The bundled lcms2mt was still accidentally picked up making packages
linked against graphics/lcms2 aborting (e.g. ImageMagick) when handling
format that used ghostscript-agpl.
PKGREVISION++
Changes:
Version 9.50 (2019-09-30)
Highlights in this release include:
* The change to version 9.50 (rather than the intended 9.28) follows
recognition of the extent and importance of the file access control
redesign/reimplementation outlined below.
* The file access control capability (enable with -dSAFER) has been
completely rewritten, with a ground-up rethink of the design. For more
details, see: SAFER.
It is important to note that -dSAFER now only enables the file access
controls, and no longer applies restrictions to standard Postscript
functionality (specifically, restrictions on setpagedevice. If your
application relies on these Postscript restrictions, see OLDSAFER, and
please get in touch, as we do plan to remove those Postscript restrictions
unless we have reason not to.
IMPORTANT: File access controls are now enabled by default. In order to run
Ghostscript without these controls, see NOSAFER
Important Note for Windows Users: See below under Incompatible Changes
* IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread
safe, and cannot be made thread safe without breaking the ABI. Our fork
will be thread safe, and include performance enhancements (these changes
have all be been offered and rejected upstream). We will maintain
compatibility between Ghostscript and LCMS2 for a time, but not in
perpetuity. Our fork will be available as its own package separately from
Ghostscript (and MuPDF).
* The usual round of bug fixes, compatibility changes, and incremental
improvements.
* Special thanks to Akira Kakuto, Paul Wessel, William Bader, Nelson H. F.
Beebe and everyone else who put time and effort into testing this new
release.
For a list of open issues, or to report problems, please visit
bugs.ghostscript.com.
Incompatible changes
* There are a couple of subtle incompatibilities between the old and new
SAFER implementations. Firstly, as mentioned above, SAFER now leaves
standard Postcript functionality unchanged (except for the file access
limitations). Secondly, the interaction with save/restore operations,
see SAFER.
Important Note for Windows Users:
The file/path pattern matching is case sensitive, even on Windows. This is
a change in behaviour compared to the old code which, on Windows, was case
insensitive. This is in recognition of changes in Windows behaviour, in
that it now supports (although does not enforce) case sensitivity.
* The following is not strictly speaking new to 9.50, as not much has changed
since 9.27 in this area, but for those who don't upgrade with every
release:
The process of "tidying" the Postscript name space should have removed only
non-standard and undocumented operators. Nevertheless, it is possible that
any integrations or utilities that rely on those non-standard and
undocumented operators may stop working, or may change behaviour.
If you encounter such a case, please contact us (either the #ghostscript
IRC channel, or the gs-devel mailing list would be best), and we'll work
with you to either find an alternative solution or return the previous
functionality, if there is genuinely no other option.
One case we know this has occurred is GSView 5 (and earlier). GSView 5
support for PDF files relied upon internal use only features which are no
longer available. GSView 5 will still work as previously for Postscript
files. For PDF files, users are encouraged to look at MuPDF.
The latest version of ghostscript-agpl calls functions that were
introduced in freetype2 version 2.10.0, and the build fails when
building against an earlier version.
Version 9.27:
Highlights in this release include:
We have extensively cleaned up the Postscript name space: removing access to internal and/or undocumented Postscript operators, procedures and data. This has benefits for security and maintainability.
We have added a new "product": "gpdl". This is a rethink/redesign of the old "language_switch" product (pspcl6), and includes all the interpreters we develop based on the Ghostscript graphics library: Postscript, PDF, PCL6, PXL and XPS. This is experimental, and should be considered of beta testing quality, and thus is not built by default: it can be built by using the "experimental" target.
gpdl uses a heuristic to judge the file type being passed to it. In general, it supports most of the widely used command line options for each interpreter, but compatibility is not complete (the practicalities of swapping interpreters means it is unlikely that full parity of command line options will be possible).
Fontmap can now reference invidual fonts in a TrueType Collection for font subsitution. Previously, a Fontmap entry could only reference a TrueType collection and use the default (first) font. Now, the Fontmap syntax allows for specifying a specific index in a TTC. See the comments at the top of (the default) Fontmap.GS for details.
IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).
The usual round of bug fixes, compatibility changes, and incremental improvements.
Copy the utf8 option from ghostscript-gpl, which is just bl3ing on
libiconv. Leave it off for now (unlike -gpl).
Perhaps it should be default on, and perhaps it should be always
enabled and not even an option.
There was a vestigial conditional-on-cups-option commented-out
inclusion of the cups bl3. But, programs that link against libgs do
not need the cups includes/libs, and cups is not a dependency of those
programs.
Remove bundled openjpeg in WRKSRC, add a dependency to openjpeg and pass
`--enable-openjpeg' in order to always link to pkgsrc one instead of the
ghostscript bundled one.
Bump PKGREVISION.
- Add \todo about a4 not being valid for PAPERSIZE
- Add PAPERSIZE to BUILD_DEFS
- Add \todo about jpeg2000 bl3 that is commented out without explanation
- GC undefined and unused PLIST.cidfmap
No real change intended, other than BUILD_DEFS. Ride recent
PKGREVISION++.
This is basically a port of the cups option code from
../ghostscript-gpl. Since the last GPL3 gs release, some programs
have migrated to the cups-filters package. Thus, they are no longer
installed by cups, and the option is much simpler.
I verified that the cups driver appears in "gs -h", but have not
tested it.
While the option defaults to off, I bumped PKGREVISION anyway.
Changes:
Version 9.26 (2018-11-20)
Highlights in this release include:
- Security issues have been the primary focus of this release,
including solving several (well publicised) real and potential
exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest
release to avoid these issues.
- IMPORTANT: We are in the process of forking LittleCMS. LCMS2
is not thread safe, and cannot be made thread safe without breaking
the ABI. Our fork will be thread safe, and include performance
enhancements (these changes have all be been offered and rejected
upstream). We will maintain compatibility between Ghostscript
and LCMS2 for a time, but not in perpetuity. Our fork will be
available as its own package separately from Ghostscript (and
MuPDF).
- Thanks to Man Yue Mo of Semmle Security Research Team, Jens
Mu:ller of Ruhr-Universita:t Bochum and Tavis Ormandy of Google's
Project Zero for their help to identify specific security
issues.
- The usual round of bug fixes, compatibility changes,
and incremental improvements.
For a list of open issues, or to report problems, please visit
bugs.ghostscript.com.
Version 9.25:
Highlights in this release include:
This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.
Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.
Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.
As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.
IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).
The usual round of bug fixes, compatibility changes, and incremental improvements.
Version 9.24:
Highlights in this release include:
Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.
As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.
IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).
The usual round of bug fixes, compatibility changes, and incremental improvements.
Version 9.23:
Ghostscript now has a family of 'pdfimage' devices (pdfimage8, pdfimage24 and pdfimage32) which produce rendered output wrapped up as an image in a PDF. Additionally, there is a 'pclm' device which produces PCLm format output.
There is now a ColorAccuracy parameter allowing the user to decide between speed or accuracy in ICC color transforms.
JPEG Passthrough: devices which support it can now receive the 'raw' JPEG stream from the interpreter. The main use of this is the pdfwrite/ps2write family of devices that can now take JPEG streams from the input file(s) and write them unchanged to the output (thus avoiding additional quantization effects).
PDF transparency performance improvements
IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).
We have continued the focus on code hygiene in this release cleaning up security issues, ignored return values, and compiler warnings.
The usual round of bug fixes, compatibility changes, and incremental improvements.
This should be the last part of the renaming operation for print/cups to
print/cups-base.
Rationale: packages depending on CUPS but not relying on a functional
printing setup only need to depend on print/cups-base (equivalent to the
former print/cups). The new print/cups now depends on print/cups-base
and on print/cups-filters, thus directly providing a functional printing
setup. This bump reflects this change of dependency.
As discussed on tech-pkg@
This is with the notable exception of meta-pkgs/desktop-gnome, which I
believe implies a fully functional cups.
This is still missing revision bumps - I'll be right there (first time I
am doing this on so many packages at a time).
As discussed on tech-pkg@
Highlights in this release include:
* Ghostscript can now consume and produce (via the pdfwrite device) PDF 2.0 compliant files.
* The main focus of this release has been security and code cleanliness. Hence many AddressSanitizer, Valgrind and Coverity issues have been addressed.
* The usual round of bug fixes, compatibility changes, and incremental improvements.
This is the fifteenth full release in the stable 9.x series.
Highlights in this release include:
* pdfwrite now preserves annotations from input PDFs (where possible).
* The GhostXPS interpreter now provides the pdfwrite device with the data it requires to emit a ToUnicode CMap: thus allowing fully searchable PDFs to be created from XPS input (in the vast majority of cases).
* Ghostscript now allows the default color space for PDF transparency blends.
* The Ghostscript/GhostPDL configure script now has much better/fuller support for cross compiling.
* The tiffscaled and tiffscaled4 devices can now use ETS (Even Tone Screening)
* The toolbin/pdf_info.ps utility can now emit the PDF XML metadata.
* Ghostscript has a new scan converter available (currently optional, but will become the default in a near future release). It can be enabled by using the command line option: '-dSCANCONVERTERTYPE=2'. This new implementation provides vastly improved performance with large and complex paths.
* The usual round of bug fixes, compatibility changes, and incremental improvements.
Remove Makefile.common that is not used by anything, despite
a comment to the contrary.
Highlights in this release include:
The usual round of bug fixes, compatibility changes, and
incremental improvements.
For a list of open issues, or to report problems, please visit
bugs.ghostscript.com. Incompatible changes
The planned device API tidy did not happen for this release,
due to time pressures, but we still intend to undertake the
following: We plan to somewhat tidy up the device API. We intend
to remove deprecated device procs (methods/function pointers)
and change the device API so every device proc takes a graphics
state parameter (rather than the current scheme where only a
very few procs take an imager state parameter). This should
serve as notice to anyone maintaining a Ghostscript device
outside the canonical source tree that you may (probably will)
need to update your device(s) when these changes happen. Devices
using only the non-deprecated procs should be trivial to update.
* New custom PJL (near) equivalents for pdfmark and setdistillerparams.
* Metadata pdfmark is now implemented.
* An experimental, rudimentary raster trapping implementation implementation has been added to the Ghostscript graphics library.
* The halftone threshold array generation tools (part of toolbin/halftone) have been improved with thresh_remap which allows folding the transfer function (AKA toner response curve (TRC)) into the threshold array so that highlights are improved. Further, gen_stochastic has improved support for minimum dot size and shape.
* Plus the usual round of bug fixes, compatibility changes, and incremental improvements.
Problems found locating distfiles:
Package acroread7: missing distfile AdobeReader_enu-7.0.9-1.i386.tar.gz
Package acroread8: missing distfile AdobeReader_enu-8.1.7-1.sparc.tar.gz
Package cups-filters: missing distfile cups-filters-1.1.0.tar.xz
Package dvidvi: missing distfile dvidvi-1.0.tar.gz
Package lgrind: missing distfile lgrind.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
