in-validation.patch b/ghostscript-9.54.0-include-pipe-handle-in-validation.patch new file mode 100644 index 0000000000000000000000000000000000000000..39a8bb7568fdc528bdab929fc145dcf67ee2c4d3 --- /dev/null +++ b/ghostscript-9.54.0-include-pipe-handle-in-validation.patch @@ -0,0 +1,208 @@ +diff --git a/base/gdevpipe.c b/base/gdevpipe.c +index 96d71f5d81..752a2f1d94 100644 +--- a/base/gdevpipe.c ++++ b/base/gdevpipe.c +@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, + #else + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ /* The pipe device can be reached in two ways, explicltly with %pipe% ++ or implicitly with "|", so we have to check for both ++ */ ++ char f[gp_file_name_sizeof]; ++ const char *pipestr = "|"; ++ const size_t pipestrlen = strlen(pipestr); ++ int code1; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ code1 = gp_validate_path(mem, f, access); ++ ++ memcpy(f, pipestr, pipestrlen); ++ memcpy(f + pipestrlen, fname, nlen + 1); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) + return gs_error_invalidfileaccess; + + /* +diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c +index 2b964ed749..8d87ceadc0 100644 +--- a/base/gp_mshdl.c ++++ b/base/gp_mshdl.c +@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, + long hfile; /* Correct for Win32, may be wrong for Win64 */ + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ char f[gp_file_name_sizeof]; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, f, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_handle method. */ +diff --git a/base/gp_msprn.c b/base/gp_msprn.c +index ed48279685..746a974f78 100644 +--- a/base/gp_msprn.c ++++ b/base/gp_msprn.c +@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + uintptr_t *ptid = &((tid_t *)(iodev->state))->tid; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(pname, iodev->dname, preflen); ++ memcpy(pname + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, pname, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ +diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c +index f852c71fc8..ba54cde66f 100644 +--- a/base/gp_os2pr.c ++++ b/base/gp_os2pr.c +@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + FILE ** pfile, char *rfname, uint rnamelen) + { + os2_printer_t *pr = (os2_printer_t *)iodev->state; +- char driver_name[256]; ++ char driver_name[gp_file_name_sizeof]; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const int size_t = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(driver_name, iodev->dname, preflen); ++ memcpy(driver_name + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, driver_name, access) != 0) ++ return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ + /* Note that the loop condition here ensures we don't +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 6dfed6cd5a..318039fad0 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) + int + gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ + rewrite_percent_specifiers(f); +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_add_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_add_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ ++ code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_add_control_path(mem, gs_permit_file_writing, fp); ++ return gs_add_control_path(mem, gs_permit_file_writing, f); + } + + int + gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_remove_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_remove_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ rewrite_percent_specifiers(f); ++ ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_remove_control_path(mem, gs_permit_file_writing, fp); ++ return gs_remove_control_path(mem, gs_permit_file_writing, f); + } + + int +-- +2.17.1 + diff --git a/ghostscript-9.27.tar.xz b/ghostscript-9.54.0.tar.xz similarity index 55% rename from ghostscript-9.27.tar.xz rename to ghostscript-9.54.0.tar.xz index 9efe9917dc57431a94da65c9d76ea2ead4b025a3..1ff034bdb02142315193537c13b0b490b0066856 100644 Binary files a/ghostscript-9.27.tar.xz and b/ghostscript-9.54.0.tar.xz differ diff --git a/ghostscript-cve-2019-10216.patch b/ghostscript-cve-2019-10216.patch deleted file mode 100644 index 83fc1f97353050ef18417c92f75c09b7965b2d60..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2019-10216.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Fri, 2 Aug 2019 15:18:26 +0100 -Subject: Bug 701394: protect use of .forceput with executeonly - - -diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps -index 6c7735bc0c..a039ccee35 100644 ---- a/Resource/Init/gs_type1.ps -+++ b/Resource/Init/gs_type1.ps -@@ -118,25 +118,25 @@ - ( to be the same as glyph: ) print 1 index //== exec } if - 3 index exch 3 index .forceput - % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname -- } -+ }executeonly - {pop} ifelse -- } forall -+ } executeonly forall - pop pop -- } -+ } executeonly - { - pop pop pop - } ifelse -- } -+ } executeonly - { - % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname - pop pop - } ifelse -- } forall -+ } executeonly forall - 3 1 roll pop pop -- } if -+ } executeonly if - pop - dup /.AGLprocessed~GS //true .forceput -- } if -+ } executeonly if - - %% We need to excute the C .buildfont1 in a stopped context so that, if there - %% are errors we can put the stack back sanely and exit. Otherwise callers won't diff --git a/ghostscript-cve-2019-14811-14812-14813.patch b/ghostscript-cve-2019-14811-14812-14813.patch deleted file mode 100644 index ec4164b230a4e13b8da130539b424ba7e39c58f5..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2019-14811-14812-14813.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Tue, 20 Aug 2019 10:10:28 +0100 -Subject: make .forceput inaccessible - -Bug #701343, #701344, #701345 - -More defensive programming. We don't want people to access .forecput -even though it is no longer sufficient to bypass SAFER. The exploit -in #701343 didn't work anyway because of earlier work to stop the error -handler being used, but nevertheless, prevent access to .forceput from -.setuserparams2. - -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps -index 4cc7f820f..0fd416465 100644 ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -158,7 +158,7 @@ end - { - pop pop - } ifelse -- } forall -+ } executeonly forall - % A context switch might have occurred during the above loop, - % causing the interpreter-level parameters to be reset. - % Set them again to the new values. From here on, we are safe, -@@ -229,9 +229,9 @@ end - { pop pop - } - ifelse -- } -+ } executeonly - forall pop --} .bind odef -+} .bind executeonly odef - - % Initialize the passwords. - % NOTE: the names StartJobPassword and SystemParamsPassword are known to -diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps -index c158a8faf..422e66e1a 100644 ---- a/Resource/Init/gs_pdfwr.ps -+++ b/Resource/Init/gs_pdfwr.ps -@@ -658,11 +658,11 @@ currentdict /.pdfmarkparams .undef - systemdict /.pdf_hooked_DSC_Creator //true .forceput - } executeonly if - pop -- } if -+ } executeonly if - } { - pop - } ifelse -- } -+ } executeonly - { - pop - } ifelse diff --git a/ghostscript-cve-2019-14817.patch b/ghostscript-cve-2019-14817.patch deleted file mode 100644 index 2e6b7feeaecf0f692b6d72cea9e20bcb9c71ea40..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2019-14817.patch +++ /dev/null @@ -1,189 +0,0 @@ -diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps -index 1a218f4..cffde5c 100644 ---- a/Resource/Init/pdf_base.ps -+++ b/Resource/Init/pdf_base.ps -@@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef - { - dup ==only () = flush - } ifelse % PDFSTEP -- } if % PDFDEBUG -+ } executeonly if % PDFDEBUG - 2 copy .knownget { - exch pop exch pop exch pop exec - } { -diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps -index e18a7c2..0a3924c 100644 ---- a/Resource/Init/pdf_draw.ps -+++ b/Resource/Init/pdf_draw.ps -@@ -501,8 +501,8 @@ end - ( Output may be incorrect.\n) pdfformaterror - //pdfdict /.gs_warning_issued //true .forceput - PDFSTOPONERROR { /gs /undefined signalerror } if -- } if -- } -+ } executeonly if -+ } executeonly - ifelse - } bind executeonly def - -@@ -1142,7 +1142,7 @@ currentdict end readonly def - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput -@@ -1150,8 +1150,8 @@ currentdict end readonly def - pdfformaterror - } executeonly ifelse - end -- } ifelse -- } loop -+ } executeonly ifelse -+ } executeonly loop - { - (\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) - //pdfdict /.Qqwarning_issued .knownget -@@ -1165,14 +1165,14 @@ currentdict end readonly def - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -+ } executeonly if - pop - - % restore pdfemptycount -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps -index 9fb85f6..357ba30 100644 ---- a/Resource/Init/pdf_font.ps -+++ b/Resource/Init/pdf_font.ps -@@ -677,7 +677,7 @@ currentdict end readonly def - currentglobal 2 index dup gcheck setglobal - /FontInfo 5 dict dup 5 1 roll .forceput - setglobal -- } if -+ } executeonly if - dup /GlyphNames2Unicode .knownget not { - //true % No existing G2U, make one - } { -@@ -701,9 +701,9 @@ currentdict end readonly def - } if - PDFDEBUG { - (.processToUnicode end) = -- } if -- } if -- } stopped -+ } executeonly if -+ } executeonly if -+ } executeonly stopped - { - .dstackdepth 1 countdictstack 1 sub - {pop end} for -@@ -1233,19 +1233,20 @@ currentdict /eexec_pdf_param_dict .undef - //pdfdict /.Qqwarning_issued //true .forceput - } executeonly if - Q -- } repeat -+ } executeonly repeat - Q -- } PDFfile fileposition 2 .execn % Keep pdfcount valid. -+ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid. - PDFfile exch setfileposition -- } ifelse -- } { -+ } executeonly ifelse -+ } executeonly -+ { - % PDF Type 3 fonts don't use .notdef - % d1 implementation adjusts the width as needed - 0 0 0 0 0 0 - pdfopdict /d1 get exec - } ifelse - end end -- } bdef -+ } executeonly bdef - dup currentdict Encoding .processToUnicode - currentdict end .completefont exch pop - } bind executeonly odef -@@ -2045,9 +2046,9 @@ currentdict /CMap_read_dict undef - (Will continue, but content may be missing.) = flush - } ifelse - } if -- } if -+ } executeonly if - /findresource cvx /undefined signalerror -- } loop -+ } executeonly loop - } bind executeonly odef - - /buildCIDType0 { % buildCIDType0 -diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps -index 5305ea6..a59e63c 100644 ---- a/Resource/Init/pdf_main.ps -+++ b/Resource/Init/pdf_main.ps -@@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -- } if -+ } executeonly if -+ } executeonly if - pop - count PDFexecstackcount sub { pop } repeat - (after exec) VMDEBUG -diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps -index 285e582..6c1f100 100644 ---- a/Resource/Init/pdf_ops.ps -+++ b/Resource/Init/pdf_ops.ps -@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -+ } executeonly if - } bind executeonly odef - - % Save PDF gstate -@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef - dup type /booleantype eq { - .currentSMask type /dicttype eq { - .currentSMask /Processed 2 index .forceput -+ } executeonly -+ { -+ .setSMask -+ }ifelse - } executeonly - { -- .setSMask -- }ifelse -- }{ - .setSMask - }ifelse - diff --git a/ghostscript-cve-2020-16290.patch b/ghostscript-cve-2020-16290.patch deleted file mode 100644 index 9329f39bff2d2aff56beaa90841ae29e6e67f58f..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16290.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/devices/gdev3852.c b/devices/gdev3852.c -index e21b403..2bee8ec 100644 ---- a/devices/gdev3852.c -+++ b/devices/gdev3852.c -@@ -76,6 +76,13 @@ jetp3852_print_page(gx_device_printer *pdev, FILE *prn_stream) - { int lnum; - int line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev); - int num_blank_lines = 0; -+ -+ if (line_size > DATA_SIZE) { -+ emprintf2(pdev->memory, "invalid resolution and/or width gives line_size = %d, max. is %d\n", -+ line_size, DATA_SIZE); -+ return_error(gs_error_rangecheck); -+ } -+ - for ( lnum = 0; lnum < pdev->height; lnum++ ) - { byte *end_data = data + line_size; - gdev_prn_copy_scan_lines(pdev, lnum, diff --git a/ghostscript-cve-2020-16291.patch b/ghostscript-cve-2020-16291.patch deleted file mode 100644 index 39bc9d86d65bfe94df5d4383b3357dda1f0daad9..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16291.patch +++ /dev/null @@ -1,257 +0,0 @@ -diff --git a/contrib/gdevdj9.c b/contrib/gdevdj9.c -index eec1c77..a4e8e9c 100644 ---- a/contrib/gdevdj9.c -+++ b/contrib/gdevdj9.c -@@ -575,26 +575,55 @@ static int cdj_set_bpp(gx_device *, int, int); - static int - hp_colour_open(gx_device * pdev) - { -- int retCode; -+ int retCode = 0; -+ -+ /* Change the margins if necessary. */ -+ static const float dj_a4[4] = { -+ DESKJET_MARGINS_A4 -+ }; -+ -+ static const float dj_letter[4] = { -+ DESKJET_MARGINS_LETTER -+ }; -+ const float *m = (float *)0; - - cdj970->PageCtr = 0; - -+ /* quality setup */ -+ if (cdj970->quality == DRAFT) { -+ gx_device_set_resolution((gx_device *) pdev, 300.0, 300.0); -+ cdj970->xscal = 0; -+ cdj970->yscal = 0; -+ cdj970->intensities = 2; -+ } else if (cdj970->quality == NORMAL) { -+ gx_device_set_resolution((gx_device *) pdev, 600.0, 600.0); -+ cdj970->xscal = 1; -+ cdj970->yscal = 1; -+ /* intensities = 4 from initialization */ -+ } else { /* quality == PRESENTATION */ -+ gx_device_set_resolution((gx_device *) pdev, 600.0, 600.0); -+ cdj970->xscal = 0; -+ cdj970->yscal = 0; -+ /* intensities = 4 from initialization */ -+ } -+ -+ m = (gdev_pcl_paper_size((gx_device *) pdev) == -+ PAPER_SIZE_A4 ? dj_a4 : dj_letter); -+ -+ gx_device_set_margins((gx_device *) pdev, m, true); -+ - /* Set up colour params if put_params has not already done so */ - if (pdev->color_info.num_components == 0) { -- int code = cdj_set_bpp(pdev, pdev->color_info.depth, -+ retCode = cdj_set_bpp(pdev, pdev->color_info.depth, - pdev->color_info.num_components); - -- if (code < 0) -- return code; -+ if (retCode < 0) -+ return retCode; - } - - retCode = gdev_prn_open(pdev); -- if (retCode < 0) -- return (retCode); -- else { -+ if (retCode >= 0) { - retCode = gdev_prn_open_printer(pdev, true); -- if (retCode < 0) -- return (retCode); - } - - return 0; -@@ -648,26 +677,25 @@ cdj970_put_params(gx_device * pdev, gs_param_list * plist) - int bpp = 0; - int code = 0; - -- code = cdj_put_param_int(plist, "BitsPerPixel", &bpp, 1, 32, code); -- code = cdj_put_param_int(plist, "Quality", &quality, 0, 2, code); -- code = cdj_put_param_int(plist, "Papertype", &papertype, 0, 4, code); -- code = cdj_put_param_int(plist, "Duplex", &duplex, 0, 2, code); -- code = -- cdj_put_param_float(plist, "MasterGamma", &mastergamma, 0.1, 9.0, -- code); -- code = -- cdj_put_param_float(plist, "GammaValC", &gammavalc, 0.0, 9.0, code); -- code = -- cdj_put_param_float(plist, "GammaValM", &gammavalm, 0.0, 9.0, code); -- code = -- cdj_put_param_float(plist, "GammaValY", &gammavaly, 0.0, 9.0, code); -- code = -- cdj_put_param_float(plist, "GammaValK", &gammavalk, 0.0, 9.0, code); -- code = -- cdj_put_param_float(plist, "BlackCorrect", &blackcorrect, 0.0, 9.0, -- code); -- -- if (code < 0) -+ if ((code = cdj_put_param_int(plist, "BitsPerPixel", &bpp, 1, 32, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_int(plist, "Quality", &quality, 0, 2, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_int(plist, "Papertype", &papertype, 0, 4, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_int(plist, "Duplex", &duplex, 0, 2, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_float(plist, "MasterGamma", &mastergamma, 0.1, 9.0, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_float(plist, "GammaValC", &gammavalc, 0.0, 9.0, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_float(plist, "GammaValM", &gammavalm, 0.0, 9.0, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_float(plist, "GammaValY", &gammavaly, 0.0, 9.0, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_float(plist, "GammaValK", &gammavalk, 0.0, 9.0, code)) < 0) -+ return code; -+ if ((code = cdj_put_param_float(plist, "BlackCorrect", &blackcorrect, 0.0, 9.0, code)) < 0) - return code; - - code = cdj_put_param_bpp(pdev, plist, bpp, bpp, 0); -@@ -676,6 +704,12 @@ cdj970_put_params(gx_device * pdev, gs_param_list * plist) - return code; - - cdj970->quality = quality; -+ if (cdj970->quality != quality) { -+ if (pdev->is_open) -+ gs_closedevice(pdev); /* quality can change resolution, force re-open */ -+ cdj970->quality = quality; -+ } -+ - cdj970->papertype = papertype; - cdj970->duplex = duplex; - cdj970->mastergamma = mastergamma; -@@ -685,7 +719,7 @@ cdj970_put_params(gx_device * pdev, gs_param_list * plist) - cdj970->gammavalk = gammavalk; - cdj970->blackcorrect = blackcorrect; - -- return 0; -+ return code; - } - - /**********************************************************************************/ -@@ -784,47 +818,6 @@ cdj970_terminate_page(gx_device_printer * pdev, FILE * prn_stream) - fputs("\033*rC\f\033&l-2H", prn_stream); /* End Graphics, Reset */ - } - --/* cdj970_one_time_initialisation: ------------------------------------------------------------------------------------*/ --static void --cdj970_one_time_initialisation(gx_device_printer * pdev) --{ -- /* Change the margins if necessary. */ -- static const float dj_a4[4] = { -- DESKJET_MARGINS_A4 -- }; -- -- static const float dj_letter[4] = { -- DESKJET_MARGINS_LETTER -- }; -- const float *m = (float *)0; -- -- /* quality setup */ -- if (cdj970->quality == DRAFT) { -- gx_device_set_resolution((gx_device *) pdev, 300.0, 300.0); -- cdj970->xscal = 0; -- cdj970->yscal = 0; -- cdj970->intensities = 2; -- } else if (cdj970->quality == NORMAL) { -- gx_device_set_resolution((gx_device *) pdev, 600.0, 600.0); -- cdj970->xscal = 1; -- cdj970->yscal = 1; -- /* intensities = 4 from initialization */ -- } else { /* quality == PRESENTATION */ -- gx_device_set_resolution((gx_device *) pdev, 600.0, 600.0); -- cdj970->xscal = 0; -- cdj970->yscal = 0; -- /* intensities = 4 from initialization */ -- } -- -- m = (gdev_pcl_paper_size((gx_device *) pdev) == -- PAPER_SIZE_A4 ? dj_a4 : dj_letter); -- -- gx_device_set_margins((gx_device *) pdev, m, true); -- -- cdj970_write_header((gx_device *) pdev, pdev->file); --} -- - /* cdj970_print_page: Here comes the hp970 output routine - ----------------------------------------------------------------------------------*/ - static int -@@ -837,7 +830,7 @@ cdj970_print_page(gx_device_printer * pdev, FILE * prn_stream) - Gamma gamma; - - if (cdj970->PageCtr == 0 && cdj970->ptype == DJ970C) { -- cdj970_one_time_initialisation(pdev); -+ cdj970_write_header((gx_device *)pdev, prn_stream); - } - - /* make a local writable copy of the Gamma tables */ -@@ -2280,6 +2273,11 @@ cdj_set_bpp(gx_device * pdev, int bpp, int ccomps) - ci->dither_colors = (bpp >= 8 ? 5 : bpp > 1 ? 2 : 0); - } - -+ if (ci->depth != ((bpp > 1) && (bpp < 8) ? 8 : bpp)) { -+ if (pdev->is_open) -+ gs_closedevice(pdev); /* depth changed, make sure we re-open */ -+ } -+ - ci->depth = ((bpp > 1) && (bpp < 8) ? 8 : bpp); - - return (0); -@@ -2598,16 +2596,15 @@ cdj_put_param_bpp(gx_device * pdev, - gs_param_list * plist, - int new_bpp, int real_bpp, int ccomps) - { -- if (new_bpp == 0 && ccomps == 0) -- return gdev_prn_put_params(pdev, plist); -- else { -- gx_device_color_info save_info; -- int save_bpp; -- int code; -- -- save_info = pdev->color_info; -- save_bpp = save_info.depth; -+ int code = 0; -+ int save_bpp; -+ gx_device_color_info save_info; -+ save_info = pdev->color_info; -+ save_bpp = save_info.depth; - -+ if (new_bpp == 0 && ccomps == 0) { -+ code = gdev_prn_put_params(pdev, plist); -+ } else { - if (save_bpp == 8 && save_ccomps == 3 && !cprn_device->cmyk) - save_bpp = 3; - -@@ -2631,12 +2628,22 @@ cdj_put_param_bpp(gx_device * pdev, - if ((cdj970->color_info.depth != save_bpp - || (ccomps != 0 && ccomps != save_ccomps)) - && pdev->is_open) -- return (gs_closedevice(pdev)); -+ gs_closedevice(pdev); -+ } -+ -+ /* check for valid resolutions */ -+ if (pdev->HWResolution[0] != pdev->HWResolution[1] || -+ (pdev->HWResolution[0] != 300.0 && pdev->HWResolution[0] != 600.0) ) { -+ param_signal_error(plist, "HWResolution", gs_error_rangecheck); -+ emprintf1(pdev->memory, "\ncdj970: Invalid resolution: '%f'. Only 300 or 600 supported.\n\n", -+ pdev->HWResolution[0]); -+ cdj_set_bpp(pdev, save_bpp, save_ccomps); -+ return gs_error_rangecheck; -+ } -+ return code; - -- return (0); - - #undef save_ccomps -- } - } - - /* cdj970_write_header: diff --git a/ghostscript-cve-2020-16293.patch b/ghostscript-cve-2020-16293.patch deleted file mode 100644 index 21142b681802a2f69efe0780ba1e1ce7a4f3855f..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16293.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/base/gxblend.c b/base/gxblend.c -index 7c3d55b..55215d6 100644 ---- a/base/gxblend.c -+++ b/base/gxblend.c -@@ -2174,7 +2174,7 @@ pdf14_compose_group(pdf14_buf *tos, pdf14_buf *nos, pdf14_buf *maskbuf, - overprint == 0) { - /* Additive vs Subtractive makes no difference in normal blend mode with no spots */ - if (tos_isolated) { -- if (has_mask || maskbuf) {/* 7% */ -+ if (has_mask && maskbuf) {/* 7% */ - /* AirPrint test case hits this */ - if (maskbuf && maskbuf->rect.p.x <= x0 && maskbuf->rect.p.y <= y0 && - maskbuf->rect.q.x >= x1 && maskbuf->rect.q.y >= y1) diff --git a/ghostscript-cve-2020-16295.patch b/ghostscript-cve-2020-16295.patch deleted file mode 100644 index 24fc069fd31314082da9957abc8174e50009e7b1..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16295.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/devices/gdevclj.c b/devices/gdevclj.c -index bed13bc..fe17ece 100644 ---- a/devices/gdevclj.c -+++ b/devices/gdevclj.c -@@ -254,7 +254,7 @@ clj_media_size(float mediasize[2], gs_param_list *plist) - gs_param_int_array hwsize; - int have_pagesize = 0; - -- if ( (param_read_float_array(plist, "HWResolution", &fres) == 0) && -+ if ( param_read_float_array(plist, "HWResolution", &fres) != 0 || - !is_supported_resolution(fres.data) ) - return_error(gs_error_rangecheck); - diff --git a/ghostscript-cve-2020-16299.patch b/ghostscript-cve-2020-16299.patch deleted file mode 100644 index 3a9c3bd2c473f7953af0d1b2c79f62b19a47b08d..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16299.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git a/contrib/japanese/gdev10v.c b/contrib/japanese/gdev10v.c -index 5c8b7fb..53da0ec 100644 ---- a/contrib/japanese/gdev10v.c -+++ b/contrib/japanese/gdev10v.c -@@ -73,8 +73,20 @@ gx_device_procs prn_bj10v_procs = - prn_matrix_procs(gdev_prn_open, bj10v_get_initial_matrix, - gdev_prn_output_page, gdev_prn_close); - #endif -+ -+static int -+bj10v_open(gx_device * pdev) -+{ -+ if (pdev->HWResolution[0] < 180 || -+ pdev->HWResolution[1] < 180) -+ { -+ emprintf(pdev->memory, "device requires a resolution of at least 180dpi\n"); -+ return_error(gs_error_rangecheck); -+ } -+ return gdev_prn_open(pdev); -+} - gx_device_procs prn_bj10v_procs = -- prn_procs(gdev_prn_open, gdev_prn_output_page, gdev_prn_close); -+ prn_procs(bj10v_open, gdev_prn_output_page, gdev_prn_close); - - gx_device_printer gs_bj10v_device = - prn_device(prn_bj10v_procs, "bj10v", -diff --git a/contrib/japanese/gdevalps.c b/contrib/japanese/gdevalps.c -index f29aeb1..d4de619 100644 ---- a/contrib/japanese/gdevalps.c -+++ b/contrib/japanese/gdevalps.c -@@ -155,13 +155,20 @@ static const char end_md[] = { - static int - md_open(gx_device *pdev) - { -- static const float md_margins[4] = -- { MD_SIDE_MARGIN, MD_BOTTOM_MARGIN, -- MD_SIDE_MARGIN, MD_TOP_MARGIN -- }; -- -- gx_device_set_margins(pdev, md_margins, true); -- return gdev_prn_open(pdev); -+ static const float md_margins[4] = -+ { -+ MD_SIDE_MARGIN, MD_BOTTOM_MARGIN, -+ MD_SIDE_MARGIN, MD_TOP_MARGIN -+ }; -+ -+ if (pdev->HWResolution[0] != 600) -+ { -+ emprintf(pdev->memory, "device must have an X resolution of 600dpi\n"); -+ return_error(gs_error_rangecheck); -+ } -+ -+ gx_device_set_margins(pdev, md_margins, true); -+ return gdev_prn_open(pdev); - } - - /* MD5000 monochrome mode entrance. */ diff --git a/ghostscript-cve-2020-16302.patch b/ghostscript-cve-2020-16302.patch deleted file mode 100644 index bf8b4410bd73d676880ce53f433a60542c883772..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16302.patch +++ /dev/null @@ -1,228 +0,0 @@ -diff --git a/devices/gdev3852.c b/devices/gdev3852.c -index 2bee8ec..9d99068 100644 ---- a/devices/gdev3852.c -+++ b/devices/gdev3852.c -@@ -62,116 +62,117 @@ jetp3852_print_page(gx_device_printer *pdev, FILE *prn_stream) - #define DATA_SIZE (LINE_SIZE * 8) - - unsigned int cnt_2prn; -- unsigned int count,tempcnt; -- unsigned char vtp,cntc1,cntc2; -- int line_size_color_plane; -- -- byte data[DATA_SIZE]; -- byte plane_data[LINE_SIZE * 3]; -- -- /* Set initial condition for printer */ -- fputs("\033@",prn_stream); -- -- /* Send each scan line in turn */ -- { int lnum; -- int line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev); -- int num_blank_lines = 0; -- -- if (line_size > DATA_SIZE) { -- emprintf2(pdev->memory, "invalid resolution and/or width gives line_size = %d, max. is %d\n", -- line_size, DATA_SIZE); -- return_error(gs_error_rangecheck); -- } -- -- for ( lnum = 0; lnum < pdev->height; lnum++ ) -- { byte *end_data = data + line_size; -- gdev_prn_copy_scan_lines(pdev, lnum, -- (byte *)data, line_size); -- /* Remove trailing 0s. */ -- while ( end_data > data && end_data[-1] == 0 ) -- end_data--; -- if ( end_data == data ) -- { /* Blank line */ -- num_blank_lines++; -- } -- else -- { int i; -- byte *odp; -- byte *row; -- -- /* Pad with 0s to fill out the last */ -- /* block of 8 bytes. */ -- memset(end_data, 0, 7); -- -- /* Transpose the data to get pixel planes. */ -- for ( i = 0, odp = plane_data; i < DATA_SIZE; -- i += 8, odp++ -- ) -- { /* The following is for 16-bit machines */ -+ unsigned int count,tempcnt; -+ unsigned char vtp,cntc1,cntc2; -+ int line_size_color_plane; -+ -+ byte data[DATA_SIZE]; -+ byte plane_data[LINE_SIZE * 3]; -+ -+ /* Initialise data to zeros, otherwise later on, uninitialised bytes in -+ dp[] can be greater than 7, which breaks spr8[dp[]]. */ -+ memset(data, 0x00, DATA_SIZE); -+ -+ -+ /* Set initial condition for printer */ -+ fputs("\033@",prn_stream); -+ -+ /* Send each scan line in turn */ -+ { int lnum; -+ int line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev); -+ int num_blank_lines = 0; -+ -+ if (line_size > DATA_SIZE) { -+ emprintf2(pdev->memory, "invalid resolution and/or width gives line_size = %d, max. is %d\n", -+ line_size, DATA_SIZE); -+ return_error(gs_error_rangecheck); -+ } -+ -+ for ( lnum = 0; lnum < pdev->height; lnum++ ) -+ { byte *end_data = data + line_size; -+ gdev_prn_copy_scan_lines(pdev, lnum, -+ (byte *)data, line_size); -+ /* Remove trailing 0s. */ -+ while ( end_data > data && end_data[-1] == 0 ) -+ end_data--; -+ if ( end_data == data ) -+ { /* Blank line */ -+ num_blank_lines++; -+ } -+ else -+ { int i; -+ byte *odp; -+ byte *row; -+ -+ /* Transpose the data to get pixel planes. */ -+ for ( i = 0, odp = plane_data; i < DATA_SIZE; -+ i += 8, odp++ -+ ) -+ { /* The following is for 16-bit machines */ - #define spread3(c)\ - { 0, c, c*0x100, c*0x101, c*0x10000L, c*0x10001L, c*0x10100L, c*0x10101L } -- static ulong spr40[8] = spread3(0x40); -- static ulong spr8[8] = spread3(8); -- static ulong spr2[8] = spread3(2); -- register byte *dp = data + i; -- register ulong pword = -- (spr40[dp[0]] << 1) + -- (spr40[dp[1]]) + -- (spr40[dp[2]] >> 1) + -- (spr8[dp[3]] << 1) + -- (spr8[dp[4]]) + -- (spr8[dp[5]] >> 1) + -- (spr2[dp[6]]) + -- (spr2[dp[7]] >> 1); -- odp[0] = (byte)(pword >> 16); -- odp[LINE_SIZE] = (byte)(pword >> 8); -- odp[LINE_SIZE*2] = (byte)(pword); -- } -- /* Skip blank lines if any */ -- if ( num_blank_lines > 0 ) -- { -- /* Do "dot skips" */ -- while(num_blank_lines > 255) -- { -- fputs("\033e\377",prn_stream); -- num_blank_lines -= 255; -- } -- vtp = num_blank_lines; -- fprintf(prn_stream,"\033e%c",vtp); -- num_blank_lines = 0; -- } -- -- /* Transfer raster graphics in the order R, G, B. */ -- /* Apparently it is stored in B, G, R */ -- /* Calculate the amount of data to send by what */ -- /* Ghostscript tells us the scan line_size in (bytes) */ -- -- count = line_size / 3; -- line_size_color_plane = count / 3; -- cnt_2prn = line_size_color_plane * 3 + 5; -- tempcnt = cnt_2prn; -- cntc1 = (tempcnt & 0xFF00) >> 8; -- cntc2 = (tempcnt & 0x00FF); -- fprintf(prn_stream, "\033[O%c%c\200\037",cntc2,cntc1); -- fputc('\000',prn_stream); -+ static ulong spr40[8] = spread3(0x40); -+ static ulong spr8[8] = spread3(8); -+ static ulong spr2[8] = spread3(2); -+ register byte *dp = data + i; -+ register ulong pword = -+ (spr40[dp[0]] << 1) + -+ (spr40[dp[1]]) + -+ (spr40[dp[2]] >> 1) + -+ (spr8[dp[3]] << 1) + -+ (spr8[dp[4]]) + -+ (spr8[dp[5]] >> 1) + -+ (spr2[dp[6]]) + -+ (spr2[dp[7]] >> 1); -+ odp[0] = (byte)(pword >> 16); -+ odp[LINE_SIZE] = (byte)(pword >> 8); -+ odp[LINE_SIZE*2] = (byte)(pword); -+ } -+ /* Skip blank lines if any */ -+ if ( num_blank_lines > 0 ) -+ { -+ /* Do "dot skips" */ -+ while(num_blank_lines > 255) -+ { -+ fputs("\033e\377",prn_stream); -+ num_blank_lines -= 255; -+ } -+ vtp = num_blank_lines; -+ fprintf(prn_stream,"\033e%c",vtp); -+ num_blank_lines = 0; -+ } -+ -+ /* Transfer raster graphics in the order R, G, B. */ -+ /* Apparently it is stored in B, G, R */ -+ /* Calculate the amount of data to send by what */ -+ /* Ghostscript tells us the scan line_size in (bytes) */ -+ -+ count = line_size / 3; -+ line_size_color_plane = count / 3; -+ cnt_2prn = line_size_color_plane * 3 + 5; -+ tempcnt = cnt_2prn; -+ cntc1 = (tempcnt & 0xFF00) >> 8; -+ cntc2 = (tempcnt & 0x00FF); -+ fprintf(prn_stream, "\033[O%c%c\200\037",cntc2,cntc1); -+ fputc('\000',prn_stream); - fputs("\124\124",prn_stream); - -- for ( row = plane_data + LINE_SIZE * 2, i = 0; -- i < 3; row -= LINE_SIZE, i++ ) -- { int jj; -- byte ctemp; -- odp = row; -- /* Complement bytes */ -- for (jj=0; jj< line_size_color_plane; jj++) -- { ctemp = *odp; -- *odp++ = ~ctemp; -- } -- fwrite(row, sizeof(byte), -- line_size_color_plane, prn_stream); -- } -- } -- } -- } -+ for ( row = plane_data + LINE_SIZE * 2, i = 0; -+ i < 3; row -= LINE_SIZE, i++ ) -+ { int jj; -+ byte ctemp; -+ odp = row; -+ /* Complement bytes */ -+ for (jj=0; jj< line_size_color_plane; jj++) -+ { ctemp = *odp; -+ *odp++ = ~ctemp; -+ } -+ fwrite(row, sizeof(byte), -+ line_size_color_plane, prn_stream); -+ } -+ } -+ } -+ } - - /* eject page */ - fputs("\014", prn_stream); diff --git a/ghostscript-cve-2020-16304.patch b/ghostscript-cve-2020-16304.patch deleted file mode 100644 index de404aa70ac621c1d9bd3e9c7bdb8d406bf08064..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16304.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff --git a/base/gxicolor.c b/base/gxicolor.c -index 34cfaa4..585bd81 100644 ---- a/base/gxicolor.c -+++ b/base/gxicolor.c -@@ -644,16 +644,16 @@ image_render_color_thresh(gx_image_enum *penum_orig, const byte *buffer, int dat - *(devc_contone_gray+1) = *psrc_temp; - } - } else { -- /* Mono case, forward */ -- psrc_temp = psrc_cm; -- for (k=0; k= xr */ -- psrc_temp++; -+ /* Mono case, forward */ -+ psrc_temp = psrc_cm; -+ for (k=0; k= xr */ -+ psrc_temp++; - } - } - } else { -@@ -668,7 +668,7 @@ image_render_color_thresh(gx_image_enum *penum_orig, const byte *buffer, int dat - xr--; - } /* at loop exit xn will be >= xr */ - psrc_temp++; -- } -+ } - } - break; - /* Monochrome landscape */ -@@ -811,10 +811,9 @@ image_render_color_thresh(gx_image_enum *penum_orig, const byte *buffer, int dat - dda_next(dda_ht); - xn = fixed2int_var_rounded(dda_current(dda_ht)); - while (xr > xn) { -- for (j = 0; j < spp_out; j++) { -+ for (j = 0; j < spp_out; j++) - *(devc_contone[j] + position) = (psrc_plane[j])[i]; -- position -= LAND_BITS; -- } -+ position -= LAND_BITS; - xr--; - } /* at loop exit xn will be <= xr */ - i++; -@@ -825,9 +824,8 @@ image_render_color_thresh(gx_image_enum *penum_orig, const byte *buffer, int dat - and 2x scaling which we will run into in 300 and - 600dpi devices and content */ - /* Apply initial offset */ -- for (k = 0; k < spp_out; k++) { -+ for (k = 0; k < spp_out; k++) - devc_contone[k] = devc_contone[k] + position; -- } - if (src_size == dest_height) { - for (k = 0; k < data_length; k++) { - /* Is it better to unwind this? We know it is 4 */ -@@ -853,10 +851,9 @@ image_render_color_thresh(gx_image_enum *penum_orig, const byte *buffer, int dat - dda_next(dda_ht); - xn = fixed2int_var_rounded(dda_current(dda_ht)); - while (xr > xn) { -- for (j = 0; j < spp_out; j++) { -+ for (j = 0; j < spp_out; j++) - *(devc_contone[j] + position) = (psrc_plane[j])[i]; -- position -= LAND_BITS; -- } -+ position -= LAND_BITS; - xr--; - } /* at loop exit xn will be <= xr */ - i++; diff --git a/ghostscript-cve-2020-16306.patch b/ghostscript-cve-2020-16306.patch deleted file mode 100644 index 97241f033bca3d94700fbce000504b3be6ff8fe2..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16306.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/devices/gdevtsep.c b/devices/gdevtsep.c -index 6a50a4a..471fcb5 100644 ---- a/devices/gdevtsep.c -+++ b/devices/gdevtsep.c -@@ -2332,6 +2332,7 @@ tiffsep_print_page(gx_device_printer * pdev, FILE * file) - "\nUse of the %%d format is required to output more than one page to tiffsep.\n" - "See doc/Devices.htm#TIFF for details.\n\n"); - code = gs_note_error(gs_error_ioerror); -+ goto done; - } - /* Write the page directory for the CMYK equivalent file. */ - if (!tfdev->comp_file) { -@@ -2685,6 +2686,7 @@ tiffsep1_print_page(gx_device_printer * pdev, FILE * file) - "\nUse of the %%d format is required to output more than one page to tiffsep1.\n" - "See doc/Devices.htm#TIFF for details.\n\n"); - code = gs_note_error(gs_error_ioerror); -+ goto done; - } - /* If the output file is on disk and the name contains a page #, */ - /* then delete the previous file. */ diff --git a/ghostscript-cve-2020-16307.patch b/ghostscript-cve-2020-16307.patch deleted file mode 100644 index 069d8fad8f38f7910ffe7eab81251ccdc4c42edb..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16307.patch +++ /dev/null @@ -1,205 +0,0 @@ -diff --git a/devices/vector/gdevtxtw.c b/devices/vector/gdevtxtw.c -index b958027..7f02608 100644 ---- a/devices/vector/gdevtxtw.c -+++ b/devices/vector/gdevtxtw.c -@@ -1693,97 +1693,100 @@ static int get_unicode(textw_text_enum_t *penum, gs_font *font, gs_glyph glyph, - - length = font->procs.decode_glyph((gs_font *)font, glyph, ch, NULL, 0); - if (length == 0) { -- code = font->procs.glyph_name(font, glyph, &gnstr); -- if (code >= 0 && gnstr.size == 7) { -- if (!memcmp(gnstr.data, "uni", 3)) { -- static const char *hexdigits = "0123456789ABCDEF"; -- char *d0 = strchr(hexdigits, gnstr.data[3]); -- char *d1 = strchr(hexdigits, gnstr.data[4]); -- char *d2 = strchr(hexdigits, gnstr.data[5]); -- char *d3 = strchr(hexdigits, gnstr.data[6]); -- -- if (d0 != NULL && d1 != NULL && d2 != NULL && d3 != NULL) { -- *Buffer++ = ((d0 - hexdigits) << 12) + ((d1 - hexdigits) << 8) + ((d2 - hexdigits) << 4) + (d3 - hexdigits); -- return 1; -- } -- } -- } -- if (length == 0) { -- single_glyph_list_t *sentry = (single_glyph_list_t *)&SingleGlyphList; -- double_glyph_list_t *dentry = (double_glyph_list_t *)&DoubleGlyphList; -- treble_glyph_list_t *tentry = (treble_glyph_list_t *)&TrebleGlyphList; -- quad_glyph_list_t *qentry = (quad_glyph_list_t *)&QuadGlyphList; -- -- /* Search glyph to single Unicode value table */ -- while (sentry->Glyph != 0) { -- if (sentry->Glyph[0] < gnstr.data[0]) { -- sentry++; -- continue; -- } -- if (sentry->Glyph[0] > gnstr.data[0]){ -- break; -- } -- if (strlen(sentry->Glyph) == gnstr.size) { -- if(memcmp(gnstr.data, sentry->Glyph, gnstr.size) == 0) { -- *Buffer = sentry->Unicode; -+ if (glyph != GS_NO_GLYPH) { -+ code = font->procs.glyph_name(font, glyph, &gnstr); -+ if (code >= 0 && gnstr.size == 7) { -+ if (!memcmp(gnstr.data, "uni", 3)) { -+ static const char *hexdigits = "0123456789ABCDEF"; -+ char *d0 = strchr(hexdigits, gnstr.data[3]); -+ char *d1 = strchr(hexdigits, gnstr.data[4]); -+ char *d2 = strchr(hexdigits, gnstr.data[5]); -+ char *d3 = strchr(hexdigits, gnstr.data[6]); -+ -+ if (d0 != NULL && d1 != NULL && d2 != NULL && d3 != NULL) { -+ *Buffer++ = ((d0 - hexdigits) << 12) + ((d1 - hexdigits) << 8) + ((d2 - hexdigits) << 4) + (d3 - hexdigits); - return 1; - } - } -- sentry++; - } - -- /* Search glyph to double Unicode value table */ -- while (dentry->Glyph != 0) { -- if (dentry->Glyph[0] < gnstr.data[0]) { -- dentry++; -- continue; -- } -- if (dentry->Glyph[0] > gnstr.data[0]){ -- break; -- } -- if (strlen(dentry->Glyph) == gnstr.size) { -- if(memcmp(gnstr.data, dentry->Glyph, gnstr.size) == 0) { -- memcpy(Buffer, dentry->Unicode, 2); -- return 2; -+ if (length == 0) { -+ single_glyph_list_t *sentry = (single_glyph_list_t *)&SingleGlyphList; -+ double_glyph_list_t *dentry = (double_glyph_list_t *)&DoubleGlyphList; -+ treble_glyph_list_t *tentry = (treble_glyph_list_t *)&TrebleGlyphList; -+ quad_glyph_list_t *qentry = (quad_glyph_list_t *)&QuadGlyphList; -+ -+ /* Search glyph to single Unicode value table */ -+ while (sentry->Glyph != 0) { -+ if (sentry->Glyph[0] < gnstr.data[0]) { -+ sentry++; -+ continue; -+ } -+ if (sentry->Glyph[0] > gnstr.data[0]){ -+ break; -+ } -+ if (strlen(sentry->Glyph) == gnstr.size) { -+ if(memcmp(gnstr.data, sentry->Glyph, gnstr.size) == 0) { -+ *Buffer = sentry->Unicode; -+ return 1; -+ } - } -+ sentry++; - } -- dentry++; -- } - -- /* Search glyph to triple Unicode value table */ -- while (tentry->Glyph != 0) { -- if (tentry->Glyph[0] < gnstr.data[0]) { -- tentry++; -- continue; -- } -- if (tentry->Glyph[0] > gnstr.data[0]){ -- break; -- } -- if (strlen(tentry->Glyph) == gnstr.size) { -- if(memcmp(gnstr.data, tentry->Glyph, gnstr.size) == 0) { -- memcpy(Buffer, tentry->Unicode, 3); -- return 3; -+ /* Search glyph to double Unicode value table */ -+ while (dentry->Glyph != 0) { -+ if (dentry->Glyph[0] < gnstr.data[0]) { -+ dentry++; -+ continue; - } -+ if (dentry->Glyph[0] > gnstr.data[0]){ -+ break; -+ } -+ if (strlen(dentry->Glyph) == gnstr.size) { -+ if(memcmp(gnstr.data, dentry->Glyph, gnstr.size) == 0) { -+ memcpy(Buffer, dentry->Unicode, 2); -+ return 2; -+ } -+ } -+ dentry++; - } -- tentry++; -- } - -- /* Search glyph to quadruple Unicode value table */ -- while (qentry->Glyph != 0) { -- if (qentry->Glyph[0] < gnstr.data[0]) { -- qentry++; -- continue; -- } -- if (qentry->Glyph[0] > gnstr.data[0]){ -- break; -+ /* Search glyph to triple Unicode value table */ -+ while (tentry->Glyph != 0) { -+ if (tentry->Glyph[0] < gnstr.data[0]) { -+ tentry++; -+ continue; -+ } -+ if (tentry->Glyph[0] > gnstr.data[0]){ -+ break; -+ } -+ if (strlen(tentry->Glyph) == gnstr.size) { -+ if(memcmp(gnstr.data, tentry->Glyph, gnstr.size) == 0) { -+ memcpy(Buffer, tentry->Unicode, 3); -+ return 3; -+ } -+ } -+ tentry++; - } -- if (strlen(qentry->Glyph) == gnstr.size) { -- if(memcmp(gnstr.data, qentry->Glyph, gnstr.size) == 0) { -- memcpy(Buffer, qentry->Unicode, 4); -- return 4; -+ -+ /* Search glyph to quadruple Unicode value table */ -+ while (qentry->Glyph != 0) { -+ if (qentry->Glyph[0] < gnstr.data[0]) { -+ qentry++; -+ continue; -+ } -+ if (qentry->Glyph[0] > gnstr.data[0]){ -+ break; - } -+ if (strlen(qentry->Glyph) == gnstr.size) { -+ if(memcmp(gnstr.data, qentry->Glyph, gnstr.size) == 0) { -+ memcpy(Buffer, qentry->Unicode, 4); -+ return 4; -+ } -+ } -+ qentry++; - } -- qentry++; - } - } - *Buffer = fallback; -@@ -1890,8 +1893,8 @@ txtwrite_process_cmap_text(gs_text_enum_t *pte) - pte->returned.total_width.x += dpt.x; - pte->returned.total_width.y += dpt.y; - -- penum->TextBufferIndex += get_unicode(penum, (gs_font *)pte->orig_font, glyph, chr, &penum->TextBuffer[penum->TextBufferIndex]); - penum->Widths[penum->TextBufferIndex] += dpt.x; -+ penum->TextBufferIndex += get_unicode(penum, (gs_font *)pte->orig_font, glyph, chr, &penum->TextBuffer[penum->TextBufferIndex]); - break; - case 2: /* end of string */ - return 0; -diff --git a/psi/zbfont.c b/psi/zbfont.c -index 262fea9..abc03aa 100644 ---- a/psi/zbfont.c -+++ b/psi/zbfont.c -@@ -272,7 +272,7 @@ gs_font_map_glyph_to_unicode(gs_font *font, gs_glyph glyph, int ch, ushort *u, u - * can't be a default value for FontInfo.GlyphNames2Unicode . - */ - } -- if (glyph <= GS_MIN_CID_GLYPH) { -+ if (glyph <= GS_MIN_CID_GLYPH && glyph != GS_NO_GLYPH) { - UnicodeDecoding = zfont_get_to_unicode_map(font->dir); - if (UnicodeDecoding != NULL && r_type(UnicodeDecoding) == t_dictionary) - return gs_font_map_glyph_by_dict(font->memory, UnicodeDecoding, glyph, u, length); diff --git a/ghostscript-cve-2020-16310.patch b/ghostscript-cve-2020-16310.patch deleted file mode 100644 index 911220edcafa4563192b364613a976301a9850ef..0000000000000000000000000000000000000000 --- a/ghostscript-cve-2020-16310.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff --git a/devices/gdevdm24.c b/devices/gdevdm24.c -index 4736f4f..2f610cd 100644 ---- a/devices/gdevdm24.c -+++ b/devices/gdevdm24.c -@@ -51,21 +51,39 @@ static void dot24_improve_bitmap (byte *, int); - static int - dot24_print_page (gx_device_printer *pdev, FILE *prn_stream, char *init_string, int init_len) - { -- int xres = (int)pdev->x_pixels_per_inch; -- int yres = (int)pdev->y_pixels_per_inch; -- int x_high = (xres == 360); -- int y_high = (yres == 360); -- int bits_per_column = (y_high ? 48 : 24); -- uint line_size = gdev_prn_raster (pdev); -- uint in_size = line_size * bits_per_column; -- byte *in = (byte *) gs_malloc (pdev->memory, in_size, 1, "dot24_print_page (in)"); -- uint out_size = ((pdev->width + 7) & -8) * 3; -- byte *out = (byte *) gs_malloc (pdev->memory, out_size, 1, "dot24_print_page (out)"); -- int y_passes = (y_high ? 2 : 1); -- int dots_per_space = xres / 10; /* pica space = 1/10" */ -- int bytes_per_space = dots_per_space * 3; -+ int xres; -+ int yres; -+ int x_high; -+ int y_high; -+ int bits_per_column; -+ uint line_size; -+ uint in_size; -+ byte *in; -+ uint out_size; -+ byte *out; -+ int y_passes; -+ int dots_per_space; -+ int bytes_per_space; - int skip = 0, lnum = 0, ypass; - -+ xres = (int)pdev->x_pixels_per_inch; -+ yres = (int)pdev->y_pixels_per_inch; -+ x_high = (xres == 360); -+ y_high = (yres == 360); -+ dots_per_space = xres / 10; /* pica space = 1/10" */ -+ bytes_per_space = dots_per_space * 3; -+ if (bytes_per_space == 0) { -+ /* We divide by bytes_per_space later on. */ -+ return_error(gs_error_rangecheck); -+ } -+ bits_per_column = (y_high ? 48 : 24); -+ line_size = gdev_prn_raster (pdev); -+ in_size = line_size * bits_per_column; -+ in = (byte *) gs_malloc (pdev->memory, in_size, 1, "dot24_print_page (in)"); -+ out_size = ((pdev->width + 7) & -8) * 3; -+ out = (byte *) gs_malloc (pdev->memory, out_size, 1, "dot24_print_page (out)"); -+ y_passes = (y_high ? 2 : 1); -+ - /* Check allocations */ - if (in == 0 || out == 0) - { diff --git a/ghostscript.spec b/ghostscript.spec index fd1a3e1874dcf48e844b4b7397130623eeab52c3..ab1e299ca0013786713bf99cd52e3ec637592f7b 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -27,17 +27,22 @@ # tarballs, and their release tags/branches do not use the dot in version # tag. This makes obtaining the current version harder, and might prevent # automatic builds of new releases... -%global version_short %(echo "%{version}" | tr -d '.') +%global version_short %%(echo "%{version}" | tr -d '.') # Obtain the location of Google Droid fonts directory: %global google_droid_fontpath %%(dirname $(fc-list : file | grep "DroidSansFallback")) +# Desired jbig2dec header files and library version +# Apparantly, ghostscript complains even about newer versions +# Please update if needed. +%global jbig2dec_version 0.19 + # ============================================================================= Name: ghostscript Summary: Interpreter for PostScript language & PDF -Version: 9.27 -Release: 1%{?dist} +Version: 9.54.0 +Release: 7%{?dist} License: AGPLv3+ @@ -45,6 +50,12 @@ URL: https://ghostscript.com/ Source: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs%{version_short}/ghostscript-%{version}.tar.xz Requires: libgs%{?_isa} = %{version}-%{release} +Requires: jbig2dec-libs = %{jbig2dec_version} +Requires: %{name}-tools-fonts%{?_isa} = %{version}-%{release} +Requires: %{name}-tools-printing%{?_isa} = %{version}-%{release} + +Provides: ghostscript-core = %{version}-%{release} +Obsoletes: ghostscript-core < 9.53.3-6 # Auxiliary build requirements: BuildRequires: automake @@ -62,9 +73,10 @@ BuildRequires: cups-devel BuildRequires: dbus-devel BuildRequires: fontconfig-devel BuildRequires: freetype-devel -BuildRequires: jbig2dec-devel +BuildRequires: jbig2dec-devel = %{jbig2dec_version} +BuildRequires: jbig2dec-libs = %{jbig2dec_version} BuildRequires: lcms2-devel -BuildRequires: libidn-devel +BuildRequires: libidn2-devel BuildRequires: libijs-devel BuildRequires: libjpeg-turbo-devel BuildRequires: libpng-devel @@ -76,6 +88,7 @@ BuildRequires: zlib-devel # Enabling the GUI possibilities of Ghostscript: BuildRequires: gtk3-devel BuildRequires: libXt-devel +BuildRequires: make # ============================================================================= @@ -87,26 +100,15 @@ BuildRequires: libXt-devel # Upstream patches -- official upstream patches released by upstream since the # ---------------- last rebase that are necessary for any reason: #Patch000: example000.patch -Patch001: ghostscript-cve-2019-10216.patch -Patch002: ghostscript-cve-2019-14811-14812-14813.patch -Patch003: ghostscript-cve-2019-14817.patch -# fixed in 9.51 -Patch004: ghostscript-cve-2020-16290.patch -Patch005: ghostscript-cve-2020-16291.patch -Patch006: ghostscript-cve-2020-16293.patch -Patch007: ghostscript-cve-2020-16295.patch -Patch008: ghostscript-cve-2020-16299.patch -Patch009: ghostscript-cve-2020-16302.patch -Patch010: ghostscript-cve-2020-16304.patch -Patch011: ghostscript-cve-2020-16306.patch -Patch012: ghostscript-cve-2020-16307.patch -Patch013: ghostscript-cve-2020-16310.patch +Patch001: ghostscript-9.54.0-gdevtxtw-null-also-pointers.patch +Patch002: ghostscript-9.54.0-include-pipe-handle-in-validation.patch +#2032789 - coverity warnings fixes +Patch003: ghostscript-9.54.0-covscan-fixes.patch +#2049767 - CVE-2021-45949 heap-based buffer overflow in sampled_data_finish +Patch004: ghostscript-9.54.0-Fix-op-stack-management-in-sampled_data_c.patch # Downstream patches -- these should be always included when doing rebase: # ------------------ -Patch100: ghostscript-9.23-100-run-dvipdf-securely.patch - - # Downstream patches for RHEL -- patches that we keep only in RHEL for various # --------------------------- reasons, but are not enabled in Fedora: %if %{defined rhel} || %{defined centos} @@ -171,7 +173,7 @@ against Ghostscript's library, which provides Ghostscript's core functionality. %package tools-dvipdf Summary: Ghostscript's 'dvipdf' utility Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: %{_bindir}/dvips +Requires: /usr/bin/dvips %description tools-dvipdf This package provides the utility 'dvipdf' for converting of TeX DVI files into @@ -238,10 +240,7 @@ This package provides detailed documentation files for Ghostscript software. %autosetup -N -S git # Libraries that we already have packaged in Fedora (see Build Requirements): -rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib - -# Yeah, not actually needed in Fedora (^_^): -rm -rf windows +rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* leptonica libpng openjpeg tesseract tiff windows zlib # Add the remaining source code to the initial commit, patch the source code: git add --all --force . @@ -272,7 +271,7 @@ git commit --all --amend --no-edit > /dev/null # for China's GB18030 official certification: %if %{defined rhel} || %{defined centos} %configure --enable-dynamic --disable-compile-inits --without-versioned-path \ - --with-fontpath="%{urw_base35_fontpath}:%{google_droid_fontpath}:%{_datadir}/%{name}/conf.d/:%{_datadir}/fonts" + --with-fontpath="%{urw_base35_fontpath}:%{google_droid_fontpath}:%{_datadir}/%{name}/conf.d/" %else %configure --enable-dynamic --disable-compile-inits --without-versioned-path \ --with-fontpath="%{urw_base35_fontpath}:%{google_droid_fontpath}" @@ -319,7 +318,7 @@ ln -s %{_mandir}/man1/gs.1 %{buildroot}%{_mandir}/man1/ghostscript.1 # process for Ghostscript startup, and they advise using the symlinks where # possible. The fontconfig (Ghostscript's search path) should be used preferably # as a fallback only. -ln -fs %{google_droid_fontpath}/DroidSansFallback.ttf %{buildroot}%{_datadir}/%{name}/Resource/CIDFSubst/DroidSansFallback.ttf +ln -fs %{google_droid_fontpath}/DroidSansFallbackFull.ttf %{buildroot}%{_datadir}/%{name}/Resource/CIDFSubst/DroidSansFallback.ttf for font in $(basename --multiple %{buildroot}%{_datadir}/%{name}/Resource/Font/*); do ln -fs %{urw_base35_fontpath}/${font}.t1 %{buildroot}%{_datadir}/%{name}/Resource/Font/${font} @@ -440,72 +439,148 @@ done # ============================================================================= %changelog -* Tue Sep 01 2020 Anna Khaitovich - 9.27-1 -- Rebase to 9.27 -- Resolves: rhbz#1874523 - -* Tue Apr 07 2020 Zdenek Dohnal - 9.25-7 -- 1813228 - ghostscript fontconfig support broken when gs used with -dSAFER/-dPARANOIDSAFER - -* Thu Nov 07 2019 Zdenek Dohnal - 9.25-6 -- 1769343 - CVE-2019-14869 - -dSAFER escape in .charkeys - -* Thu Aug 22 2019 Martin Osvald - 9.25-5 -- Resolves: #1744011 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445) -- Resolves: #1744015 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444) -- Resolves: #1744006 - CVE-2019-14813 ghostscript: Safer Mode Bypass by .forceput Exposure in setsystemparams (701443) -- Resolves: #1744231 - CVE-2019-14817 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450) - -* Mon Aug 05 2019 Martin Osvald - 9.25-4 -- Resolves: #1737337 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394) - -* Thu Mar 28 2019 Martin Osvald - 9.25-3 -- Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector - protections for CVE-2019-6116 -- Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator - is available (700585) -- Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource - is still accessible (700576) -- fix included for ghostscript: Regression: double comment chars - '%%' in gs_init.ps leading to missing metadata -- fix for pdf2dsc regression added to allow fix for CVE-2019-3839 - -* Wed Jan 23 2019 Martin Osvald - 9.25-2 -- Resolves: #1652937 - CVE-2018-19409 ghostscript: Improperly implemented - security check in zsetdevice function in psi/zdevice.c -- Resolves: #1642586 - CVE-2018-18073 ghostscript: saved execution stacks - can leak operator arrays -- Resolves: #1642580 - CVE-2018-17961 ghostscript: saved execution stacks - can leak operator arrays (incomplete fix for CVE-2018-17183) -- Resolves: #1642941 - CVE-2018-18284 ghostscript: 1Policy operator - allows a sandbox protection bypass -- Resolves: #1656336 - CVE-2018-19134 ghostscript: Type confusion in - setpattern (700141) -- Resolves: #1660571 - CVE-2018-19475 ghostscript: access bypass in - psi/zdevice2.c (700153) -- Resolves: #1660830 - CVE-2018-19476 ghostscript: access bypass in - psi/zicc.c -- Resolves: #1661280 - CVE-2018-19477 ghostscript: access bypass in - psi/zfjbig2.c (700168) -- Resolves: #1668891 - CVE-2019-6116 ghostscript: subroutines within - pseudo-operators must themselves be pseudo-operators (700317) - -* Mon Sep 24 2018 David Kaspar [Dee'Kej] - 9.25-1 -- rebase to latest upstream version to fix issues discovered in previous CVE fixes (bug #1631701 and #1626997) - -* Fri Sep 07 2018 David Kaspar [Dee'Kej] - 9.24-1 +* Thu Feb 24 2022 Richard Lescak - 9.54.0-7 +- Fix patch for covscan issues (#2032789) + +* Tue Feb 22 2022 Richard Lescak - 9.54.0-6 +- Added fix for vulnerability CVE-2021-45949 (#2049767) + +* Mon Feb 21 2022 Richard Lescak - 9.54.0-5 +- Added coverity fixes (#2032789) + +* Thu Sep 16 2021 Richard Lescak - 9.54.0-4 +- Added fix for CVE-2021-3781 (#2002625) + +* Thu Sep 16 2021 Richard Lescak - 9.54.0-3 +- Added fix for segfault bug (#1989084) + +* Mon Aug 09 2021 Mohan Boddu - 9.54.0-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jul 26 2021 Richard Lescak - 9.54.0-1 +- Update to 9.54.0 (#1923969) + +* Thu Apr 15 2021 Mohan Boddu - 9.53.3-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 9.53.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 22 2020 Michael J Gruber - 9.53.3-4 +- Restore opvp for good (#1909950) + +* Tue Nov 24 2020 Michael J Gruber - 9.53.3-3 +- Restore opvp device (#1899885) + +* Wed Nov 04 2020 Anna Khaitovich - 9.53.3-2 +- Drop use of FT_CALLBACK_DEF() def + +* Thu Oct 08 2020 Fedora Release Monitoring - 9.53.1-3 +- Update to 9.53.3 (#1882743) + +* Tue Sep 22 2020 Anna Khaitovich - 9.53.1-2 +- Bump jbig2dec version + +* Thu Sep 10 2020 Fedora Release Monitoring - 9.53.0-1 +- Update to 9.53.1 (#1877781) + +* Mon Jul 27 2020 Anna Khaitovich - 9.52-8 +- Use libidn2 instead of libidn (fixes #1860890) + +* Thu Jul 02 2020 Michael J Gruber - 9.52-7 +- really require the exact jbig2dec version + +* Sat Jun 27 2020 Peter Robinson - 9.52-6 +- standard packages should not require -devel packages + +* Wed Jun 24 2020 Anna Khaitovich - 9.52-5 +- Require the exact jbig2dec version in both build and runtime dependencies + +* Thu May 21 2020 Anna Khaitovich - 9.52-4 +- Define %%{jbig2dec_version} global macro + +* Wed May 20 2020 Anna Khaitovich - 9.52-3 +- Require the exact jbig2dec version to avoid a mismatch between header files and library + +* Mon May 18 2020 Anna Khaitovich - 9.52-2 +- Require the exact jbig2dec-devel version + +* Thu Apr 02 2020 Zdenek Dohnal - 9.52-1 +- 9.52 + +* Wed Mar 11 2020 Zdenek Dohnal - 9.50-1 +- 9.50 + +* Tue Jan 28 2020 Fedora Release Engineering - 9.27-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Nov 14 2019 Zdenek Dohnal - 9.27-2 +- 1772486 - ghostscript: -dSAFER escape in .charkeys (701841) + +* Fri Sep 06 2019 Martin Osvald - 9.27-1 +- rebase to latest upstream version 9.27 +- security fixes added for: + - CVE-2019-14811 (bug #1747908) + - CVE-2019-14812 (bug #1747907) + - CVE-2019-14813 (bug #1747906) + - CVE-2019-14817 (bug #1747909) + +* Mon Aug 12 2019 Martin Osvald - 9.26-6 +- Fix for CVE-2019-10216 added + +* Thu Jul 25 2019 Fedora Release Engineering - 9.26-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Mar 22 2019 Martin Osvald - 9.26-4 +- Fixes for CVE-2019-3835 and CVE-2019-3838 added + +* Mon Mar 11 2019 Martin Osvald - 9.26-3 +- Fix for bug #1687144 added + +* Fri Mar 08 2019 Martin Osvald - 9.26-2 +- Fix for CVE-2019-6116 added (bug #1668888) + +* Thu Feb 07 2019 Martin Osvald - 9.26-1 +- rebase to latest upstream version 9.26 +- spec change to remove gsdoc.el due to upstream 8bc783cb586 + +* Thu Jan 31 2019 Fedora Release Engineering - 9.25-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Sep 17 2018 David Kaspar [Dee'Kej] - 9.25-1 +- rebase to latest upstream version to fix additional issues found in 9.24 + +* Fri Sep 14 2018 David Kaspar [Dee'Kej] - 9.24-3 +- ghostscript-9.24-002-icc-PermitReading.patch removed +- ghostscript-9.24-002-fix-for-Canon-and-Kyocera-printers.patch added (bug #1626818) +- ghostscript-9.24-003-CVE-2018-16802.patch added (bug #1627960) + +* Fri Sep 07 2018 Tom Callaway - 9.24-2 +- add upstream fix for reading in ICC profiles + +* Wed Sep 05 2018 David Kaspar [Dee'Kej] - 9.24-1 - rebase to latest upstream version, which contains important CVE fixes - additional ZER0-DAY fixes added -* Wed Aug 29 2018 David Kaspar [Dee'Kej] - 9.23-5 +* Wed Aug 29 2018 David Kaspar [Dee'Kej] - 9.23-7 - ghostscript-9.23-002-fixes-for-set-of-CVEs-reported-by-Google.patch added +* Mon Jul 30 2018 David Kaspar [Dee'Kej] - 9.23-6 +- ghostscript-9.23-001-create-GC-descriptors-for-JPEG-passthrough.patch added (bug #1589467) + +* Fri Jul 13 2018 Fedora Release Engineering - 9.23-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Tue May 15 2018 David Kaspar [Dee'Kej] - 9.23-4 - One more rebuild for libidn ABI fix (BZ#'s 1573961 and 1566414) * Mon May 14 2018 David Kaspar [Dee'Kej] - 9.23-3 - %%conflicts_vers bumped to fix F27->F28 upgrade +* Thu May 10 2018 Stephen Gallagher - 9.23-2.1 +- Rebuilding for libidn ABI fix (BZ#'s 1573961 and 1566414) + * Mon Apr 23 2018 David Kaspar [Dee'Kej] - 9.23-2 - Fix for CVE-2018-10194 added (bug #1569821)