ghostscript-agpl: update to 10.03.0.
Version 10.03.0 (2024-03-06)
Highlights in this release include:
• A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
As as result, we strongly urge anyone including the OCR devices in their
build to update as soon as possible.
• As of this release (10.03.0) pdfwrite creates PDF files with XRef streams
and ObjStm streams. This can result in considerably smaller PDF output
files. See Vector Devices for more details.
• Ghostscript/pdfwrite now supports passing through PDF "Optional Content".
• Our efforts in code hygiene and maintainability continue.
• The usual round of bug fixes, compatibility changes, and incremental
improvements.
Incompatible changes
• (10.03.0) Almost all the "internal" PostScript procedures defined during
the interpreter startup are now "executeonly", further reducing the attack
surface of the interpreter.
The nature of these procedures means there should be no impact for
legitimate usage, but it is possible it will impact uses which abuse the
previous accessibility (even for legitimate reasons). Such cases may now
require "DELAYBIND", See DELAYBIND
• (10.03.0) The "makeimagedevice" non-standard operator has been removed. It
allowed low level access to the graphics library in a way that was,
essentially impossible to secure.
• (10.03.0) The "putdeviceprops", "getdeviceprops", "finddevice",
"copydevice", "findprotodevice" non-standard operators have all been
removed. They provided functionality that is either accessible through
standard operators, or should not be used by user PostScript.
• (10.03.0) The process of "tidying" the PostScript namespace should have
removed only non-standard and undocumented operators. Nevertheless, it is
possible that any integrations or utilities that rely on those non-standard
and undocumented operators may stop working or may change behaviour.
If you encounter such a case, please contact us (Discord, #ghostscript IRC
channel, or the gs-devel mailing list would be best), and we'll work with
you to either find an alternative solution or return the previous
functionality, if there is genuinely no other option.
(wiz)
diff -r1.83 -r1.84 pkgsrc/print/ghostscript-agpl/Makefile| @@ -1,18 +1,17 @@ | @@ -1,18 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.83 2023/11/13 18:26:25 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.84 2024/03/11 12:45:37 wiz Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= ghostscript-${GS_VERSION} | 3 | DISTNAME= ghostscript-${GS_VERSION} | |
| 4 | PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-agpl/} | 4 | PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-agpl/} | |
| 5 | PKGREVISION= 2 | |||
| 6 | CATEGORIES= print | 5 | CATEGORIES= print | |
| 7 | MASTER_SITES= ${MASTER_SITE_GITHUB:=ArtifexSoftware/} | 6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=ArtifexSoftware/} | |
| 8 | GITHUB_PROJECT= ghostpdl-downloads | 7 | GITHUB_PROJECT= ghostpdl-downloads | |
| 9 | GITHUB_RELEASE= gs${GS_VERSION:S/.//g} | 8 | GITHUB_RELEASE= gs${GS_VERSION:S/.//g} | |
| 10 | EXTRACT_SUFX= .tar.xz | 9 | EXTRACT_SUFX= .tar.xz | |
| 11 | 10 | |||
| 12 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 13 | HOMEPAGE= https://ghostscript.com/ | 12 | HOMEPAGE= https://ghostscript.com/ | |
| 14 | COMMENT= Postscript interpreter | 13 | COMMENT= Postscript interpreter | |
| 15 | 14 | |||
| 16 | # Upstream calls this "GPL Ghostscript", which is confusing; | 15 | # Upstream calls this "GPL Ghostscript", which is confusing; | |
| 17 | # see https://bugs.ghostscript.com/show_bug.cgi?id=700877 | 16 | # see https://bugs.ghostscript.com/show_bug.cgi?id=700877 | |
| 18 | # Plus adobe verbatim for Resources/CMap. | 17 | # Plus adobe verbatim for Resources/CMap. |
| @@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
| 1 | # $NetBSD: Makefile.common,v 1.32 2023/11/03 09:14:16 adam Exp $ | 1 | # $NetBSD: Makefile.common,v 1.33 2024/03/11 12:45:37 wiz Exp $ | |
| 2 | # used by print/ghostscript-agpl/Makefile | 2 | # used by print/ghostscript-agpl/Makefile | |
| 3 | # used by fonts/ghostscript-cidfonts-ryumin/Makefile | 3 | # used by fonts/ghostscript-cidfonts-ryumin/Makefile | |
| 4 | 4 | |||
| 5 | GS_VERSION= 10.02.1 | 5 | GS_VERSION= 10.03.0 |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.25 2023/10/23 10:59:33 adam Exp $ | 1 | @comment $NetBSD: PLIST,v 1.26 2024/03/11 12:45:37 wiz Exp $ | |
| 2 | bin/dvipdf | 2 | bin/dvipdf | |
| 3 | bin/eps2eps | 3 | bin/eps2eps | |
| 4 | bin/gs | 4 | bin/gs | |
| 5 | bin/gsbj | 5 | bin/gsbj | |
| 6 | bin/gsc | 6 | bin/gsc | |
| 7 | bin/gsdj | 7 | bin/gsdj | |
| 8 | bin/gsdj500 | 8 | bin/gsdj500 | |
| 9 | bin/gslj | 9 | bin/gslj | |
| 10 | bin/gslp | 10 | bin/gslp | |
| 11 | bin/gsnd | 11 | bin/gsnd | |
| 12 | bin/gsx | 12 | bin/gsx | |
| 13 | bin/lprsetup.sh | 13 | bin/lprsetup.sh | |
| 14 | bin/pdf2dsc | 14 | bin/pdf2dsc | |
| @@ -23,27 +23,27 @@ bin/ps2pdf | @@ -23,27 +23,27 @@ bin/ps2pdf | |||
| 23 | bin/ps2pdf12 | 23 | bin/ps2pdf12 | |
| 24 | bin/ps2pdf13 | 24 | bin/ps2pdf13 | |
| 25 | bin/ps2pdf14 | 25 | bin/ps2pdf14 | |
| 26 | bin/ps2pdfwr | 26 | bin/ps2pdfwr | |
| 27 | bin/ps2ps | 27 | bin/ps2ps | |
| 28 | bin/ps2ps2 | 28 | bin/ps2ps2 | |
| 29 | bin/unix-lpr.sh | 29 | bin/unix-lpr.sh | |
| 30 | include/ghostscript/gdevdsp.h | 30 | include/ghostscript/gdevdsp.h | |
| 31 | include/ghostscript/gserrors.h | 31 | include/ghostscript/gserrors.h | |
| 32 | include/ghostscript/iapi.h | 32 | include/ghostscript/iapi.h | |
| 33 | include/ghostscript/ierrors.h | 33 | include/ghostscript/ierrors.h | |
| 34 | lib/libgs.so | 34 | lib/libgs.so | |
| 35 | lib/libgs.so.10 | 35 | lib/libgs.so.10 | |
| 36 | lib/libgs.so.10.02 | 36 | lib/libgs.so.10.03 | |
| 37 | man/man1/dvipdf.1 | 37 | man/man1/dvipdf.1 | |
| 38 | man/man1/eps2eps.1 | 38 | man/man1/eps2eps.1 | |
| 39 | man/man1/gs.1 | 39 | man/man1/gs.1 | |
| 40 | man/man1/gsbj.1 | 40 | man/man1/gsbj.1 | |
| 41 | man/man1/gsdj.1 | 41 | man/man1/gsdj.1 | |
| 42 | man/man1/gsdj500.1 | 42 | man/man1/gsdj500.1 | |
| 43 | man/man1/gslj.1 | 43 | man/man1/gslj.1 | |
| 44 | man/man1/gslp.1 | 44 | man/man1/gslp.1 | |
| 45 | man/man1/gsnd.1 | 45 | man/man1/gsnd.1 | |
| 46 | man/man1/pdf2dsc.1 | 46 | man/man1/pdf2dsc.1 | |
| 47 | man/man1/pdf2ps.1 | 47 | man/man1/pdf2ps.1 | |
| 48 | man/man1/pf2afm.1 | 48 | man/man1/pf2afm.1 | |
| 49 | man/man1/pfbtopfa.1 | 49 | man/man1/pfbtopfa.1 |
| @@ -1,12 +1,12 @@ | @@ -1,12 +1,12 @@ | |||
| 1 | $NetBSD: distinfo,v 1.47 2023/11/03 09:14:16 adam Exp $ | 1 | $NetBSD: distinfo,v 1.48 2024/03/11 12:45:37 wiz Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (ghostscript-10.02.1.tar.xz) = 0af0a3eea666d184acb4f825fa7a1ae0a63a5e134d72afe561a2cc58fd87e696 | 3 | BLAKE2s (ghostscript-10.03.0.tar.xz) = ba41f0419063e1dec395939e82f57870639c4f8548c63094974c838345ecb241 | |
| 4 | SHA512 (ghostscript-10.02.1.tar.xz) = ee0f754c1bd8a18428ad14eaa3ead80ff8b96275af5012e7a8384f1f10490da056eec9ae3cc791a7a13a24e16e54df5bccdd109c7d53a14534bbd7360a300b11 | 4 | SHA512 (ghostscript-10.03.0.tar.xz) = 74d7da586eefbf3fb3c085bb4d2b73ee667fd0ae9cff73ece613c77c443148b847086f91802124baf91ac35cdc83be07199799378def92c8fbd96ced7d0ee9a8 | |
| 5 | Size (ghostscript-10.02.1.tar.xz) = 68017088 bytes | 5 | Size (ghostscript-10.03.0.tar.xz) = 68041176 bytes | |
| 6 | SHA1 (patch-base_gserrors_h) = 36c8fcf27fcb0bfdcc075ad96efe3e44fb727d9a | 6 | SHA1 (patch-base_gserrors_h) = 36c8fcf27fcb0bfdcc075ad96efe3e44fb727d9a | |
| 7 | SHA1 (patch-base_lib.mak) = 723926f167b49568376ef0c0da6aa4ec01fe1516 | 7 | SHA1 (patch-base_lib.mak) = 723926f167b49568376ef0c0da6aa4ec01fe1516 | |
| 8 | SHA1 (patch-base_mkromfs.c) = 9d9afbd0fbb8c70c8f4f7de3cadc5b54541f0db0 | 8 | SHA1 (patch-base_mkromfs.c) = 9d9afbd0fbb8c70c8f4f7de3cadc5b54541f0db0 | |
| 9 | SHA1 (patch-base_ttobjs.h) = 378ad7d316a4a9dc53b9c8e612582a7c8e9b3688 | 9 | SHA1 (patch-base_ttobjs.h) = 378ad7d316a4a9dc53b9c8e612582a7c8e9b3688 | |
| 10 | SHA1 (patch-base_unix-dll.mak) = 8076ce689807872bf94b552daaf9547b646ca249 | 10 | SHA1 (patch-base_unix-dll.mak) = 8076ce689807872bf94b552daaf9547b646ca249 | |
| 11 | SHA1 (patch-configure) = c448faa2f588dd8d7f58a9c1498b3dc5e903a5e2 | 11 | SHA1 (patch-configure) = c448faa2f588dd8d7f58a9c1498b3dc5e903a5e2 | |
| 12 | SHA1 (patch-devices_devs.mak) = e9937d401a278cc6d0a6d4cff78c526375bc18ca | 12 | SHA1 (patch-devices_devs.mak) = e9937d401a278cc6d0a6d4cff78c526375bc18ca |