Hello community, here is the log from the commit of package ghostscript-library for openSUSE:Factory checked in at Wed Jun 9 17:01:34 CEST 2010. -------- --- ghostscript-library/ghostscript-library.changes 2010-05-15 14:04:29.000000000 +0200 +++ /mounts/work_src_done/STABLE/ghostscript-library/ghostscript-library.changes 2010-06-08 14:59:14.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Jun 8 14:55:24 CEST 2010 - werner@suse.de + +- Modify pdf2des to make it work with newer gv (bnc#610933) +- Compile ghostscript-library with SEARCH_HERE_FIRST=0 to close + vulnerability due reading startup file even from temporary + directories (make option -P- to the default) (bnc#608071) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- ghostscript-8.70-P-use.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript-library.spec ++++++ --- /var/tmp/diff_new_pack.F2jqGe/_old 2010-06-09 17:00:31.000000000 +0200 +++ /var/tmp/diff_new_pack.F2jqGe/_new 2010-06-09 17:00:31.000000000 +0200 @@ -65,7 +65,7 @@ Summary: Necessary Files for Running Ghostscript %endif Version: 8.70 -Release: 8 +Release: 9 License: GPLv3 Source0: ghostscript-8.70.tar.bz2 Source1: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/current/ghostscript-fonts-std-8.11.tar.bz2 @@ -128,6 +128,7 @@ Patch55: gs-8.70-implicit-fortify-decl.patch Patch56: ghostscript-8.70-bnc592279.dif Patch57: ghostscript-8.70-png_sig_check.dif +Patch58: ghostscript-8.70-P-use.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %suse_version > 1010 %define xfontdir /usr/share/fonts @@ -333,7 +334,7 @@ %package -n libgimpprint License: GPLv2+ Version: 4.2.7 -Release: 323 +Release: 324 Summary: Gimp-Print libraries Group: Development/Libraries/C and C++ @@ -349,7 +350,7 @@ %package -n libgimpprint-devel License: GPLv2+ Version: 4.2.7 -Release: 323 +Release: 324 PreReq: %install_info_prereq Requires: libgimpprint = %{version} Requires: glibc-devel @@ -457,6 +458,7 @@ %patch55 -p1 %patch56 -p0 %patch57 -p0 +%patch58 -p0 %build test ! -f /.buildenv || . /.buildenv @@ -737,18 +739,20 @@ popd %endif make so EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" \ - GSSOC_XENAME='$(GS)$(XE)' GS_XE='' + GSSOC_XENAME='$(GS)$(XE)' GS_XE='' SEARCH_HERE_FIRST=0 if test -x sobin/gsc ; then ln sobin/gsc sobin/gs fi if test -n "$SHARED_DEVS" ; then - make ${SHARED_DEVS} EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" + make ${SHARED_DEVS} EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" \ + SEARCH_HERE_FIRST=0 fi make pcl3opts LD_LIBRARY_PATH=${PWD}/sobin:${PWD}/soobj:${PWD}/obj:${PWD}/stp/src/main/.libs \ /bin/bash %{S:51} > bin/catalog.devices %else - make EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" + make EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" \ + SEARCH_HERE_FIRST=1
bin/catalog.devices %endif #
++++++ ghostscript-mini.spec ++++++ --- /var/tmp/diff_new_pack.F2jqGe/_old 2010-06-09 17:00:31.000000000 +0200 +++ /var/tmp/diff_new_pack.F2jqGe/_new 2010-06-09 17:00:31.000000000 +0200 @@ -19,6 +19,7 @@ Name: ghostscript-mini +#!BuildIgnore: texlive-jadetex %if "%name" != "ghostscript-mini" BuildRequires: cups-devel cups-libs dos2unix ed fontconfig-devel gcc-c++ glib2-devel libpng-devel libtiff-devel libxml2-devel t1utils xorg-x11-devel zlib-devel %if %suse_version > 1020 @@ -64,7 +65,7 @@ Summary: Necessary Files for Running Ghostscript %endif Version: 8.70 -Release: 8 +Release: 9 License: GPLv3 Source0: ghostscript-8.70.tar.bz2 Source1: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/current/ghostscript-fonts-std-8.11.tar.bz2 @@ -332,7 +333,7 @@ %package -n libgimpprint License: GPLv2+ Version: 4.2.7 -Release: 323 +Release: 324 Summary: Gimp-Print libraries Group: Development/Libraries/C and C++ @@ -348,7 +349,7 @@ %package -n libgimpprint-devel License: GPLv2+ Version: 4.2.7 -Release: 323 +Release: 324 PreReq: %install_info_prereq Requires: libgimpprint = %{version} Requires: glibc-devel @@ -736,18 +737,20 @@ popd %endif make so EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" \ - GSSOC_XENAME='$(GS)$(XE)' GS_XE='' + GSSOC_XENAME='$(GS)$(XE)' GS_XE='' SEARCH_HERE_FIRST=0 if test -x sobin/gsc ; then ln sobin/gsc sobin/gs fi if test -n "$SHARED_DEVS" ; then - make ${SHARED_DEVS} EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" + make ${SHARED_DEVS} EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" \ + SEARCH_HERE_FIRST=0 fi make pcl3opts LD_LIBRARY_PATH=${PWD}/sobin:${PWD}/soobj:${PWD}/obj:${PWD}/stp/src/main/.libs \ /bin/bash %{S:51} > bin/catalog.devices %else - make EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" + make EXTRADEVS="$EXTRADEVS" EXTEND_NAMES=$EXTEND_NAMES STATIC_DEVS="$STATIC_DEVS" \ + SEARCH_HERE_FIRST=1
bin/catalog.devices %endif #
++++++ ghostscript-8.70-P-use.dif ++++++ --- doc/Use.htm +++ doc/Use.htm 2010-06-02 11:02:47.000000000 +0200 @@ -833,8 +833,8 @@ file name specifies an absolute path. using the name given. Otherwise it tries directories in this order: <ol> -<li>The current directory (unless disabled by the -<a href="#P-_switch"><code>-P-</code> switch</a>); +<li>The current directory only if enabled by the +<a href="#P_switch"><code>-P</code> switch</a>; <li>The directories specified by <a href="#I_switch"><code>-I</code> switches</a> in the command line, if any; @@ -857,13 +857,14 @@ into the executable ; directory or a list of directories separated by a character appropriate for the operating system ("<code>:</code>" on Unix systems, "<code>,</code>" on VMS systems, and -"<code>;</code>" on MS Windows systems). We think that trying -the current directory first is a very bad idea -- it opens serious security -loopholes and can lead to very confusing errors if one has more than one -version of Ghostscript in one's environment -- but when we attempted to -change it, users insisted that we change it back. You can disable looking -in the current directory first by using the -<a href="#P_switch"><code>-P-</code> switch</a>. +"<code>;</code>" on MS Windows systems). + +<p> +Trying the current directory first is a very bad idea -- it opens serious +security loopholes and can lead to very confusing errors if one has more +than one version of Ghostscript in one's environment. +You can enable looking in the current directory first by using the +<a href="#P_switch"><code>-P</code> switch</a>. <p> Note that Ghostscript does not use this file searching algorithm for the @@ -2071,14 +2072,14 @@ for library files. <dl> <dt><a name="P_switch"></a><code>-P</code> <dd>Makes Ghostscript look first in the current directory for library -files. This is currently the default. +files. </dl> <dl> <dt><a name="P-_switch"></a><code>-P-</code> <dd>Makes Ghostscript <b><em>not</em></b> look first in the current directory for library files (unless, of course, the first explicitly -supplied directory is "<code>.</code>"). +supplied directory is "<code>.</code>"). This is the default. </dl> <h4><a name="Parameters"></a>Setting parameters</h4> ++++++ ghostscript-8.70.dif ++++++ --- /var/tmp/diff_new_pack.F2jqGe/_old 2010-06-09 17:00:31.000000000 +0200 +++ /var/tmp/diff_new_pack.F2jqGe/_new 2010-06-09 17:00:31.000000000 +0200 @@ -1189,6 +1189,33 @@ -exec "$GS_EXECUTABLE" -q -dNODISPLAY $OPTIONS -- "`dirname $0`/dumphint.ps" "$1" +exec "$GS_EXECUTABLE" -q -dNODISPLAY $OPTIONS -- "`dirname $0`/dumphint.ps" ${1+"$@"} +--- lib/pdf2dsc ++++ lib/pdf2dsc 2010-06-08 12:49:34.415425030 +0000 +@@ -22,6 +22,16 @@ usage() { + exit 1 + } + ++OPTIONS="" ++while true ++do ++ case "$1" in ++ -?*) OPTIONS="${OPTIONS:+$OPTIONS }$1" ;; ++ *) break ;; ++ esac ++ shift ++done ++ + if [ $# -gt 2 ] + then + usage +@@ -31,5 +41,5 @@ pdffile=$1 + dscfile=$2 + : ${dscfile:=`echo $pdffile | sed 's,\.[^/.]*,,'`.dsc} + +-exec "$GS_EXECUTABLE" -q -dNODISPLAY -dSAFER -dDELAYSAFER\ +- -sPDFname="$pdffile" -sDSCname="$dscfile" pdf2dsc.ps -c quit ++exec "$GS_EXECUTABLE" -q -dNODISPLAY -P- -dSAFER -dDELAYSAFER $OPTIONS \ ++ -sPDFname="$pdffile" -sDSCname="$dscfile" pdf2dsc.ps $OPTIONS -c quit --- lib/ps2epsi +++ lib/ps2epsi 2008-02-21 14:55:26.000000000 +0000 @@ -10,14 +10,10 @@ if test ! -x "$gs"; then @@ -1208,6 +1235,40 @@ (umask 077 && mkdir "$tmpdir") if test ! -d "$tmpdir"; then echo "failed: could not create temporary file" +--- lib/pdf2ps ++++ lib/pdf2ps 2010-06-08 12:48:25.727425083 +0000 +@@ -15,7 +15,7 @@ OPTIONS="" + while true + do + case "$1" in +- -?*) OPTIONS="$OPTIONS $1" ;; ++ -?*) OPTIONS="${OPTIONS:+$OPTIONS }$1" ;; + *) break ;; + esac + shift +@@ -35,4 +35,4 @@ fi + # Doing an initial 'save' helps keep fonts from being flushed between pages. + # We have to include the options twice because -I only takes effect if it + # appears before other options. +-exec "$GS_EXECUTABLE" $OPTIONS -q -dNOPAUSE -dBATCH -dSAFER -sDEVICE=pswrite "-sOutputFile=$outfile" $OPTIONS -c save pop -f "$1" ++exec "$GS_EXECUTABLE" $OPTIONS -q -dNOPAUSE -dBATCH -P- -dSAFER -sDEVICE=pswrite "-sOutputFile=$outfile" $OPTIONS -c save pop -f "$1" +--- lib/ps2pdfwr ++++ lib/ps2pdfwr 2010-06-08 12:51:50.242925047 +0000 +@@ -15,7 +15,7 @@ OPTIONS="-dSAFER" + while true + do + case "$1" in +- -?*) OPTIONS="$OPTIONS $1" ;; ++ -?*) OPTIONS="${OPTIONS:+OPTIONS }$1" ;; + *) break ;; + esac + shift +@@ -42,4 +42,4 @@ fi + + # We have to include the options twice because -I only takes effect if it + # appears before other options. +-exec "$GS_EXECUTABLE" $OPTIONS -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr "-sOutputFile=$outfile" $OPTIONS -c .setpdfwrite -f "$infile" ++exec "$GS_EXECUTABLE" $OPTIONS -q -P- -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr "-sOutputFile=$outfile" $OPTIONS -c .setpdfwrite -f "$infile" --- psi/iinit.c +++ psi/iinit.c 2008-02-21 14:55:33.000000000 +0000 @@ -44,29 +44,29 @@ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org