diff --git a/Bug-707510-3-Bounds-checks-when-using-CIDFont-relate.patch b/Bug-707510-3-Bounds-checks-when-using-CIDFont-relate.patch deleted file mode 100644 index 3807f49426e4f3feb7046888682f9c2daaa6d67f..0000000000000000000000000000000000000000 --- a/Bug-707510-3-Bounds-checks-when-using-CIDFont-relate.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 7745dbe24514710b0cfba925e608e607dee9eb0f Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Wed, 24 Jan 2024 18:25:12 +0000 -Subject: [PATCH 3/7] Bug 707510(3): Bounds checks when using CIDFont related - params -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7745dbe24514 - -Specifically, for CIDFont substitution. ---- - pdf/pdf_font.c | 45 +++++++++++++++++++++++++++++++++++++++------ - pdf/pdf_warnings.h | 2 +- - 2 files changed, 40 insertions(+), 7 deletions(-) - -diff --git a/pdf/pdf_font.c b/pdf/pdf_font.c -index fa71605..89c13ab 100644 ---- a/pdf/pdf_font.c -+++ b/pdf/pdf_font.c -@@ -228,22 +228,55 @@ pdfi_open_CIDFont_substitute_file(pdf_context * ctx, pdf_dict *font_dict, pdf_di - memcpy(fontfname, fsprefix, fsprefixlen); - } - else { -- memcpy(fontfname, ctx->args.cidsubstpath.data, ctx->args.cidsubstpath.size); -- fsprefixlen = ctx->args.cidsubstpath.size; -+ if (ctx->args.cidsubstpath.size + 1 > gp_file_name_sizeof) { -+ code = gs_note_error(gs_error_rangecheck); -+ pdfi_set_warning(ctx, code, NULL, W_PDF_BAD_CONFIG, "pdfi_open_CIDFont_substitute_file", "CIDSubstPath parameter too long"); -+ if (ctx->args.pdfstoponwarning != 0) { -+ goto exit; -+ } -+ code = 0; -+ memcpy(fontfname, fsprefix, fsprefixlen); -+ } -+ else { -+ memcpy(fontfname, ctx->args.cidsubstpath.data, ctx->args.cidsubstpath.size); -+ fsprefixlen = ctx->args.cidsubstpath.size; -+ } - } - - if (ctx->args.cidsubstfont.data == NULL) { - int len = 0; -- if (gp_getenv("CIDSUBSTFONT", (char *)0, &len) < 0 && len + fsprefixlen + 1 < gp_file_name_sizeof) { -- (void)gp_getenv("CIDSUBSTFONT", (char *)(fontfname + fsprefixlen), &defcidfallacklen); -+ if (gp_getenv("CIDSUBSTFONT", (char *)0, &len) < 0) { -+ if (len + fsprefixlen + 1 > gp_file_name_sizeof) { -+ code = gs_note_error(gs_error_rangecheck); -+ pdfi_set_warning(ctx, code, NULL, W_PDF_BAD_CONFIG, "pdfi_open_CIDFont_substitute_file", "CIDSUBSTFONT environment variable too long"); -+ if (ctx->args.pdfstoponwarning != 0) { -+ goto exit; -+ } -+ code = 0; -+ memcpy(fontfname + fsprefixlen, defcidfallack, defcidfallacklen); -+ } -+ else { -+ (void)gp_getenv("CIDSUBSTFONT", (char *)(fontfname + fsprefixlen), &defcidfallacklen); -+ } - } - else { - memcpy(fontfname + fsprefixlen, defcidfallack, defcidfallacklen); - } - } - else { -- memcpy(fontfname, ctx->args.cidsubstfont.data, ctx->args.cidsubstfont.size); -- defcidfallacklen = ctx->args.cidsubstfont.size; -+ if (ctx->args.cidsubstfont.size > gp_file_name_sizeof - 1) { -+ code = gs_note_error(gs_error_rangecheck); -+ pdfi_set_warning(ctx, code, NULL, W_PDF_BAD_CONFIG, "pdfi_open_CIDFont_substitute_file", "CIDSubstFont parameter too long"); -+ if (ctx->args.pdfstoponwarning != 0) { -+ goto exit; -+ } -+ code = 0; -+ memcpy(fontfname + fsprefixlen, defcidfallack, defcidfallacklen); -+ } -+ else { -+ memcpy(fontfname, ctx->args.cidsubstfont.data, ctx->args.cidsubstfont.size); -+ defcidfallacklen = ctx->args.cidsubstfont.size; -+ } - } - fontfname[fsprefixlen + defcidfallacklen] = '\0'; - -diff --git a/pdf/pdf_warnings.h b/pdf/pdf_warnings.h -index 21b2403..bfbc3a7 100644 ---- a/pdf/pdf_warnings.h -+++ b/pdf/pdf_warnings.h -@@ -58,5 +58,5 @@ PARAM(W_PDF_CA_OUTOFRANGE, "CA or ca value not in range 0.0 to 1.0, cla - PARAM(W_PDF_INVALID_DEFAULTSPACE, "Invalid DefaultGray, DefaultRGB or DefaultCMYK space specified, ignored."), - PARAM(W_PDF_INVALID_DECRYPT_LEN, "Invalid /Length supplied in Encryption dictionary."), - PARAM(W_PDF_INVALID_FONT_BASEENC, "Ignoring invalid BaseEncoding name in font"), -- -+PARAM(W_PDF_BAD_CONFIG, "A configuration or command line parameter was invalid or incorrect."), - #undef PARAM --- -2.43.0 - diff --git a/Bug-707510-5-2-The-original-fix-was-overly-aggressive.patch b/Bug-707510-5-2-The-original-fix-was-overly-aggressive.patch deleted file mode 100644 index ab134e7fac47c1a96fe5a96bd8efef623710a3cb..0000000000000000000000000000000000000000 --- a/Bug-707510-5-2-The-original-fix-was-overly-aggressive.patch +++ /dev/null @@ -1,215 +0,0 @@ -From 638159c43dbb48425a187d244ec288d252d0ecf4 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Wed, 31 Jan 2024 14:08:18 +0000 -Subject: [PATCH 6/7] Bug 707510(5)2: The original fix was overly aggressive -https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=638159c43dbb48425a187d244ec288d252d0ecf4 - -The way the default OCRLanguage value was set was for the relevant get_params -methods to check if the value had been set, and if not return a default value. -This could result in the first time the put_params seeing that value being after -path control has been enabled, meaning it would throw an invalidaccess error. - -This changes how we set the default: they now uses an init_device method, so -the string is populated from the device's creation. This works correctly for -both the default value, and for values set on the command line. ---- - devices/gdevocr.c | 17 ++++++++++++++++- - devices/gdevpdfocr.c | 28 ++++++++++++++++++++++------ - devices/vector/gdevpdf.c | 15 +++++++++++++++ - devices/vector/gdevpdfp.c | 3 ++- - 4 files changed, 55 insertions(+), 8 deletions(-) - -diff --git a/devices/gdevocr.c b/devices/gdevocr.c -index 7f2c6ea3b..b874525de 100644 ---- a/devices/gdevocr.c -+++ b/devices/gdevocr.c -@@ -30,6 +30,7 @@ - #define X_DPI 72 - #define Y_DPI 72 - -+static dev_proc_initialize_device(ocr_initialize_device); - static dev_proc_print_page(ocr_print_page); - static dev_proc_print_page(hocr_print_page); - static dev_proc_get_params(ocr_get_params); -@@ -55,6 +56,7 @@ ocr_initialize_device_procs(gx_device *dev) - { - gdev_prn_initialize_device_procs_gray_bg(dev); - -+ set_dev_proc(dev, initialize_device, ocr_initialize_device); - set_dev_proc(dev, open_device, ocr_open); - set_dev_proc(dev, close_device, ocr_close); - set_dev_proc(dev, get_params, ocr_get_params); -@@ -79,6 +81,7 @@ hocr_initialize_device_procs(gx_device *dev) - { - gdev_prn_initialize_device_procs_gray_bg(dev); - -+ set_dev_proc(dev, initialize_device, ocr_initialize_device); - set_dev_proc(dev, open_device, ocr_open); - set_dev_proc(dev, close_device, hocr_close); - set_dev_proc(dev, get_params, ocr_get_params); -@@ -102,6 +105,17 @@ const gx_device_ocr gs_hocr_device = - #define HOCR_HEADER "\n \n" - #define HOCR_TRAILER " \n\n" - -+static int -+ocr_initialize_device(gx_device *dev) -+{ -+ gx_device_ocr *odev = (gx_device_ocr *)dev; -+ const char *default_ocr_lang = "eng"; -+ -+ odev->language[0] = '\0'; -+ strcpy(odev->language, default_ocr_lang); -+ return 0; -+} -+ - static int - ocr_open(gx_device *pdev) - { -@@ -185,7 +199,8 @@ ocr_put_params(gx_device *dev, gs_param_list *plist) - - switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) { - case 0: -- if (pdev->memory->gs_lib_ctx->core->path_control_active) { -+ if (pdev->memory->gs_lib_ctx->core->path_control_active -+ && (strlen(pdev->language) != langstr.size || memcmp(pdev->language, langstr.data, langstr.size) != 0)) { - return_error(gs_error_invalidaccess); - } - else { -diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c -index 0d3c42d8b..f2bec1b49 100644 ---- a/devices/gdevpdfocr.c -+++ b/devices/gdevpdfocr.c -@@ -33,9 +33,9 @@ - #include "gdevpdfimg.h" - #include "tessocr.h" - --int pdf_ocr_open(gx_device *pdev); --int pdf_ocr_close(gx_device *pdev); -- -+static dev_proc_initialize_device(pdf_ocr_initialize_device); -+static dev_proc_open_device(pdf_ocr_open); -+static dev_proc_close_device(pdf_ocr_close); - - static int - pdfocr_put_some_params(gx_device * dev, gs_param_list * plist) -@@ -50,7 +50,8 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist) - - switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) { - case 0: -- if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) { -+ if (pdf_dev->memory->gs_lib_ctx->core->path_control_active -+ && (strlen(pdf_dev->ocr.language) != langstr.size || memcmp(pdf_dev->ocr.language, langstr.data, langstr.size) != 0)) { - return_error(gs_error_invalidaccess); - } - else { -@@ -152,6 +153,8 @@ pdfocr8_initialize_device_procs(gx_device *dev) - { - gdev_prn_initialize_device_procs_gray(dev); - -+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device); -+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device); - set_dev_proc(dev, open_device, pdf_ocr_open); - set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); - set_dev_proc(dev, close_device, pdf_ocr_close); -@@ -185,6 +188,7 @@ pdfocr24_initialize_device_procs(gx_device *dev) - { - gdev_prn_initialize_device_procs_rgb(dev); - -+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device); - set_dev_proc(dev, open_device, pdf_ocr_open); - set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); - set_dev_proc(dev, close_device, pdf_ocr_close); -@@ -216,6 +220,7 @@ pdfocr32_initialize_device_procs(gx_device *dev) - { - gdev_prn_initialize_device_procs_cmyk8(dev); - -+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device); - set_dev_proc(dev, open_device, pdf_ocr_open); - set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); - set_dev_proc(dev, close_device, pdf_ocr_close); -@@ -703,7 +708,18 @@ ocr_end_page(gx_device_pdf_image *dev) - return 0; - } - --int -+static int -+pdf_ocr_initialize_device(gx_device *dev) -+{ -+ gx_device_pdf_image *ppdev = (gx_device_pdf_image *)dev; -+ const char *default_ocr_lang = "eng"; -+ -+ ppdev->ocr.language[0] = '\0'; -+ strcpy(ppdev->ocr.language, default_ocr_lang); -+ return 0; -+} -+ -+static int - pdf_ocr_open(gx_device *pdev) - { - gx_device_pdf_image *ppdev; -@@ -726,7 +742,7 @@ pdf_ocr_open(gx_device *pdev) - return 0; - } - --int -+static int - pdf_ocr_close(gx_device *pdev) - { - gx_device_pdf_image *pdf_dev; -diff --git a/devices/vector/gdevpdf.c b/devices/vector/gdevpdf.c -index 6e364d1c7..042e1b4e9 100644 ---- a/devices/vector/gdevpdf.c -+++ b/devices/vector/gdevpdf.c -@@ -215,6 +215,7 @@ device_pdfwrite_finalize(const gs_memory_t *cmem, void *vpdev) - } - - /* Driver procedures */ -+static dev_proc_initialize_device(pdfwrite_initialize_device); - static dev_proc_open_device(pdf_open); - static dev_proc_output_page(pdf_output_page); - static dev_proc_close_device(pdf_close); -@@ -232,6 +233,7 @@ static dev_proc_close_device(pdf_close); - static void - pdfwrite_initialize_device_procs(gx_device *dev) - { -+ set_dev_proc(dev, initialize_device, pdfwrite_initialize_device); - set_dev_proc(dev, open_device, pdf_open); - set_dev_proc(dev, get_initial_matrix, gx_upright_get_initial_matrix); - set_dev_proc(dev, output_page, pdf_output_page); -@@ -777,6 +779,19 @@ pdf_reset_text(gx_device_pdf * pdev) - pdf_reset_text_state(pdev->text); - } - -+static int -+pdfwrite_initialize_device(gx_device *dev) -+{ -+#if OCR_VERSION > 0 -+ gx_device_pdf *pdev = (gx_device_pdf *) dev; -+ const char *default_ocr_lang = "eng"; -+ pdev->ocr_language[0] = '\0'; -+ strcpy(pdev->ocr_language, default_ocr_lang); -+#endif -+ return 0; -+} -+ -+ - /* Open the device. */ - static int - pdf_open(gx_device * dev) -diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c -index 1f7106c0b..1fdfeaef3 100644 ---- a/devices/vector/gdevpdfp.c -+++ b/devices/vector/gdevpdfp.c -@@ -472,7 +472,8 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par - gs_param_string langstr; - switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) { - case 0: -- if (pdev->memory->gs_lib_ctx->core->path_control_active) { -+ if (pdev->memory->gs_lib_ctx->core->path_control_active -+ && (strlen(pdev->ocr_language) != langstr.size || memcmp(pdev->ocr_language, langstr.data, langstr.size) != 0)) { - return_error(gs_error_invalidaccess); - } - else { --- -2.34.1 - diff --git a/Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch b/Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch deleted file mode 100644 index 171c7ee84f3eb70abf04b6254ca93ade38715423..0000000000000000000000000000000000000000 --- a/Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 3d4cfdc1a44b1969a0f14c86673a372654d443c4 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Wed, 24 Jan 2024 17:06:01 +0000 -Subject: [PATCH 5/7] Bug 707510(5): Reject OCRLanguage changes after SAFER - enabled -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3d4cfdc1a44 - -In the devices that support OCR, OCRLanguage really ought never to be set from -PostScript, so reject attempts to change it if path_control_active is true. ---- - devices/gdevocr.c | 15 ++++++++++----- - devices/gdevpdfocr.c | 15 ++++++++++----- - devices/vector/gdevpdfp.c | 15 ++++++++++----- - 3 files changed, 30 insertions(+), 15 deletions(-) - -diff --git a/devices/gdevocr.c b/devices/gdevocr.c -index 88c759c..287b74b 100644 ---- a/devices/gdevocr.c -+++ b/devices/gdevocr.c -@@ -187,11 +187,16 @@ ocr_put_params(gx_device *dev, gs_param_list *plist) - - switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) { - case 0: -- len = langstr.size; -- if (len >= sizeof(pdev->language)) -- len = sizeof(pdev->language)-1; -- memcpy(pdev->language, langstr.data, len); -- pdev->language[len] = 0; -+ if (pdev->memory->gs_lib_ctx->core->path_control_active) { -+ return_error(gs_error_invalidaccess); -+ } -+ else { -+ len = langstr.size; -+ if (len >= sizeof(pdev->language)) -+ len = sizeof(pdev->language)-1; -+ memcpy(pdev->language, langstr.data, len); -+ pdev->language[len] = 0; -+ } - break; - case 1: - break; -diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c -index ff60c12..0f3478a 100644 ---- a/devices/gdevpdfocr.c -+++ b/devices/gdevpdfocr.c -@@ -50,11 +50,16 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist) - - switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) { - case 0: -- len = langstr.size; -- if (len >= sizeof(pdf_dev->ocr.language)) -- len = sizeof(pdf_dev->ocr.language)-1; -- memcpy(pdf_dev->ocr.language, langstr.data, len); -- pdf_dev->ocr.language[len] = 0; -+ if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) { -+ return_error(gs_error_invalidaccess); -+ } -+ else { -+ len = langstr.size; -+ if (len >= sizeof(pdf_dev->ocr.language)) -+ len = sizeof(pdf_dev->ocr.language)-1; -+ memcpy(pdf_dev->ocr.language, langstr.data, len); -+ pdf_dev->ocr.language[len] = 0; -+ } - break; - case 1: - break; -diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c -index 42fa1c5..23e9bc8 100644 ---- a/devices/vector/gdevpdfp.c -+++ b/devices/vector/gdevpdfp.c -@@ -458,11 +458,16 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par - gs_param_string langstr; - switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) { - case 0: -- len = langstr.size; -- if (len >= sizeof(pdev->ocr_language)) -- len = sizeof(pdev->ocr_language)-1; -- memcpy(pdev->ocr_language, langstr.data, len); -- pdev->ocr_language[len] = 0; -+ if (pdev->memory->gs_lib_ctx->core->path_control_active) { -+ return_error(gs_error_invalidaccess); -+ } -+ else { -+ len = langstr.size; -+ if (len >= sizeof(pdev->ocr_language)) -+ len = sizeof(pdev->ocr_language)-1; -+ memcpy(pdev->ocr_language, langstr.data, len); -+ pdev->ocr_language[len] = 0; -+ } - break; - case 1: - break; --- -2.43.0 - diff --git a/Bug-707510-don-t-allow-PDF-files-with-bad-Filters-to.patch b/Bug-707510-don-t-allow-PDF-files-with-bad-Filters-to.patch deleted file mode 100644 index 68f3a2cb83a959e97230048f8d0075589aec692d..0000000000000000000000000000000000000000 --- a/Bug-707510-don-t-allow-PDF-files-with-bad-Filters-to.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 77dc7f699beba606937b7ea23b50cf5974fa64b1 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Thu, 25 Jan 2024 11:55:49 +0000 -Subject: [PATCH 2/7] Bug 707510 - don't allow PDF files with bad Filters to - overflow the debug buffer -http://www.ghostscript.com/cgi-bin/findgit.cgi?77dc7f699beba606937b7ea23b50cf5974fa64b1 - -Item #2 of the report. - -Allocate a buffer to hold the filter name, instead of assuming it will -fit in a fixed buffer. - -Reviewed all the other PDFDEBUG cases, no others use a fixed buffer like -this. ---- - pdf/pdf_file.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/pdf/pdf_file.c b/pdf/pdf_file.c -index 5698866..89298f0 100644 ---- a/pdf/pdf_file.c -+++ b/pdf/pdf_file.c -@@ -773,10 +773,14 @@ static int pdfi_apply_filter(pdf_context *ctx, pdf_dict *dict, pdf_name *n, pdf_ - - if (ctx->args.pdfdebug) - { -- char str[100]; -+ char *str; -+ str = gs_alloc_bytes(ctx->memory, n->length + 1, "temp string for debug"); -+ if (str == NULL) -+ return_error(gs_error_VMerror); - memcpy(str, (const char *)n->data, n->length); - str[n->length] = '\0'; - dmprintf1(ctx->memory, "FILTER NAME:%s\n", str); -+ gs_free_object(ctx->memory, str, "temp string for debug"); - } - - if (pdfi_name_is(n, "RunLengthDecode")) { --- -2.43.0 - diff --git a/Bug-707510-don-t-use-strlen-on-passwords.patch b/Bug-707510-don-t-use-strlen-on-passwords.patch deleted file mode 100644 index 13a15cf28f3177c06019d09c6b07a5f32f081f77..0000000000000000000000000000000000000000 --- a/Bug-707510-don-t-use-strlen-on-passwords.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 917b3a71fb20748965254631199ad98210d6c2fb Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Thu, 25 Jan 2024 11:58:22 +0000 -Subject: [PATCH 1/7] Bug 707510 - don't use strlen on passwords -http://www.ghostscript.com/cgi-bin/findgit.cgi?917b3a71fb20748965254631199ad98210d6c2fb - -Item #1 of the report. This looks like an oversight when first coding -the routine. We should use the PostScript string length, because -PostScript strings may not be NULL terminated (and as here may contain -internal NULL characters). - -Fix the R6 handler which has the same problem too. ---- - pdf/pdf_sec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pdf/pdf_sec.c b/pdf/pdf_sec.c -index fa7131f..841eb72 100644 ---- a/pdf/pdf_sec.c -+++ b/pdf/pdf_sec.c -@@ -1271,7 +1271,7 @@ static int check_password_R5(pdf_context *ctx, char *Password, int PasswordLen, - /* If the supplied Password fails as the user *and* owner password, maybe its in - * the locale, not UTF-8, try converting to UTF-8 - */ -- code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P); -+ code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P); - if (code < 0) - return code; - memcpy(P->data, Password, PasswordLen); -@@ -1318,7 +1318,7 @@ static int check_password_R6(pdf_context *ctx, char *Password, int PasswordLen, - /* If the supplied Password fails as the user *and* owner password, maybe its in - * the locale, not UTF-8, try converting to UTF-8 - */ -- code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P); -+ code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P); - if (code < 0) - return code; - memcpy(P->data, Password, PasswordLen); --- -2.43.0 - diff --git a/Bug-707510-fix-LIBIDN-usage.patch b/Bug-707510-fix-LIBIDN-usage.patch deleted file mode 100644 index 0164c646708bf04c1254169f875313182755d725..0000000000000000000000000000000000000000 --- a/Bug-707510-fix-LIBIDN-usage.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d99396635f3d6ac6a1168e1af21a669e5c8f695f Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Thu, 25 Jan 2024 12:16:56 +0000 -Subject: [PATCH 7/7] Bug 707510 - fix LIBIDN usage -http://www.ghostscript.com/cgi-bin/findgit.cgi?d99396635f3d6ac6a1168e1af21a669e5c8f695f - -This wasn't a reported fault, but it bears fixing anyway. - -In case of ignored errors, we need to return the input password. -And not free the buffer if we did that.... ---- - pdf/pdf_sec.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/pdf/pdf_sec.c b/pdf/pdf_sec.c -index 841eb72..270ed32 100644 ---- a/pdf/pdf_sec.c -+++ b/pdf/pdf_sec.c -@@ -182,8 +182,11 @@ static int apply_sasl(pdf_context *ctx, char *Password, int Len, char **NewPassw - * Fortunately, the stringprep error codes are sorted to make - * this easy: the errors we want to ignore are the ones with - * codes less than 100. */ -- if ((int)err < 100) -+ if ((int)err < 100) { -+ NewPassword = Password; -+ NewLen = Len; - return 0; -+ } - - return_error(gs_error_ioerror); - } -@@ -301,7 +304,8 @@ error: - pdfi_countdown(Key); - gs_free_object(ctx->memory, Test, "R5 password test"); - #ifdef HAVE_LIBIDN -- gs_free_object(ctx->memory, UTF8_Password, "free sasl result"); -+ if (UTF8_Password != Password) -+ gs_free_object(ctx->memory, UTF8_Password, "free sasl result"); - #endif - return code; - } --- -2.43.0 - diff --git a/Bug-707510-review-printing-of-pointers.patch b/Bug-707510-review-printing-of-pointers.patch deleted file mode 100644 index 3dd4880dfefe2d4685a97e168e6ee6fcd6315c14..0000000000000000000000000000000000000000 --- a/Bug-707510-review-printing-of-pointers.patch +++ /dev/null @@ -1,335 +0,0 @@ -From ff1013a0ab485b66783b70145e342a82c670906a Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Thu, 25 Jan 2024 11:53:44 +0000 -Subject: [PATCH 4/7] Bug 707510 - review printing of pointers -http://www.ghostscript.com/cgi-bin/findgit.cgi?ff1013a0ab485b66783b70145e342a82c670906a - -This is for item 4 of the report, which is addressed by the change in -gdevpdtb.c. That change uses a fixed name for fonts which have no name -instead of using the pointer to the address of the font. - -The remaining changes are all due to reviewing the use of PRI_INTPTR. -In general we only use that for debugging purposes but there were a few -places which were printing pointers arbitrarily, even in a release build. - -We really don't want to do that so I've modified the places which were -printing pointer unconditionally so that they only do so if DEBUG is -set at compile time, or a specific debug flag is set. ---- - base/gsfont.c | 2 +- - base/gsicc_cache.c | 6 +++--- - base/gsmalloc.c | 2 +- - base/gxclmem.c | 3 +-- - base/gxcpath.c | 4 ++++ - base/gxpath.c | 6 ++++++ - base/szlibc.c | 2 ++ - devices/gdevupd.c | 5 +++++ - devices/vector/gdevpdtb.c | 2 +- - psi/ialloc.c | 2 +- - psi/igc.c | 4 ++-- - psi/igcstr.c | 4 ++-- - psi/iinit.c | 4 ++++ - psi/imainarg.c | 3 ++- - psi/isave.c | 2 +- - psi/iutil.c | 4 ++++ - 16 files changed, 40 insertions(+), 15 deletions(-) - -diff --git a/base/gsfont.c b/base/gsfont.c -index 8e2015b..cc9af15 100644 ---- a/base/gsfont.c -+++ b/base/gsfont.c -@@ -791,7 +791,7 @@ gs_purge_font(gs_font * pfont) - else if (pdir->scaled_fonts == pfont) - pdir->scaled_fonts = next; - else { /* Shouldn't happen! */ -- lprintf1("purged font "PRI_INTPTR" not found\n", (intptr_t)pfont); -+ if_debug1m('u', pfont->memory, "purged font "PRI_INTPTR" not found\n", (intptr_t)pfont); - } - - /* Purge the font from the scaled font cache. */ -diff --git a/base/gsicc_cache.c b/base/gsicc_cache.c -index 13eb003..8dcdb71 100644 ---- a/base/gsicc_cache.c -+++ b/base/gsicc_cache.c -@@ -151,7 +151,7 @@ icc_linkcache_finalize(const gs_memory_t *mem, void *ptr) - - while (link_cache->head != NULL) { - if (link_cache->head->ref_count != 0) { -- emprintf2(mem, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", -+ if_debug2m(gs_debug_flag_icc, mem, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", - (intptr_t)link_cache->head, link_cache->head->ref_count); - link_cache->head->ref_count = 0; /* force removal */ - } -@@ -573,7 +573,7 @@ gsicc_findcachelink(gsicc_hashlink_t hash, gsicc_link_cache_t *icc_link_cache, - /* that was building it failed to be able to complete building it. Try this only - a limited number of times before we bail. */ - if (curr->valid == false) { -- emprintf1(curr->memory, "link "PRI_INTPTR" lock released, but still not valid.\n", (intptr_t)curr); /* Breakpoint here */ -+ if_debug1m(gs_debug_flag_icc, curr->memory, "link "PRI_INTPTR" lock released, but still not valid.\n", (intptr_t)curr); /* Breakpoint here */ - } - gx_monitor_enter(icc_link_cache->lock); /* re-enter to loop and check */ - } -@@ -600,7 +600,7 @@ gsicc_remove_link(gsicc_link_t *link, const gs_memory_t *memory) - /* NOTE: link->ref_count must be 0: assert ? */ - gx_monitor_enter(icc_link_cache->lock); - if (link->ref_count != 0) { -- emprintf2(memory, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", (intptr_t)link, link->ref_count); -+ if_debug2m(gs_debug_flag_icc, memory, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", (intptr_t)link, link->ref_count); - } - curr = icc_link_cache->head; - prev = NULL; -diff --git a/base/gsmalloc.c b/base/gsmalloc.c -index 63c8b6b..3182b56 100644 ---- a/base/gsmalloc.c -+++ b/base/gsmalloc.c -@@ -420,7 +420,7 @@ gs_heap_resize_string(gs_memory_t * mem, byte * data, size_t old_num, size_t new - client_name_t cname) - { - if (gs_heap_object_type(mem, data) != &st_bytes) -- lprintf2("%s: resizing non-string "PRI_INTPTR"!\n", -+ if_debug2m('a', mem, "%s: resizing non-string "PRI_INTPTR"!\n", - client_name_string(cname), (intptr_t)data); - return gs_heap_resize_object(mem, data, new_num, cname); - } -diff --git a/base/gxclmem.c b/base/gxclmem.c -index 1905a43..933cb4e 100644 ---- a/base/gxclmem.c -+++ b/base/gxclmem.c -@@ -490,8 +490,7 @@ memfile_fclose(clist_file_ptr cf, const char *fname, bool delete) - /* leaks if other users of the memfile don't 'fclose with delete=true */ - if (f->openlist != NULL || ((f->base_memfile != NULL) && f->base_memfile->is_open)) { - /* TODO: do the cleanup rather than just giving an error */ -- emprintf1(f->memory, -- "Attempt to delete a memfile still open for read: "PRI_INTPTR"\n", -+ if_debug1(':', "Attempt to delete a memfile still open for read: "PRI_INTPTR"\n", - (intptr_t)f); - return_error(gs_error_invalidfileaccess); - } else { -diff --git a/base/gxcpath.c b/base/gxcpath.c -index 437b065..a8a5504 100644 ---- a/base/gxcpath.c -+++ b/base/gxcpath.c -@@ -175,8 +175,10 @@ gx_cpath_init_contained_shared(gx_clip_path * pcpath, - { - if (shared) { - if (shared->path.segments == &shared->path.local_segments) { -+#ifdef DEBUG - lprintf1("Attempt to share (local) segments of clip path "PRI_INTPTR"!\n", - (intptr_t)shared); -+#endif - return_error(gs_error_Fatal); - } - *pcpath = *shared; -@@ -233,8 +235,10 @@ gx_cpath_init_local_shared_nested(gx_clip_path * pcpath, - if (shared) { - if ((shared->path.segments == &shared->path.local_segments) && - !safely_nested) { -+#ifdef DEBUG - lprintf1("Attempt to share (local) segments of clip path "PRI_INTPTR"!\n", - (intptr_t)shared); -+#endif - return_error(gs_error_Fatal); - } - pcpath->path = shared->path; -diff --git a/base/gxpath.c b/base/gxpath.c -index e700729..0e9dba8 100644 ---- a/base/gxpath.c -+++ b/base/gxpath.c -@@ -137,8 +137,10 @@ gx_path_init_contained_shared(gx_path * ppath, const gx_path * shared, - { - if (shared) { - if (shared->segments == &shared->local_segments) { -+#ifdef DEBUG - lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n", - (intptr_t)shared); -+#endif - return_error(gs_error_Fatal); - } - *ppath = *shared; -@@ -172,8 +174,10 @@ gx_path_alloc_shared(const gx_path * shared, gs_memory_t * mem, - ppath->procs = &default_path_procs; - if (shared) { - if (shared->segments == &shared->local_segments) { -+#ifdef DEBUG - lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n", - (intptr_t)shared); -+#endif - gs_free_object(mem, ppath, cname); - return 0; - } -@@ -203,8 +207,10 @@ gx_path_init_local_shared(gx_path * ppath, const gx_path * shared, - { - if (shared) { - if (shared->segments == &shared->local_segments) { -+#ifdef DEBUG - lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n", - (intptr_t)shared); -+#endif - return_error(gs_error_Fatal); - } - *ppath = *shared; -diff --git a/base/szlibc.c b/base/szlibc.c -index 0be3338..35a2fce 100644 ---- a/base/szlibc.c -+++ b/base/szlibc.c -@@ -110,7 +110,9 @@ s_zlib_free(void *zmem, void *data) - gs_free_object(mem, data, "s_zlib_free(data)"); - for (; ; block = block->next) { - if (block == 0) { -+#ifdef DEBUG - lprintf1("Freeing unrecorded data "PRI_INTPTR"!\n", (intptr_t)data); -+#endif - return; - } - if (block->data == data) -diff --git a/devices/gdevupd.c b/devices/gdevupd.c -index 7826507..12dfbc0 100644 ---- a/devices/gdevupd.c -+++ b/devices/gdevupd.c -@@ -1040,8 +1040,13 @@ upd_print_page(gx_device_printer *pdev, gp_file *out) - */ - if(!upd || B_OK4GO != (upd->flags & (B_OK4GO | B_ERROR))) { - #if UPD_MESSAGES & (UPD_M_ERROR | UPD_M_TOPCALLS) -+#ifdef DEBUG - errprintf(pdev->memory, "CALL-REJECTED upd_print_page(" PRI_INTPTR "," PRI_INTPTR ")\n", - (intptr_t)udev,(intptr_t) out); -+#else -+ errprintf(pdev->memory, "CALL-REJECTED upd_print_page\n", -+ (intptr_t)udev,(intptr_t) out); -+#endif - #endif - return_error(gs_error_undefined); - } -diff --git a/devices/vector/gdevpdtb.c b/devices/vector/gdevpdtb.c -index 5c8fb8d..aacbca2 100644 ---- a/devices/vector/gdevpdtb.c -+++ b/devices/vector/gdevpdtb.c -@@ -371,7 +371,7 @@ pdf_base_font_alloc(gx_device_pdf *pdev, pdf_base_font_t **ppbfont, - font_name.size -= SUBSET_PREFIX_SIZE; - } - } else { -- gs_snprintf(fnbuf, sizeof(fnbuf), ".F" PRI_INTPTR, (intptr_t)copied); -+ gs_snprintf(fnbuf, sizeof(fnbuf), "Anonymous"); - font_name.data = (byte *)fnbuf; - font_name.size = strlen(fnbuf); - } -diff --git a/psi/ialloc.c b/psi/ialloc.c -index d84ec00..85e36ac 100644 ---- a/psi/ialloc.c -+++ b/psi/ialloc.c -@@ -386,7 +386,7 @@ gs_free_ref_array(gs_ref_memory_t * mem, ref * parr, client_name_t cname) - size = num_refs * sizeof(ref); - break; - default: -- lprintf3("Unknown type 0x%x in free_ref_array(%u,"PRI_INTPTR")!", -+ if_debug3('A', "Unknown type 0x%x in free_ref_array(%u,"PRI_INTPTR")!", - r_type(parr), num_refs, (intptr_t)obj); - return; - } -diff --git a/psi/igc.c b/psi/igc.c -index 373cdcc..137783c 100644 ---- a/psi/igc.c -+++ b/psi/igc.c -@@ -1062,7 +1062,7 @@ gc_extend_stack(gc_mark_stack * pms, gc_state_t * pstate) - - if (cp == 0) { /* We were tracing outside collectible */ - /* storage. This can't happen. */ -- lprintf1("mark stack overflowed while outside collectible space at "PRI_INTPTR"!\n", -+ if_debug1('6', "mark stack overflowed while outside collectible space at "PRI_INTPTR"!\n", - (intptr_t)cptr); - gs_abort(pstate->heap); - } -@@ -1291,7 +1291,7 @@ igc_reloc_struct_ptr(const void /*obj_header_t */ *obj, gc_state_t * gcst) - - if (cp != 0 && cp->cbase <= (byte *)obj && (byte *)obj ctop) { - if (back > (cp->ctop - cp->cbase) >> obj_back_shift) { -- lprintf2("Invalid back pointer %u at "PRI_INTPTR"!\n", -+ if_debug2('6', "Invalid back pointer %u at "PRI_INTPTR"!\n", - back, (intptr_t)obj); - gs_abort(NULL); - } -diff --git a/psi/igcstr.c b/psi/igcstr.c -index 0e10f74..1bc7e7a 100644 ---- a/psi/igcstr.c -+++ b/psi/igcstr.c -@@ -152,7 +152,7 @@ gc_string_mark(const byte * ptr, uint size, bool set, gc_state_t * gcst) - return false; - #ifdef DEBUG - if (ptr < cp->ctop) { -- lprintf4("String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", -+ if_debug4('6', "String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", - (intptr_t)ptr, size, (intptr_t)cp->ctop, (intptr_t)cp->climit); - return false; - } else if (ptr + size > cp->climit) { /* -@@ -171,7 +171,7 @@ gc_string_mark(const byte * ptr, uint size, bool set, gc_state_t * gcst) - while (ptr == scp->climit && scp->outer != 0) - scp = scp->outer; - if (ptr + size > scp->climit) { -- lprintf4("String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", -+ if_debug4('6', "String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", - (intptr_t)ptr, size, - (intptr_t)scp->ctop, (intptr_t)scp->climit); - return false; -diff --git a/psi/iinit.c b/psi/iinit.c -index e347129..3371979 100644 ---- a/psi/iinit.c -+++ b/psi/iinit.c -@@ -395,8 +395,12 @@ zop_init(i_ctx_t *i_ctx_p) - if (def->proc != 0) { - code = def->proc(i_ctx_p); - if (code < 0) { -+#ifdef DEBUG - lprintf2("op_init proc "PRI_INTPTR" returned error %d!\n", - (intptr_t)def->proc, code); -+#else -+ lprintf("op_init proc returned error !\n"); -+#endif - return code; - } - } -diff --git a/psi/imainarg.c b/psi/imainarg.c -index aaf41b6..3b9efdc 100644 ---- a/psi/imainarg.c -+++ b/psi/imainarg.c -@@ -229,7 +229,8 @@ gs_main_init_with_args01(gs_main_instance * minst, int argc, char *argv[]) - if (gs_debug[':'] && !have_dumped_args) { - int i; - -- dmprintf1(minst->heap, "%% Args passed to instance "PRI_INTPTR": ", -+ if (gs_debug_c(gs_debug_flag_init_details)) -+ dmprintf1(minst->heap, "%% Args passed to instance "PRI_INTPTR": ", - (intptr_t)minst); - for (i=1; iheap, "%s ", argv[i]); -diff --git a/psi/isave.c b/psi/isave.c -index f0f3db0..d5f1448 100644 ---- a/psi/isave.c -+++ b/psi/isave.c -@@ -487,7 +487,7 @@ alloc_save_change_in(gs_ref_memory_t *mem, const ref * pcont, - else if (r_is_struct(pcont)) - cp->offset = (byte *) where - (byte *) pcont->value.pstruct; - else { -- lprintf3("Bad type %u for save! pcont = "PRI_INTPTR", where = "PRI_INTPTR"\n", -+ if_debug3('u', "Bad type %u for save! pcont = "PRI_INTPTR", where = "PRI_INTPTR"\n", - r_type(pcont), (intptr_t) pcont, (intptr_t) where); - gs_abort((const gs_memory_t *)mem); - } -diff --git a/psi/iutil.c b/psi/iutil.c -index 39a0a31..e24bbfd 100644 ---- a/psi/iutil.c -+++ b/psi/iutil.c -@@ -537,7 +537,11 @@ other: - break; - } - /* Internal operator, no name. */ -+#if DEBUG - gs_snprintf(buf, sizeof(buf), "@"PRI_INTPTR, (intptr_t) op->value.opproc); -+#else -+ gs_snprintf(buf, sizeof(buf), "@anonymous_operator", (intptr_t) op->value.opproc); -+#endif - break; - } - case t_real: --- -2.43.0 - diff --git a/CVE-2023-28879.patch b/CVE-2023-28879.patch deleted file mode 100644 index e5711a8f71ad469c0b52b76692e1ff06f4d3dfc6..0000000000000000000000000000000000000000 --- a/CVE-2023-28879.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- base/sbcp.c.orig 2020-03-19 09:21:42.000000000 +0100 -+++ base/sbcp.c 2023-04-03 12:36:26.024927229 +0200 -@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, strea - byte ch = *++p; - - if (ch <= 31 && escaped[ch]) { -+ /* Make sure we have space to store two characters in the write buffer, -+ * if we don't then exit without consuming the input character, we'll process -+ * that on the next time round. -+ */ -+ if (pw->limit - q < 2) { -+ p--; -+ break; -+ } - if (p == rlimit) { - p--; - break; diff --git a/CVE-2023-36664.patch b/CVE-2023-36664.patch deleted file mode 100644 index 3c1105c9b11244344691c196ce9610c4a6a4a1d1..0000000000000000000000000000000000000000 --- a/CVE-2023-36664.patch +++ /dev/null @@ -1,116 +0,0 @@ ---- base/gpmisc.c.orig 2022-04-04 15:48:49.000000000 +0200 -+++ base/gpmisc.c 2023-07-04 08:13:02.173325373 +0200 -@@ -1076,16 +1076,29 @@ gp_validate_path_len(const gs_memory_t * - && !memcmp(path + cdirstrl, dirsepstr, dirsepstrl)) { - prefix_len = 0; - } -- rlen = len+1; -- bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); -- if (bufferfull == NULL) -- return gs_error_VMerror; - -- buffer = bufferfull + prefix_len; -- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) -- return gs_error_invalidfileaccess; -- buffer[rlen] = 0; -+ /* "%pipe%" do not follow the normal rules for path definitions, so we -+ don't "reduce" them to avoid unexpected results -+ */ -+ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { -+ bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path"); -+ if (buffer == NULL) -+ return gs_error_VMerror; -+ memcpy(buffer, path, len); -+ buffer[len] = 0; -+ rlen = len; -+ } -+ else { -+ rlen = len+1; -+ bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); -+ if (bufferfull == NULL) -+ return gs_error_VMerror; - -+ buffer = bufferfull + prefix_len; -+ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) -+ return gs_error_invalidfileaccess; -+ buffer[rlen] = 0; -+ } - while (1) { - switch (mode[0]) - { ---- base/gslibctx.c.orig 2022-04-04 15:48:49.000000000 +0200 -+++ base/gslibctx.c 2023-07-04 08:09:47.834639430 +0200 -@@ -740,14 +740,28 @@ gs_add_control_path_len_flags(const gs_m - return gs_error_rangecheck; - } - -- rlen = len+1; -- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); -- if (buffer == NULL) -- return gs_error_VMerror; -- -- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) -- return gs_error_invalidfileaccess; -- buffer[rlen] = 0; -+ /* "%pipe%" do not follow the normal rules for path definitions, so we -+ don't "reduce" them to avoid unexpected results -+ */ -+ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { -+ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len"); -+ if (buffer == NULL) -+ return gs_error_VMerror; -+ memcpy(buffer, path, len); -+ buffer[len] = 0; -+ rlen = len; -+ } -+ else { -+ rlen = len + 1; -+ -+ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_add_control_path_len"); -+ if (buffer == NULL) -+ return gs_error_VMerror; -+ -+ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) -+ return gs_error_invalidfileaccess; -+ buffer[rlen] = 0; -+ } - - n = control->num; - for (i = 0; i < n; i++) -@@ -833,14 +847,28 @@ gs_remove_control_path_len_flags(const g - return gs_error_rangecheck; - } - -- rlen = len+1; -- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); -- if (buffer == NULL) -- return gs_error_VMerror; -- -- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) -- return gs_error_invalidfileaccess; -- buffer[rlen] = 0; -+ /* "%pipe%" do not follow the normal rules for path definitions, so we -+ don't "reduce" them to avoid unexpected results -+ */ -+ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { -+ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len"); -+ if (buffer == NULL) -+ return gs_error_VMerror; -+ memcpy(buffer, path, len); -+ buffer[len] = 0; -+ rlen = len; -+ } -+ else { -+ rlen = len+1; -+ -+ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_remove_control_path_len"); -+ if (buffer == NULL) -+ return gs_error_VMerror; -+ -+ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) -+ return gs_error_invalidfileaccess; -+ buffer[rlen] = 0; -+ } - - n = control->num; - for (i = 0; i < n; i++) { diff --git a/CVE-2023-38559.patch b/CVE-2023-38559.patch deleted file mode 100644 index 0454d6a879ad6153b7b8464fef1d2c882c95b342..0000000000000000000000000000000000000000 --- a/CVE-2023-38559.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- base/gdevdevn.c.orig 2022-04-04 15:48:49.000000000 +0200 -+++ base/gdevdevn.c 2023-07-26 11:31:03.873226054 +0200 -@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, co - byte data = *from; - - from += step; -- if (data != *from || from == end) { -+ if (from >= end || data != *from) { - if (data >= 0xc0) - gp_fputc(0xc1, file); - } else { diff --git a/backport-CVE-2023-46751.patch b/backport-CVE-2023-46751.patch deleted file mode 100644 index 1e0c31f176192715c0d53289555d53e70f38445b..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-46751.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Mon, 16 Oct 2023 16:49:40 +0100 -Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output - files - -In the device initialization redesign, tiffsep and tiffsep1 lost the requirement -for the output files to be seekable. - -Fixing that highlighted a problem with the error handling in -gdev_prn_open_printer_seekable() where closing the erroring file would leave a -dangling pointer, and lead to a crash. ---- - base/gdevprn.c | 1 + - devices/gdevtsep.c | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/base/gdevprn.c b/base/gdevprn.c -index 0491a3c6c..033632387 100644 ---- a/base/gdevprn.c -+++ b/base/gdevprn.c -@@ -1271,6 +1271,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode, - && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) { - - code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file); -+ ppdev->file = NULL; - if (code < 0) - return code; - } -diff --git a/devices/gdevtsep.c b/devices/gdevtsep.c -index 7fd3c5518..f7a1b174b 100644 ---- a/devices/gdevtsep.c -+++ b/devices/gdevtsep.c -@@ -737,6 +737,7 @@ tiffsep_initialize_device_procs(gx_device *dev) - { - gdev_prn_initialize_device_procs(dev); - -+ set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); - set_dev_proc(dev, open_device, tiffsep_prn_open); - set_dev_proc(dev, close_device, tiffsep_prn_close); - set_dev_proc(dev, map_color_rgb, tiffsep_decode_color); --- -2.34.1 diff --git a/fix-CVE-2024-29510.patch b/fix-CVE-2024-29510.patch deleted file mode 100644 index 5c6f25fafb72a506ebb1c2d821be6989a5e5d3b0..0000000000000000000000000000000000000000 --- a/fix-CVE-2024-29510.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 3b1735085ecef20b29e8db3416ab36de93e86d1f Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Thu, 21 Mar 2024 09:01:15 +0000 -Subject: [PATCH] Uniprint device - prevent string configuration changes when SAFER - -Bug #707662 - -We cannot sanitise the string arguments used by the Uniprint device -because they can potentially include anything. - -This commit ensures that these strings are locked and cannot be -changed by PostScript once SAFER is activated. Full configuration from -the command line is still possible (see the *.upp files in lib). - -This addresses CVE-2024-29510 ---- - devices/gdevupd.c | 31 +++++++++++++++++++++++++++++++ - 1 file changed, 31 insertions(+) - -diff --git a/devices/gdevupd.c b/devices/gdevupd.c -index 179c400..7826507 100644 ---- a/devices/gdevupd.c -+++ b/devices/gdevupd.c -@@ -1887,6 +1887,16 @@ out on this copies. - if(!upd_strings[i]) continue; - UPD_PARAM_READ(param_read_string,upd_strings[i],value,udev->memory); - if(0 == code) { -+ if (gs_is_path_control_active(udev->memory)) { -+ if (strings[i].size != value.size) -+ error = gs_error_invalidaccess; -+ else { -+ if (strings[i].data && memcmp(strings[i].data, value.data, strings[i].size) != 0) -+ error = gs_error_invalidaccess; -+ } -+ if (error < 0) -+ goto exit; -+ } - if(0 <= error) error |= UPD_PUT_STRINGS; - UPD_MM_DEL_PARAM(udev->memory, strings[i]); - if(!value.size) { -@@ -1904,6 +1914,26 @@ out on this copies. - if(!upd_string_a[i]) continue; - UPD_PARAM_READ(param_read_string_array,upd_string_a[i],value,udev->memory); - if(0 == code) { -+ if (gs_is_path_control_active(udev->memory)) { -+ if (string_a[i].size != value.size) -+ error = gs_error_invalidaccess; -+ else { -+ int loop; -+ for (loop = 0;loop < string_a[i].size;loop++) { -+ gs_param_string *tmp1 = (gs_param_string *)&(string_a[i].data[loop]); -+ gs_param_string *tmp2 = (gs_param_string *)&value.data[loop]; -+ -+ if (tmp1->size != tmp2->size) -+ error = gs_error_invalidaccess; -+ else { -+ if (tmp1->data && memcmp(tmp1->data, tmp2->data, tmp1->size) != 0) -+ error = gs_error_invalidaccess; -+ } -+ } -+ } -+ if (error < 0) -+ goto exit; -+ } - if(0 <= error) error |= UPD_PUT_STRING_A; - UPD_MM_DEL_APARAM(udev->memory, string_a[i]); - if(!value.size) { -@@ -2098,6 +2128,7 @@ transferred into the device-structure. In the case of "uniprint", this may - if(0 > code) error = code; - } - -+exit: - if(0 < error) { /* Actually something loaded without error */ - - if(!(upd = udev->upd)) { --- -2.27.0 - diff --git a/fix-CVE-2024-33869-second.patch b/fix-CVE-2024-33869-second.patch deleted file mode 100644 index 6be1cd71a9100339dbc2fa500de164373767e90b..0000000000000000000000000000000000000000 --- a/fix-CVE-2024-33869-second.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 77c8d6426fe91a2df8f3a37934f030ecc396cacb Mon Sep 17 00:00:00 2001 -From: zhangxingrong -Date: Fri, 12 Jul 2024 15:09:12 +0800 -Subject: [PATCH] fix for CVE-2024-33869 - -Bug 707691 part 2 -See bug thread for details - -This is the second part of the fix for CVE-2024-33869 -url:https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 ---- - base/gpmisc.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/base/gpmisc.c b/base/gpmisc.c -index cbc6139..186d9b7 100644 ---- a/base/gpmisc.c -+++ b/base/gpmisc.c -@@ -1089,6 +1089,27 @@ gp_validate_path_len(const gs_memory_t *mem, - rlen = len; - } - else { -+ char *test = (char *)path, *test1; -+ uint tlen = len, slen; -+ -+ /* Look for any pipe (%pipe% or '|' specifications between path separators -+ * Reject any path spec which has a %pipe% or '|' anywhere except at the start. -+ */ -+ while (tlen > 0) { -+ if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) { -+ code = gs_note_error(gs_error_invalidfileaccess); -+ goto exit; -+ } -+ test1 = test; -+ slen = search_separator((const char **)&test, path + len, test1, 1); -+ if(slen == 0) -+ break; -+ test += slen; -+ tlen -= test - test1; -+ if (test >= path + len) -+ break; -+ } -+ - rlen = len+1; - bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); - if (bufferfull == NULL) --- -2.43.0 - diff --git a/fix-CVE-2024-33869.patch b/fix-CVE-2024-33869.patch deleted file mode 100644 index 94cd8cb0ce60369d4c74f6117d6593f2b881c54e..0000000000000000000000000000000000000000 --- a/fix-CVE-2024-33869.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 5ae2e320d69a7d0973011796bd388cd5befa1a43 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Tue, 26 Mar 2024 12:02:57 +0000 -Subject: [PATCH] fix CVE-2024-33869 - -Part 1; when stripping a potential Current Working Dirctory specifier -from a path, make certain it really is a CWD, and not simply large -ebough to be a CWD. - -Reasons are in the bug thread, this is not (IMO) serious. - -This is part of the fix for CVE-2024-33869 ---- - base/gpmisc.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/base/gpmisc.c b/base/gpmisc.c -index f9a9230..f6b8870 100644 ---- a/base/gpmisc.c -+++ b/base/gpmisc.c -@@ -1136,8 +1136,8 @@ gp_validate_path_len(const gs_memory_t *mem, - memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl); - continue; - } -- else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) { -- buffer = bufferfull + cdirstrl + dirsepstrl; -+ else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull -+ && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) { - continue; - } - break; --- -2.27.0 - diff --git a/fix-CVE-2024-33870.patch b/fix-CVE-2024-33870.patch deleted file mode 100644 index f2f093b5e941b9716d35ef44fe50731dbdaca159..0000000000000000000000000000000000000000 --- a/fix-CVE-2024-33870.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 79aef19c685984dc3da2dc090450407d9fbcff80 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Tue, 26 Mar 2024 12:00:14 +0000 -Subject: [PATCH] fix CVE-2024-33870 - -See bug thread for details - -In addition to the noted bug; an error path (return from -gp_file_name_reduce not successful) could elad to a memory leak as we -did not free 'bufferfull'. Fix that too. - -This addresses CVE-2024-33870 ---- - base/gpmisc.c | 34 +++++++++++++++++++++++++++++++--- - 1 file changed, 31 insertions(+), 3 deletions(-) - -diff --git a/base/gpmisc.c b/base/gpmisc.c -index f6b8870..cbc6139 100644 ---- a/base/gpmisc.c -+++ b/base/gpmisc.c -@@ -1042,7 +1042,7 @@ gp_validate_path_len(const gs_memory_t *mem, - const uint len, - const char *mode) - { -- char *buffer, *bufferfull; -+ char *buffer, *bufferfull = NULL; - uint rlen; - int code = 0; - const char *cdirstr = gp_file_name_current(); -@@ -1095,8 +1095,10 @@ gp_validate_path_len(const gs_memory_t *mem, - return gs_error_VMerror; - - buffer = bufferfull + prefix_len; -- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) -- return gs_error_invalidfileaccess; -+ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) { -+ code = gs_note_error(gs_error_invalidfileaccess); -+ goto exit; -+ } - buffer[rlen] = 0; - } - while (1) { -@@ -1131,9 +1133,34 @@ gp_validate_path_len(const gs_memory_t *mem, - code = gs_note_error(gs_error_invalidfileaccess); - } - if (code < 0 && prefix_len > 0 && buffer > bufferfull) { -+ uint newlen = rlen + cdirstrl + dirsepstrl; -+ char *newbuffer; -+ int code; -+ - buffer = bufferfull; - memcpy(buffer, cdirstr, cdirstrl); - memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl); -+ -+ /* We've prepended a './' or similar for the current working directory. We need -+ * to execute file_name_reduce on that, to eliminate any '../' or similar from -+ * the (new) full path. -+ */ -+ newbuffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, newlen + 1, "gp_validate_path"); -+ if (newbuffer == NULL) { -+ code = gs_note_error(gs_error_VMerror); -+ goto exit; -+ } -+ -+ memcpy(newbuffer, buffer, rlen + cdirstrl + dirsepstrl); -+ newbuffer[newlen] = 0x00; -+ -+ code = gp_file_name_reduce(newbuffer, (uint)newlen, buffer, &newlen); -+ gs_free_object(mem->thread_safe_memory, newbuffer, "gp_validate_path"); -+ if (code != gp_combine_success) { -+ code = gs_note_error(gs_error_invalidfileaccess); -+ goto exit; -+ } -+ - continue; - } - else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull -@@ -1152,6 +1179,7 @@ gp_validate_path_len(const gs_memory_t *mem, - gs_path_control_flag_is_scratch_file); - } - -+exit: - gs_free_object(mem->thread_safe_memory, bufferfull, "gp_validate_path"); - #ifdef EACCES - if (code == gs_error_invalidfileaccess) --- -2.27.0 - diff --git a/fix-CVE-2024-33871.patch b/fix-CVE-2024-33871.patch deleted file mode 100644 index 86c637613086ebddcbe9e8b236da4c7dedc29e4c..0000000000000000000000000000000000000000 --- a/fix-CVE-2024-33871.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001 -From: Zdenek Hutyra -Date: Mon, 22 Apr 2024 13:33:47 +0100 -Subject: OPVP device - prevent unsafe parameter change with SAFER - -Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library" - -The "Driver" parameter for the "opvp"/"oprp" device specifies the name -of a dynamic library and allows any library to be loaded. - -The patch does not allow changing this parameter after activating path -control. - -This addresses CVE-2024-33871 ---- - contrib/opvp/gdevopvp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c -index 5f20cac..327152d 100644 ---- a/contrib/opvp/gdevopvp.c -+++ b/contrib/opvp/gdevopvp.c -@@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist) - code = param_read_string(plist, pname, &vdps); - switch (code) { - case 0: -+ if (gs_is_path_control_active(dev->memory) -+ && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size -+ || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) { -+ param_signal_error(plist, pname, gs_error_invalidaccess); -+ return_error(gs_error_invalidaccess); -+ } - buff = realloc(buff, vdps.size + 1); - memcpy(buff, vdps.data, vdps.size); - buff[vdps.size] = 0; --- -2.27.0 - diff --git a/fix-cve-2023-52722.patch b/fix-cve-2023-52722.patch deleted file mode 100644 index 57a80cb61f456bda300dada6a076a5132f2eaf5f..0000000000000000000000000000000000000000 --- a/fix-cve-2023-52722.patch +++ /dev/null @@ -1,39 +0,0 @@ -From afd7188f74918cb51b5fb89f52b54eb16e8acfd1 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: 2023-09-12 10:46:10 +0100 -Subject: [PATCH] In SAFER (default) don't allow eexec seeds other than the Type 1 standard - Type 1 standard - ---- - psi/zmisc1.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/psi/zmisc1.c b/psi/zmisc1.c -index 3c47e99..81556ac 100644 ---- a/psi/zmisc1.c -+++ b/psi/zmisc1.c -@@ -93,6 +93,9 @@ zexE(i_ctx_t *i_ctx_p) - - if (code < 0) - return code; -+ if (gs_is_path_control_active(imemory) != 0 && state.cstate != 55665) { -+ return_error(gs_error_rangecheck); -+ } - return filter_write(i_ctx_p, code, &s_exE_template, (stream_state *)&state, 0); - } - -@@ -130,6 +133,11 @@ zexD(i_ctx_t *i_ctx_p) - } - if (code < 0) - return code; -+ -+ if (gs_is_path_control_active(imemory) != 0 && state.cstate != 55665) { -+ return_error(gs_error_rangecheck); -+ } -+ - /* - * If we're reading a .PFB file, let the filter know about it, - * so it can read recklessly to the end of the binary section. --- -2.43.0 - diff --git a/ghostscript-9.56.1.tar.xz b/ghostscript-10.04.0.tar.xz similarity index 79% rename from ghostscript-9.56.1.tar.xz rename to ghostscript-10.04.0.tar.xz index 7b311e1885329c4dc365535d0706a273acf22605..c3b4c540f5dc7568d9d05563649f4db3e884fc5d 100644 Binary files a/ghostscript-9.56.1.tar.xz and b/ghostscript-10.04.0.tar.xz differ diff --git a/ghostscript.spec b/ghostscript.spec index 3f0dfda5716cd380dcac1957121d03b804e17503..d4df72602d4d0d8d6cc2889c5fca9d173acfaa75 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -8,62 +8,16 @@ %global google_droid_fontpath %%(dirname $(fc-list : file | grep "DroidSansFallback")) Name: ghostscript -Version: 9.56.1 -Release: 9 +Version: 10.04.0 +Release: 1 Summary: An interpreter for PostScript and PDF files License: AGPL-3.0-or-later URL: https://ghostscript.com/ Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs%{version_short}/ghostscript-%{version}.tar.xz -Patch0: ghostscript-9.23-100-run-dvipdf-securely.patch - -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=37ed5022cecd -# https://bugs.ghostscript.com/show_bug.cgi?id=706494 -# fix CVE-2023-28879 Buffer Overflow in s_xBCPE_process -Patch101: CVE-2023-28879.patch - -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=505eab7782b429017eb434b2b95120855f2b0e3c and -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d -# fix see https://bugs.ghostscript.com/show_bug.cgi?id=706761 -# "OS command injection in %pipe% access" -# and https://bugs.ghostscript.com/show_bug.cgi?id=706778 -# "%pipe% allowed_path bypass" -Patch102: CVE-2023-36664.patch - -# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 -# CVE-2023-38559.patch fix -# "out of bounds read devn_pcx_write_rle() could result in DoS" -# and https://bugs.ghostscript.com/show_bug.cgi?id=706897 -# which is in base/gdevdevn.c the same issue -# "ordering in if expression to avoid out-of-bounds access" -# as the already fixed CVE-2020-16305 in devices/gdevpcx.c -# see https://bugs.ghostscript.com/show_bug.cgi?id=701819 -Patch103: CVE-2023-38559.patch -Patch104: backport-CVE-2023-46751.patch -Patch105: fix-cve-2023-52722.patch -Patch106: fix-CVE-2024-29510.patch -Patch107: fix-CVE-2024-33869.patch -Patch108: fix-CVE-2024-33870.patch -Patch109: fix-CVE-2024-33871.patch -# https://bugs.ghostscript.com/show_bug.cgi?id=707510 -# CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29509 CVE-2024-29511 -# CVE-2024-29509 -Patch110: Bug-707510-don-t-use-strlen-on-passwords.patch -# CVE-2024-29506 -Patch111: Bug-707510-don-t-allow-PDF-files-with-bad-Filters-to.patch -# CVE-2024-29507 -Patch112: Bug-707510-3-Bounds-checks-when-using-CIDFont-relate.patch -# CVE-2024-29508 -Patch113: Bug-707510-review-printing-of-pointers.patch -# CVE-2024-29511 -Patch114: Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch -Patch115: Bug-707510-5-2-The-original-fix-was-overly-aggressive.patch - -Patch116: Bug-707510-fix-LIBIDN-usage.patch - -# See bug thread for details -#This is the second part of the fix for CVE-2024-33869 -Patch117: fix-CVE-2024-33869-second.patch +Patch0: ghostscript-9.23-100-run-dvipdf-securely.patch +# reported upstream https://bugs.ghostscript.com/show_bug.cgi?id=708044 +Patch6001: ps2epsi-permit-devices.patch BuildRequires: automake gcc BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel @@ -111,17 +65,18 @@ This package contains development files for %{name}. %package help Summary: Documents for %{name} Buildarch: noarch -Requires: man info +Requires: man Requires: %{name} = %{version}-%{release} Obsoletes: %{name}-doc < %{version}-%{release} -Provides: %{name}-doc +Provides: %{name}-doc = %{version}-%{release} %description help Man pages and other related documents for %{name}. %package tools-dvipdf Summary: Ghostscript's 'dvipdf' utility +Buildarch: noarch Requires: %{name} = %{version}-%{release} Requires: texlive-dvips @@ -130,33 +85,14 @@ This package provides the utility 'dvipdf' for converting of TeX DVI files into PDF files using Ghostscript and dvips %prep -%setup -q -n %{name}-%{version} -%patch -P0 -p1 -%patch -P101 -p0 -%patch -P102 -p0 -%patch -P103 -p0 -%patch -P104 -p1 -%patch -P105 -p1 -%patch -P106 -p1 -%patch -P107 -p1 -%patch -P108 -p1 -%patch -P109 -p1 -%patch -P110 -p1 -%patch -P111 -p1 -%patch -P112 -p1 -%patch -P113 -p1 -%patch -P114 -p1 -%patch -P115 -p1 -%patch -P116 -p1 -%patch -P117 -p1 - +%autosetup -p1 -n %{name}-%{version} # Libraries that we already have packaged(see Build Requirements): -rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib +rm -rf cups/libs expat freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib rm -rf windows %build -%configure --enable-dynamic --disable-compile-inits --without-versioned-path \ +%configure --disable-compile-inits --without-versioned-path \ --with-fontpath="%{urw_base35_fontpath}:%{google_droid_fontpath}:%{_datadir}/%{name}/conf.d/" %make_build so @@ -174,8 +110,7 @@ rm -f %{buildroot}%{_datadir}/%{name}/doc # move some files into html/ install -m 0755 -d %{buildroot}%{_docdir}/%{name}/html -cp doc/gsdoc.el %{buildroot}%{_docdir}/%{name}/ -mv -f %{buildroot}%{_docdir}/%{name}/{*.htm*,*.el,html} +mv -f %{buildroot}%{_docdir}/%{name}/{*.htm*,html} # create symlink ln -s %{_bindir}/gs %{buildroot}%{_bindir}/ghostscript @@ -200,8 +135,7 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/ %files %license LICENSE doc/COPYING -%{_datadir}/%{name}/ -%dir %{_datadir}/%{name}/conf.d/ +%{_datadir}/%{name} %{_bindir}/gs %{_bindir}/gsnd %{_bindir}/ghostscript @@ -219,21 +153,22 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/ %{_bindir}/pfbtopfa %{_bindir}/printafm %{_libdir}/libgs.so.* -%{_libdir}/%{name}/ %files devel %{_libdir}/libgs.so -%{_includedir}/%{name}/ +%{_includedir}/%{name} %files help %{_mandir}/man1/* -%lang(de) %{_mandir}/de/man1/* %doc %{_docdir}/%{name}/ %files tools-dvipdf %{_bindir}/dvipdf %changelog +* Sat Oct 12 2024 Funda Wang - 10.04.0-1 +- update to 10.04.0 + * Thu Aug 22 2024 Funda Wang - 9.56.1-9 - rebuild for new libpaper diff --git a/ghostscript.yaml b/ghostscript.yaml index 902f180d6084a735e8901d59a63731faf5ae2377..211a5f5ed15ce246f580c9c765d5c5af5ff2e02f 100644 --- a/ghostscript.yaml +++ b/ghostscript.yaml @@ -1,4 +1,4 @@ version_control: git -src_repo: http://git.ghostscript.com/ghostpdl.git +src_repo: git://git.ghostscript.com/ghostpdl.git tag_prefix: ^ghostscript- -seperator: . +separator: . diff --git a/ps2epsi-permit-devices.patch b/ps2epsi-permit-devices.patch new file mode 100644 index 0000000000000000000000000000000000000000..7bccbe5f07065f97da69081ce1799934a0003e31 --- /dev/null +++ b/ps2epsi-permit-devices.patch @@ -0,0 +1,12 @@ +diff --git a/lib/ps2epsi b/lib/ps2epsi +index dbfc9fb..0db8959 100755 +--- a/lib/ps2epsi ++++ b/lib/ps2epsi +@@ -42,6 +42,6 @@ fi + + # Note, we expect 'ps2epsi.ps' to be on one of the search paths which can be seen by: gs -h + "$GS_EXECUTABLE" -q -dNOOUTERSAVE -dNODISPLAY -dLastPage=1 -sOutputFile="${outfile}" \ +- --permit-file-all="${infile}" -- ps2epsi.ps "${infile}" 1>&2 ++ --permit-file-all="${infile}" --permit-devices="eps2write:bit" -- ps2epsi.ps "${infile}" 1>&2 + + exit 0