Hello community,
here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2019-03-26 15:37:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
and /work/SRC/openSUSE:Factory/.ghostscript.new.25356 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript"
Tue Mar 26 15:37:17 2019 rev:38 rq:687694 version:9.26a
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2019-03-01 20:25:31.374067406 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.25356/ghostscript-mini.changes 2019-03-26 15:37:18.864374873 +0100
@@ -1,0 +2,20 @@
+Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com
+
+- Added AA rules for dvips (bsc#1127934)
+- Allow execution of dirname (bsc#1128697)
+- Allow execution of hpijs (bsc#1128467). For now this is in
+ complain mode
+- Sane profile name "ghostscript", moved profile from
+ /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript
+ (bsc#1128607)
+- Improved AA packaging (bsc#1128608)
+ Thanks to Christian Boltz for his help
+
+-------------------------------------------------------------------
+Fri Mar 8 10:49:18 UTC 2019 - Martin Wilck
+
+- Fix IJS printing problem (bsc#1128467)
+ * added ijs_exec_server_dont_use_sh.patch
+ * allow exec'ing hpijs in apparmor profile
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2019-03-12 09:48:15.227599787 +0100
+++ /work/SRC/openSUSE:Factory/.ghostscript.new.25356/ghostscript.changes 2019-03-26 15:37:19.192374743 +0100
@@ -1,0 +2,13 @@
+Thu Mar 14 08:03:24 UTC 2019 - jsegitz@suse.com
+
+- Added AA rules for dvips (bsc#1127934)
+- Allow execution of dirname (bsc#1128697)
+- Allow execution of hpijs (bsc#1128467). For now this is in
+ complain mode
+- Sane profile name "ghostscript", moved profile from
+ /etc/apparmor.d/usr.bin.gs to /etc/apparmor.d/ghostscript
+ (bsc#1128607)
+- Improved AA packaging (bsc#1128608)
+ Thanks to Christian Boltz for his help
+
+-------------------------------------------------------------------
Old:
----
apparmor_usr.bin.gs
New:
----
apparmor_ghostscript
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghostscript-mini.spec ++++++
--- /var/tmp/diff_new_pack.lT2Uxk/_old 2019-03-26 15:37:21.388373869 +0100
+++ /var/tmp/diff_new_pack.lT2Uxk/_new 2019-03-26 15:37:21.392373868 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -25,6 +25,11 @@
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: zlib-devel
+%if 0%{?suse_version} >= 1500
+BuildRequires: apparmor-abstractions
+BuildRequires: apparmor-rpm-macros
+Requires: apparmor-abstractions
+%endif
Summary: Minimal Ghostscript for minimal build requirements
License: AGPL-3.0-only
Group: System/Libraries
@@ -71,7 +76,7 @@
# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs92...
# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz
Source0: ghostscript-%{version}.tar.gz
-Source1: apparmor_usr.bin.gs
+Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream:
Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
@@ -81,6 +86,7 @@
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
Patch100: remove-zlib-h-dependency.patch
+Patch101: ijs_exec_server_dont_use_sh.patch
# RPM dependencies:
Conflicts: ghostscript
Conflicts: ghostscript-x11
@@ -146,6 +152,7 @@
# and disable remove-zlib-h-dependency.patch because
# Ghostscript 9.21 does no longer build this way:
#patch100 -p1 -b remove-zlib-h-dependency.orig
+%patch101 -p1
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig
@@ -312,9 +319,13 @@
# Switch back to the usual build log messages:
set -x
install -m 644 catalog.devices $DOCDIR
-install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.gs
+install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript
-%post -p /sbin/ldconfig
+%post
+/sbin/ldconfig
+%if 0%{?suse_version} >= 1500
+%apparmor_reload /etc/apparmor.d/ghostscript
+%endif
%postun -p /sbin/ldconfig
@@ -392,8 +403,10 @@
%{_libdir}/libgs.so.*
%{_libdir}/ghostscript/
%{_libdir}/libijs-0.35.so
+%if 0%{?suse_version} < 1500
%dir %{_sysconfdir}/apparmor.d
-%{_sysconfdir}/apparmor.d/*
+%endif
+%{_sysconfdir}/apparmor.d/ghostscript
%files devel
%defattr(-,root,root)
++++++ ghostscript.spec ++++++
--- /var/tmp/diff_new_pack.lT2Uxk/_old 2019-03-26 15:37:21.412373859 +0100
+++ /var/tmp/diff_new_pack.lT2Uxk/_new 2019-03-26 15:37:21.412373859 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -45,6 +45,11 @@
BuildRequires: xorg-x11-devel
BuildRequires: xorg-x11-fonts
BuildRequires: zlib-devel
+%if 0%{?suse_version} >= 1500
+BuildRequires: apparmor-abstractions
+BuildRequires: apparmor-rpm-macros
+Requires: apparmor-abstractions
+%endif
Summary: The Ghostscript interpreter for PostScript and PDF
License: AGPL-3.0-only
Group: System/Libraries
@@ -91,7 +96,7 @@
# wget -O gs926.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs92...
# MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz
Source0: ghostscript-%{version}.tar.gz
-Source1: apparmor_usr.bin.gs
+Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream:
Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
@@ -450,9 +455,13 @@
# Switch back to the usual build log messages:
set -x
install -m 644 catalog.devices $DOCDIR
-install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.gs
+install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript
-%post -p /sbin/ldconfig
+%post
+/sbin/ldconfig
+%if 0%{?suse_version} >= 1500
+%apparmor_reload /etc/apparmor.d/ghostscript
+%endif
%postun -p /sbin/ldconfig
@@ -531,8 +540,10 @@
%{_libdir}/ghostscript/
%{_libdir}/libijs-0.35.so
%exclude %{_libdir}/ghostscript/%{built_version}/X11.so
+%if 0%{?suse_version} < 1500
%dir %{_sysconfdir}/apparmor.d
-%{_sysconfdir}/apparmor.d/*
+%endif
+%{_sysconfdir}/apparmor.d/ghostscript
%files x11
%defattr(-,root,root)
++++++ apparmor_ghostscript ++++++
#include
# this profile is mainly intended to prevent easy exploitation of
# issues in ghostscript. This is mainly intended as a hardening
# measure and doesn't alleviate the need for regular updates
profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} {
#include
#include
#include
#include
# needed to read gc/write pdfs/eps/.. everywhere
/** wr,
/usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} mrix,
/usr/bin/dvips mrix,
/usr/lib64/ghostscript/** m,
/usr/lib64/libgs.so.* m,
/usr/lib64/libijs-* m,
/usr/bin/hpijs Cx,
profile /usr/bin/hpijs flags=(complain) {
#include
network inet dgram,
/etc/cups/cupsd.conf r,
/etc/hp/hplip.conf r,
/usr/bin/hpijs mr,
/usr/share/ghostscript/** r,
/usr/share/hplip/** r,
/usr/share/snmp/mibs/ r,
/usr/share/snmp/mibs/*.txt r,
owner /var/spool/cups/tmp/gs_?????? rw,
}
/usr/bin/basename Cx,
profile /usr/bin/basename {
#include
/usr/bin/basename mr,
}
/usr/bin/dirname Cx,
profile /usr/bin/dirname {
#include
/usr/bin/dirname mr,
}
}