| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: ghostscript-x11 | Distribution: openSUSE Tumbleweed |
| Version: 10.06.0 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Sep 16 15:45:31 2025 |
| Group: Productivity/Publishing/PS | Build host: reproducible |
| Size: 75556 | Source RPM: ghostscript-10.06.0-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://www.ghostscript.com/ | |
| Summary: X11 library for Ghostscript | |
This package contains the X11 library which is needed to view PostScript and PDF files with Ghostscript under the X Window System.
AGPL-3.0-only
* Tue Sep 16 2025 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 10.06.0
See 'Recent Changes in Ghostscript' at Ghostscript upstream
https://ghostscript.readthedocs.io/en/gs10.06.0/News.html
* This release addresses CVEs: TBC
* The 10.06.0 removes the non-standard operator "selectdevice"
(cf. the entry below dated Tue Apr 1 09:56:06 UTC 2025)
- ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f
to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824
"ghostscript 10.06.0 compilation failure on 32-bit archs"
* Tue Sep 16 2025 Dr. Werner Fink <werner@suse.de>
- Switch over to libalternatives for ghostscript to provide a gs
variant (bsc#1245896)
* Mon Aug 04 2025 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 10.05.1
See 'Recent Changes in Ghostscript' at Ghostscript upstream
https://ghostscript.readthedocs.io/en/gs10.05.1/News.html
* This release addresses CVEs:
+ CVE-2025-46646
+ CVE-2025-48708 (bsc#1243701)
* The 10.05.1 patch release addresses:
+ An overflow issue in Freetype on platforms
where long is a 4 byte (rather than 8 byte) type
(Microsoft Windows, for example) causing corrupted
glyph rendering at higher resolutions
+ An issue with embedded files, affecting Zugferd
format PDF creation.
+ Broken logic in PDF Optional Content processing
+ Potential slow down due to searching for identifiable
font files
+ A small number of extreme edge case segmentation faults.
* Thu Apr 10 2025 Friedrich Haubensak <hsk17@mail.de>
- add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to
still allow build on Leap 15.6
* Tue Apr 01 2025 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 10.05.0
See 'Recent Changes in Ghostscript' at Ghostscript upstream
https://ghostscript.readthedocs.io/en/gs10.05.0/News.html
* This release addresses:
+ CVE-2025-27830 (bsc#1240074)
+ CVE-2025-27831 (bsc#1240075)
+ CVE-2025-27832 (bsc#1240077)
+ CVE-2025-27833 (bsc#1240078)
+ CVE-2025-27834 (bsc#1240079)
+ CVE-2025-27835 (bsc#1240080)
+ CVE-2025-27836 (bsc#1240081)
+ CVE-2025-27837 (bsc#1240082 - affects only Windows)
* The 10.05.0 release deprecates the non-standard operator
"selectdevice", all code should now be using the standard
"setpagedevice" operator. "selectdevice" will be removed
in the 10.06.0 release.
* We now support production of PDF/X-1a and PDF/X-4a
in addition to the existing support for PDF/X-3
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
- In Ghostscript 10.05.0 the pdf2dsc utility is removed because
its PostScript program pdf2dsc.ps uses chunks of the old PDF
interpreter which is replaced with a new implementation
(in C instead of PostScript) in the 10.x series of Ghostscript
so pdf2dsc can no longer work as intended. For details see the
"Please restore PDF2DSC for preview-latex" mail thread e.g. on
https://mail.gnu.org/archive/html/auctex-devel/2025-03/threads.html
* Tue Feb 04 2025 Bernhard Wiedemann <bwiedemann@suse.com>
- Add reproducible.patch to not embed timestamp in .h file
- Add 2010_add_build_timestamp_setting.patch to allow overriding
timestamp in generated pdf (boo#1236773)
* Wed Oct 30 2024 Johannes Meixner <jsmeix@suse.com>
- Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024"
by adding the individual "bsc" numbers for each CVE, see
https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4
and by adding the "IMPORTANT" change in Ghostscript 10.04.0
- spec file cleanup: removed the special cases for SLE12
i.e. rely on "suse_version >= 1500" as given precondition
(recent Ghostscript versions fail to build in SLE12 anyway)
* Wed Oct 23 2024 Dirk Müller <dmueller@suse.com>
- Version upgrade to 10.04.0 (bsc#1232173):
Highlights in this release include:
See 'Recent Changes in Ghostscript' at Ghostscript upstream
https://ghostscript.readthedocs.io/en/gs10.04.0/News.html
* This release addresses:
+ CVE-2024-46951 (bsc#1232265)
+ CVE-2024-46952 (bsc#1232266)
+ CVE-2024-46953 (bsc#1232267)
+ CVE-2024-46954 (bsc#1232268)
+ CVE-2024-46955 (bsc#1232269)
+ CVE-2024-46956 (bsc#1232270)
* IMPORTANT: In this release (10.04.0)
we (i.e. Ghostscript upstream) have be added
protection for device selection from PostScript input.
This will mean that, by default, only the device specified
on the command line will be permitted. Similar to the file
permissions, there will be a "--permit-devices=" allowing
a comma separation list of allowed devices. This will also
take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript
to change devices during a job will have to be aware,
and take action to deal with this change.
The exception is "nulldevice", switching to that requires
no special action.
* Mon Jul 01 2024 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 10.03.1:
Highlights in this release include:
See 'Recent Changes in Ghostscript' at Ghostscript upstream
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
* Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870,
CVE-2024-33871 and CVE-2024-29510
- Regarding CVE-2024-33869 see bsc#1226946 and
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
https://bugs.ghostscript.com/show_bug.cgi?id=707691
- Regarding CVE-2023-52722 see bsc#1223852 and
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
- Regarding CVE-2024-33870 see bsc#1226944 and
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
https://bugs.ghostscript.com/show_bug.cgi?id=707686
- Regarding CVE-2024-33871 see bsc#1225491 and
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
- Regarding CVE-2024-29510 see bsc#1226945 and
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
* Tue Mar 26 2024 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 10.03.0:
For openSUSE and SUSE Ghostscript is built '--without-tesseract'
(see the entry below dated 'Mon Jul 18 07:28:54 UTC 2022').
Highlights in this release include:
See 'Recent Changes in Ghostscript' at Ghostscript upstream
https://ghostscript.readthedocs.io/en/gs10.03.0/News.html
* As of this release (10.03.0) pdfwrite creates PDF files
with XRef streams and ObjStm streams. This can result in
considerably smaller PDF output files. See Vector Devices
https://ghostscript.readthedocs.io/en/latest/VectorDevices.html
for more details.
* Ghostscript/pdfwrite now supports passing through
PDF "Optional Content".
* Our efforts in code hygiene and maintainability continue.
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
Incompatible changes (the release is listed in parentheses):
* (10.03.0) Almost all the "internal" PostScript procedures
defined during the interpreter startup are now "executeonly",
further reducing the attack surface of the interpreter.
The nature of these procedures means there should be no impact
for legitimate usage, but it is possible it will impact uses
which abuse the previous accessibility (even for legitimate
reasons). Such cases may now require "DELAYBIND", See DELAYBIND
https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind
* (10.03.0) The "makeimagedevice" non-standard operator has been
removed. It allowed low level access to the graphics library
in a way that was, essentially impossible to secure.
* (10.03.0) The "putdeviceprops", "getdeviceprops",
"finddevice", "copydevice", "findprotodevice" non-standard
operators have all been removed. They provided functionality
that is either accessible through standard operators,
or should not be used by user PostScript.
* (10.03.0) The process of "tidying" the PostScript namespace
should have removed only non-standard and undocumented
operators. Nevertheless, it is possible that any integrations
or utilities that rely on those non-standard and undocumented
operators may stop working or may change behaviour.
If you encounter such a case, please contact us
(Discord https://discord.gg/H9GXKwyPvY
[#]ghostscript IRC channel https://web.libera.chat/#ghostscript
or the gs-devel mailing list
https://www.ghostscript.com/mailman/index.html would be best),
but remember that free versions of Ghostscript
come with with NO WARRANTY and NO SUPPORT.
- Ghostscript 10.03.0 contains the fix to build with GCC 14
(boo#1221687)
* Tue Feb 27 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Thu Feb 22 2024 Thorsten Kukuk <kukuk@suse.com>
- Allow to disable apparmor support (ALP supports only SELinux)
* Sun Jan 28 2024 Dirk Müller <dmueller@suse.com>
- update to 10.02.1:
* Patch release to address some security bugs
* This release (10.02.0) marks the final demise of the
PostScript based PDF interpreter.
* This 10.01.1 release removes the "-dNEWPDF=false" command
line option to fall back to the deprecated, old PDF
interpreter.
* This 10.01.0 release removes the "-dNEWPDF=false" command
line option to fall back to the deprecated, old PDF
interpreter.
* This release officially deprecates the old Postscript
implementation of PDF, we will not be updating or maintaining
that code moving forward. The option to use the old PDF
implementation _**will**_ be removed in the next full release
(10.01.0)
* Important: This release includes the new PDF interpreter
(implemented in C rather than PostScript). It is both
integrated into Ghostscript (now ENABLED by default), and
available as a standalone, PDF only, binary. See
https://ghostscript.com/pdfi.html for more details.
* This also bundles the latest zlib (1.2.12) which addresses a
security issue (CVE-2018-25032)
* **Important**: This release includes the new PDF interpreter
(implemented in C rather than PostScript). It is both
integrated into Ghostscript (now **ENABLED** by default), and
available as a standalone, PDF only, binary. See
https://ghostscript.com/pdfi.html for more details.
- drop CVE-2023-28879.patch, CVE-2023-36664.patch,
CVE-2023-38559.patch, CVE-2023-43115.patch,
CVE-2023-46751.patch: upstream
- drop remove-zlib-h-dependency.patch: unused
* Wed Jan 03 2024 Johannes Meixner <jsmeix@suse.com>
- CVE-2023-46751.patch is
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13
adapted for Ghostscript-9.56.1 that fixes
https://bugs.ghostscript.com/show_bug.cgi?id=707264
which includes a fix for CVE-2023-46751
"dangling pointer in gdev_prn_open_printer_seekable()"
(bsc#1217871)
* Mon Dec 18 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Recommend cups-filters only when cups is present.
* Wed Sep 20 2023 Johannes Meixner <jsmeix@suse.com>
- CVE-2023-43115.patch is
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
that fixes CVE-2023-43115 "remote code execution
via crafted PostScript documents in gdevijs.c"
see https://bugs.ghostscript.com/show_bug.cgi?id=707051
(bsc#1215466)
* Wed Jul 26 2023 Johannes Meixner <jsmeix@suse.com>
- CVE-2023-38559.patch fixes CVE-2023-38559
"out of bounds read devn_pcx_write_rle() could result in DoS"
see bsc#1213637
and https://bugs.ghostscript.com/show_bug.cgi?id=706897
which is in base/gdevdevn.c the same issue
"ordering in if expression to avoid out-of-bounds access"
as the already fixed CVE-2020-16305 in devices/gdevpcx.c
see https://bugs.ghostscript.com/show_bug.cgi?id=701819
* Tue Jul 04 2023 Johannes Meixner <jsmeix@suse.com>
- CVE-2023-36664.patch fixes CVE-2023-36664
see https://bugs.ghostscript.com/show_bug.cgi?id=706761
"OS command injection in %pipe% access"
and https://bugs.ghostscript.com/show_bug.cgi?id=706778
"%pipe% allowed_path bypass"
and bsc#1212711
"permission validation mishandling for pipe devices
(with the %pipe% prefix or the | pipe character prefix)"
* Wed Apr 26 2023 Jan Engelhardt <jengelh@inai.de>
- Replace BuildRequire on xorg-x11-devel by pkgconfig(...)
* Tue Apr 11 2023 Johannes Meixner <jsmeix@suse.com>
- CVE-2023-28879.patch fixes CVE-2023-28879
Buffer Overflow in s_xBCPE_process
cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
(bsc#1210062)
* Mon Jul 18 2022 Dirk Müller <dmueller@suse.com>
- update to 9.56.1:
Highlights in this release include
(excerpts from the Ghostscript upstream release summary
in https://ghostscript.com/docs/9.56.1/News.htm):
* New PDF Interpreter: This is an entirely new implementation
written in C (rather than PostScript, as before)
* Calling Ghostscript via the GS API is now thread safe. The one
limitation is that the X11 devices for Unix-like systems (x11,
x11alpha, x11cmyk, x11cmyk2, x11cmyk4, x11cmyk8, x11gray2,
x11gray4 and x11mono) cannot be made thread safe, due to their
interaction with the X11 server, those devices have been
modified to only allow one instance in an executable.
* The PSD output device now writes ICC profiles to their output
files, for improved color fidelity.
* Our efforts in code hygiene and maintainability continue.
* The usual round of bug fixes, compatibility changes, and
incremental improvements.
* We have added the capability to build with the Tesseract OCR
engine. In such a build, new devices are available
(pdfocr8/pdfocr24/pdfocr32) which render the output file to an
image, OCR that image, and output the image "wrapped" up as a
PDF file, with the OCR generated text information included
as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including
Tesseract from source included in our release packages,
and not linking to Tesseract/Leptonica shared libraries.
Whether we add this capability will be largely dependent
on community demand for the feature. See Enabling OCR
at https://www.ghostscript.com/ocr.html for more details.
For a release summary see:
https://www.ghostscript.com/doc/9.54.0/News.htm
For details see the News.htm and History9.htm files.
- Configure --without-tesseract because this requires C++ (it
might be added if Tesseract support in Ghostscript is needed).
- Drop CVE-2021-3781.patch, CVE-2021-45949.patch: upstream
* Mon Jul 18 2022 Dirk Müller <dmueller@suse.com>
- Use _multibuild
* Wed Apr 13 2022 Dirk Müller <dmueller@suse.com>
- Use system zlib (bsc#1198449)
* Thu Apr 07 2022 Frederic Crozat <fcrozat@suse.com>
- Do no longer require apparmor-abstractions, it is not mandatory
to use Ghostscript (bsc#1134289).
* Tue Jan 11 2022 jsmeix@suse.de
- CVE-2021-45949.patch fixes CVE-2021-45949
heap-based buffer overflow in sampled_data_finish
cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
(bsc#1194304)
- CVE-2021-45944 use-after-free in sampled_data_sample
is already fixed in the Ghostscript 9.54.0 upstream sources
(bsc#1194303)
/usr/lib/ghostscript/10.06.0/X11.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 22:58:29 2025