# open this flag when supprot texlive in the future
%bcond_with texlive

%global _docdir_fmt     %{name}
%global version_short %%(echo "%{version}" | tr -d '.')
%global google_droid_fontpath %%(dirname $(fc-list : file | grep "DroidSansFallback"))
%global jbig2dec_version 0.20

Summary:       Interpreter for PostScript language & PDF
Name:          ghostscript
Version:       10.02.1
Release:       8%{?dist}
License:       AGPLv3+

# git url https://git.ghostscript.com/?p=ghostpdl.git;a=summary
URL:           https://ghostscript.com/
Source0:       https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs%{version_short}/ghostscript-%{version}.tar.xz


BuildRequires: automake gcc git make
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel google-droid-sans-fonts
BuildRequires: urw-base35-fonts-devel cups-devel dbus-devel fontconfig-devel freetype-devel
BuildRequires: lcms2-devel libidn2-devel libijs-devel libjpeg-turbo-devel libpng-devel
BuildRequires: libpaper-devel libtiff-devel openjpeg2-devel zlib-devel gtk3-devel libXt-devel
BuildRequires: jbig2dec-devel = %{jbig2dec_version}
BuildRequires: jbig2dec-libs = %{jbig2dec_version}

Patch0001: ghostscript-10.02.1-txtwrite-device-needs-to-countdown-the-device-on-tex.patch
Patch0002: ghostscript-10.02.1-PostScript-Fix-selectdevice.patch
Patch0003: CVE-2024-33871-OPVP-device-prevent-unsafe-parameter-change-with-SAF.patch
Patch0004: CVE-2024-29510-Uniprint-device-prevent-string-configuration-changes.patch
Patch0005: CVE-2024-33870-Bug-707686.patch
Patch0006: CVE-2024-33869-Bug-707691.patch
Patch0007: CVE-2024-33869-Bug-707691-part-2.patch

# fix CVE-2024-29509 CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29511
Patch0008: 0001-Bug-707510-review-printing-of-pointers.patch
Patch0009: 0002-Bug-707510-don-t-allow-PDF-files-with-bad-Filters-to.patch
Patch0010: 0003-Bug-707510-don-t-use-strlen-on-passwords.patch
Patch0012: 0004-Bug-707510-fix-LIBIDN-usage.patch
Patch0013: 0005-Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch
Patch0014: 0006-Bug-707510-3-Bounds-checks-when-using-CIDFont-relate.patch
Patch0015: 0007-Bug-707510-5-2-The-original-fix-was-overly-aggressiv.patch
Patch0016: CVE-2024-46951-PS-interpreter-check-the-type-of-the-Pattern-Impleme.patch
Patch0017: CVE-2024-46952-PDF-interpreter-sanitise-W-array-values-in-Xref-stre.patch
Patch0018: CVE-2024-46953-Bug-707793-Check-for-overflow-validating-format-stri.patch
Patch0019: CVE-2024-46954-Bug-707788-Fix-decode_utf8-to-forbid-overlong-encodi.patch
Patch0020: CVE-2024-46955-PS-interpreter-check-Indexed-colour-space-index.patch
Patch0021: CVE-2024-46956-PostScript-interpreter-fix-buffer-length-check.patch

Requires:      libgs = %{version}-%{release}
Requires:      jbig2dec-libs = %{jbig2dec_version}
Requires:      %{name}-tools-fonts = %{version}-%{release}
Requires:      %{name}-tools-printing = %{version}-%{release}

Provides:      %{name}-core = %{version}-%{release}
Provides:      %{name}-doc = %{version}-%{release}
Provides:      ghostscript-x11 = %{version}-%{release}
Obsoletes:     ghostscript-x11 < 10.01.0-1

%description
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other
document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript (PS) and Portable Document
Format (PDF) page description languages. Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.

%package -n libgs
Summary:          Library providing Ghostcript's core functionality
Requires:         adobe-mappings-cmap adobe-mappings-cmap-deprecated adobe-mappings-pdf
Requires:         google-droid-sans-fonts urw-base35-fonts

%description -n libgs
This library provides Ghostscript's core functionality, based on Ghostscript's API, which is useful for many packages
that are build on top of Ghostscript.

%package -n libgs-devel
Summary:          Development files for Ghostscript's library
Requires:         libgs = %{version}-%{release}
Provides:         %{name}-devel = %{version}-%{release}

%description -n libgs-devel
This package contains development files that are useful for building packages against Ghostscript's library, which provides
Ghostscript's core functionality.

%if %{with texlive}
%package tools-dvipdf
Summary:          Ghostscript's 'dvipdf' utility
Requires:         %{name} = %{version}-%{release}
Requires:         %{_bindir}/dvips

%description tools-dvipdf
This package provides the utility 'dvipdf' for converting of TeX DVI files into PDF files using Ghostscript and dvips.
%endif

%package tools-fonts
Summary:          Ghostscript's font utilities
Requires:         %{name} = %{version}-%{release}

%description tools-fonts
This package provides utilities which are useful when you are working with AFM, PFB or PFA files, mostly for conversion purposes.

%package tools-printing
Summary:          Ghostscript's printing utilities
Requires:         %{name} = %{version}-%{release}

%description tools-printing
This package provides utilities for formatting and printing text files using either Ghostscript, or BubbleJet, DeskJet,
DeskJet 500, and LaserJet printers.

It also provides the utility 'pphs', which is useful for printing of Primary Hint Stream of a linearized PDF file.

%package gtk
Summary:          Ghostscript's GTK-based document renderer
Requires:         libgs = %{version}-%{release}

%description gtk
This package provides GTK-based utility 'gsx', which can be used for displaying of various document files (including PS and PDF).

%prep
%autosetup -n %{name}-%{version} -p1
rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* leptonica libpng openjpeg tesseract tiff windows zlib

%if %{without texlive}
sed -i 's/bdftops dvipdf eps2eps/bdftops eps2eps/g' base/unixinst.mak
rm -rf man/dvipdf*
rm -rf man/de/dvipdf*
%endif

%build
%configure \
    --disable-compile-inits \
    --without-versioned-path \
    --with-fontpath="%{urw_base35_fontpath}:%{google_droid_fontpath}:%{_datadir}/%{name}/conf.d/"
%make_build so

%install
make DESTDIR=%{buildroot} soinstall

rm -f %{buildroot}%{_bindir}/{lprsetup.sh,unix-lpr.sh}
mv -f %{buildroot}%{_bindir}/{gsc,gs}
rm -f %{buildroot}%{_docdir}/%{name}/{AUTHORS,COPYING,*.tex,*.hlp,*.txt}
rm -f %{buildroot}%{_datadir}/%{name}/doc

# do not supprot html
rm -rf %{buildroot}%{_docdir}/%{name}/{*.htm*,html}

ln -s %{_bindir}/gs %{buildroot}%{_bindir}/ghostscript

ln -s %{_mandir}/man1/gs.1 %{buildroot}%{_mandir}/man1/ghostscript.1

ln -fs %{google_droid_fontpath}/DroidSansFallbackFull.ttf \
    %{buildroot}%{_datadir}/%{name}/Resource/CIDFSubst/DroidSansFallback.ttf

for font in $(basename --multiple %{buildroot}%{_datadir}/%{name}/Resource/Font/*); do
  ln -fs %{urw_base35_fontpath}/${font}.t1 %{buildroot}%{_datadir}/%{name}/Resource/Font/${font}
done

for file in $(basename --multiple %{buildroot}%{_datadir}/%{name}/Resource/CMap/*); do
  find %{adobe_mappings_rootpath} -type f -name ${file} -exec ln -fs {} %{buildroot}%{_datadir}/%{name}/Resource/CMap/${file} \;
done

install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/

%check
%make_build check

%files -n libgs
%license LICENSE doc/COPYING
%{_libdir}/libgs.so.*
%{_datadir}/%{name}/
%dir %{_datadir}/%{name}/conf.d/

%files -n libgs-devel
%{_libdir}/libgs.so
%{_includedir}/%{name}/

%files
%doc %{_docdir}/%{name}/
%{_bindir}/gs
%{_bindir}/gsnd
%{_bindir}/ghostscript
%{_bindir}/eps2*
%{_bindir}/pdf2*
%{_bindir}/ps2*
%{_mandir}/man1/gs.1*
%{_mandir}/man1/gsnd*
%{_mandir}/man1/ghostscript*
%{_mandir}/man1/eps2*
%{_mandir}/man1/pdf2*
%{_mandir}/man1/ps2*

%if %{with texlive}
%files tools-dvipdf
%{_bindir}/dvipdf
%{_mandir}/man1/dvipdf*
%endif

%files tools-fonts
%{_bindir}/pf2afm
%{_bindir}/pfbtopfa
%{_bindir}/printafm
%{_mandir}/man1/pf2afm*
%{_mandir}/man1/pfbtopfa*
%{_mandir}/man1/printafm*

%files tools-printing
%{_bindir}/gsbj
%{_bindir}/gsdj
%{_bindir}/gsdj500
%{_bindir}/gslj
%{_bindir}/gslp
%{_bindir}/pphs
%{_mandir}/man1/gsbj*
%{_mandir}/man1/gsdj*
%{_mandir}/man1/gslj*
%{_mandir}/man1/gslp*

%files gtk
%{_bindir}/gsx

%changelog
* Mon Nov 11 2024 Shuo Wang <abushwang@tencent.com> -10.02.1-8
- fix CVE-2024-46951, CVE-2024-46952, CVE-2024-46953
- fix CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
- PS interpreter - check the type of the Pattern Implementation (Bug #707991)
- Bug #708001 "Buffer overflow in PDF XRef stream"
- Bug 707793: Check for overflow validating format string
- Bug 707788: Fix decode_utf8 to forbid overlong encodings.
- Bug #707990 "Out of bounds read when reading color in "Indexed" color space"
- PostScript interpreter - fix buffer length check Bug 707895

* Thu Sep 26 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 10.02.1-7
- Rebuilt for clarifying the packages requirement in BaseOS and AppStream

* Fri Aug 16 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 10.02.1-6
- Rebuilt for loongarch release

* Thu Jul 11 2024 Shuo Wang <abushwang@tencent.com> - 10.02.1-5
- fix CVE-2024-29509 CVE-2024-29506 CVE-2024-29507
- fix CVE-2024-29508 CVE-2024-29511
- fix buffer overflows, partial SAFER bypass, pointer leak (Bug 707510)

* Wed Jun 26 2024 Shuo Wang <abushwang@tencent.com> - 10.02.1-4
- fix CVE-2024-33869, CVE-2024-33870 and CVE-2024-29510

* Tue Jun 4 2024 Shuo Wang <abushwang@tencent.com> - 10.02.1-3
- enable %check

* Mon Jun 3 2024 Shuo Wang <abushwang@tencent.com> - 10.02.1-2
- backport patch to fix CVE-2024-33871
- prevent unsafe parameter change with SAFER

* Tue Dec 26 2023 Upgrade Robot <upbot@opencloudos.org> - 10.02.1-1
- Upgrade to version 10.02.1

* Mon Dec 11 2023 Shuo Wang <abushwang@tencent.com> - 10.01.2-4
- backport patch to fix CVE-2023-46751

* Wed Oct 25 2023 Fanjun Kong <fanjunkong@tencent.com> - 10.01.2-3
- fix for CVE-2023-38559 and CVE-2023-43115

* Fri Sep 08 2023 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 10.01.2-2
- Rebuilt for OpenCloudOS Stream 23.09

* Fri Sep 01 2023 cunshunxia <cunshunxia@tencent.com> - 10.01.2-1
- upgrade to 10.01.2

* Thu Aug 17 2023 kianli@tencent.com - 9.55.0-5
- Rebuilt for openjpeg2 2.5.0

* Wed Aug 02 2023 kianli <kianli@tencent.com> - 9.55.0-4
- Rebuilt for libtiff 4.5.1

* Fri Apr 28 2023 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 9.55.0-3
- Rebuilt for OpenCloudOS Stream 23.05

* Fri Mar 31 2023 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 9.55.0-2
- Rebuilt for OpenCloudOS Stream 23

* Wed Nov 30 2022 Shuo Wang <abushwang@tencent.com> - 9.55.0-1
- initial build