---
- branch: MAIN
  date: Mon Mar 11 12:45:37 UTC 2024
  files:
  - new: '1.84'
    old: '1.83'
    path: pkgsrc/print/ghostscript-agpl/Makefile
    pathrev: pkgsrc/print/ghostscript-agpl/Makefile@1.84
    type: modified
  - new: '1.33'
    old: '1.32'
    path: pkgsrc/print/ghostscript-agpl/Makefile.common
    pathrev: pkgsrc/print/ghostscript-agpl/Makefile.common@1.33
    type: modified
  - new: '1.26'
    old: '1.25'
    path: pkgsrc/print/ghostscript-agpl/PLIST
    pathrev: pkgsrc/print/ghostscript-agpl/PLIST@1.26
    type: modified
  - new: '1.48'
    old: '1.47'
    path: pkgsrc/print/ghostscript-agpl/distinfo
    pathrev: pkgsrc/print/ghostscript-agpl/distinfo@1.48
    type: modified
  id: 20240311T124537Z.4ac550346f0e29228d5fd7359b05530b06ebc2c7
  log: "ghostscript-agpl: update to 10.03.0.\n\nVersion 10.03.0 (2024-03-06)\n\nHighlights
    in this release include:\n\n  â\x80¢ A vulnerability was identified in the way
    Ghostscript/GhostPDL called\n    tesseract for the OCR devices, which could allow
    arbitrary code execution.\n    As as result, we strongly urge anyone including
    the OCR devices in their\n    build to update as soon as possible.\n  â\x80¢ As
    of this release (10.03.0) pdfwrite creates PDF files with XRef streams\n    and
    ObjStm streams. This can result in considerably smaller PDF output\n    files.
    See Vector Devices for more details.\n  â\x80¢ Ghostscript/pdfwrite now supports
    passing through PDF \"Optional Content\".\n  â\x80¢ Our efforts in code hygiene
    and maintainability continue.\n  â\x80¢ The usual round of bug fixes, compatibility
    changes, and incremental\n    improvements.\n\nIncompatible changes\n\n  â\x80¢
    (10.03.0) Almost all the \"internal\" PostScript procedures defined during\n    the
    interpreter startup are now \"executeonly\", further reducing the attack\n    surface
    of the interpreter.\n\n    The nature of these procedures means there should be
    no impact for\n    legitimate usage, but it is possible it will impact uses which
    abuse the\n    previous accessibility (even for legitimate reasons). Such cases
    may now\n    require \"DELAYBIND\", See DELAYBIND\n  â\x80¢ (10.03.0) The \"makeimagedevice\"
    non-standard operator has been removed. It\n    allowed low level access to the
    graphics library in a way that was,\n    essentially impossible to secure.\n  â\x80¢
    (10.03.0) The \"putdeviceprops\", \"getdeviceprops\", \"finddevice\",\n    \"copydevice\",
    \"findprotodevice\" non-standard operators have all been\n    removed. They provided
    functionality that is either accessible through\n    standard operators, or should
    not be used by user PostScript.\n  â\x80¢ (10.03.0) The process of \"tidying\"
    the PostScript namespace should have\n    removed only non-standard and undocumented
    operators. Nevertheless, it is\n    possible that any integrations or utilities
    that rely on those non-standard\n    and undocumented operators may stop working
    or may change behaviour.\n\n    If you encounter such a case, please contact us
    (Discord, #ghostscript IRC\n    channel, or the gs-devel mailing list would be
    best), and we'll work with\n    you to either find an alternative solution or
    return the previous\n    functionality, if there is genuinely no other option.\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/print/ghostscript-agpl'
  unixtime: '1710161137'
  user: wiz