- Update from version 10.02.1 to 10.03.0
- Update of rootfile
- Changelog
10.03.0
Highlights in this release include:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
As as result, we strongly urge anyone including the OCR devices in their
build to update as soon as possible.
As of this release (10.03.0) pdfwrite creates PDF files with XRef streams and
ObjStm streams. This can result in considerably smaller PDF output files.
See Vector Devices for more details.
Ghostscript/pdfwrite now supports passing through PDF "Optional Content".
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental
improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine.
In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32)
which render the output file to an image, OCR that image, and output the
image "wrapped" up as a PDF file, with the OCR generated text information
included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from
source included in our release packages, and not linking to
Tesseract/Leptonica shared libraries. Whether we add this capability will be
largely dependent on community demand for the feature.
See Enabling OCR for more details.
Incompatible changes
(10.03.0) Almost all the "internal" PostScript procedures defined during the
interpreter startup are now "executeonly", further reducing the attack
surface of the interpreter.
The nature of these procedures means there should be no impact for legitimate
usage, but it is possible it will impact uses which abuse the previous
accessibility (even for legitimate reasons). Such cases may now require
"DELAYBIND", See DELAYBIND
(10.03.0) The "makeimagedevice" non-standard operator has been removed. It
allowed low level access to the graphics library in a way that was,
essentially impossible to secure.
(10.03.0) The "putdeviceprops", "getdeviceprops", "finddevice", "copydevice",
"findprotodevice" non-standard operators have all been removed. They
provided functionality that is either accessible through standard operators,
or should not be used by user PostScript.
(10.03.0) The process of "tidying" the PostScript namespace should have
removed only non-standard and undocumented operators. Nevertheless, it is
possible that any integrations or utilities that rely on those non-standard
and undocumented operators may stop working or may change behaviour.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / commit
