[9.25-2] - obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel [9.25-1] - Rebase to latest upstream version - Resolves: #1673399 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116 - Resolves: #1678172 - CVE-2019-3835 ghostscript: superexec operator is available - Resolves: #1680026 - CVE-2019-3838 ghostscript: forceput in DefineResource is still accessible - Resolves: #1670443 - ghostscript: Regression: double comment chars "%" in gs_init.ps leading to missing metadata - fix for pdf2dsc regression added to allow fix for CVE-2019-3839 [9.07-32] - Remove as many non-standard operators as possible to make the codebase closer to upstream for later CVEs - Resolves: #1621385 - CVE-2018-16511 ghostscript: missing type check in type checker - Resolves: #1649722 - CVE-2018-16539 ghostscript: incorrect access checking in temp file handling to disclose contents of files - Resolves: #1621162 - CVE-2018-15908 ghostscript: .tempfile file permission issues - Resolves: #1621384 - CVE-2018-15909 ghostscript: shading_param incomplete type checking - Resolves: #1652902 - CVE-2018-16863 ghostscript: incomplete fix for CVE-2018-16509 - Resolves: #1654045 ghostscript update breaks xdvi - Resolves: #1651150 - CVE-2018-15911 ghostscript: uninitialized memory access in the aesdecode operator - Resolves: #1650061 - CVE-2018-16802 ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling - Resolves: #1652936 - CVE-2018-19409 ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c - Resolves: #1654622 - CVE-2018-16541 ghostscript: incorrect free logic in pagedevice replacement - Resolves: #1650211 - CVE-2018-17183 ghostscript: User-writable error exception table - Resolves: #1645517 - CVE-2018-18073 ghostscript: saved execution stacks can leak operator arrays - Resolves: #1648892 - CVE-2018-17961 ghostscript: saved execution stacks can leak operator arrays - Resolves: #1643117 - CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass - Resolves: #1655939 - CVE-2018-19134 ghostscript: Type confusion in setpattern - Resolves: #1657694 - ghostscript: Regression: Warning: Dropping incorrect smooth shading object - Resolves: #1661210 pdf2ps reports an error when reading from stdin - Resolves: #1657334 - CVE-2018-16540 ghostscript: use-after-free in copydevice handling - Resolves: #1660570 - CVE-2018-19475 ghostscript: access bypass in psi/zdevice2.c - Resolves: #1660829 - CVE-2018-19476 ghostscript: access bypass in psi/zicc.c - Resolves: #1661279 - CVE-2018-19477 ghostscript: access bypass in psi/zfjbig2.c - Resolves: #1667443 - CVE-2019-6116 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators - Resolves: #1670443 - ghostscript: Regression: double comment chars "%" in gs_init.ps leading to missing metadata