wxd
/
ShentunApp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.2 GiB
Tree: ce4b8d120e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ce4b8d120e'
${ noResults }
ShentunApp/extensions/gs10.04.0/doc/News.html

154 lines
8.2 KiB
Raw Normal View History

1
1 month ago
  1. <!--START EDITING HERE-->
  3. <h1>Recent Changes in Ghostscript</h1>
  5. <!-- [1.0 end visible header] ============================================== -->
  7. <!-- [2.0 begin contents] ================================================== -->
  8. <h2><a name="Version10.04.0"></a>Version 10.04.0 (2024-09-18)</h2>
  9. <p> Highlights in this release include:
  10. <ul>
  11. </li>
  12. <li>
  13. <p>This release addresses CVEs: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
  14. </li>
  15. <li>
  16. <p><b>IMPORTANT:</b> In this release (10.04.0) we have be added protection for
  17. device selection from PostScript input. This will mean that, by default, only the device specified
  18. on the command line will be permitted. Similar to the file permissions, there will be a &quot;--permit-devices=&quot;
  19. allowing a comma separation list of allowed devices. This will also take a single wildcard &quot;*&quot; allowing any device.
  20. <p>Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action
  21. to deal with this change.
  22. <p>The exception is &quot;nulldevice&quot;, switching to that requires no special action.
  23. </li>
  24. <li>
  25. <p>Our efforts in code hygiene and maintainability continue.
  26. </li>
  27. <li>
  28. <p>The usual round of bug fixes, compatibility changes, and incremental improvements.
  29. </li>
  30. <li>
  31. <p>(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such
  32. a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the
  33. output file to an image, OCR that image, and output the image "wrapped" up as a
  34. PDF file, with the OCR generated text information included as "invisible" text
  35. (in PDF terms, text rendering mode 3).
  36. <p>Mainly due to time constraints, we only support including Tesseract from
  37. source included in our release packages, and not linking to Tesseract/Leptonica
  38. shared libraries. Whether we add this capability will be largely dependent on
  39. community demand for the feature.
  40. <p>See <a href="https://www.ghostscript.com/ocr.html">Enabling OCR</a> for more details.
  41. </li>
  42. </ul>
  43. <p>For a list of open issues, or to report problems,
  44. please visit <a href="http://bugs.ghostscript.com/">bugs.ghostscript.com</a>.
  45. <h3><a name="10.04.0_Incompatible_changes"></a>Incompatible changes</h3>
  46. <h4>Included below are incompatible changes from recent releases (the
  47. specific release in question is listed in parentheses). We include these,
  48. for now, as we are aware that not everyone upgrades with every release.</h4>
  49. <ul>
  50. <li>
  51. <p>(10.03.1) Almost all the &quot;internal&quot; PostScript procedures defined
  52. during the interpreter startup are now &quot;executeonly&quot;, further reducing
  53. the attack surface of the interpreter.
  54. <p>The nature of these procedures means there should be no impact for legitimate
  55. usage, but it is possible it will impact uses which abuse the previous accessibility
  56. (even for legitimate reasons). Such cases may now require &quot;DELAYBIND&quot;,
  57. See <a href="https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind">DELAYBIND</a>
  58. </li>
  59. <li>
  60. <p>(10.03.1) The &quot;makeimagedevice&quot; non-standard operator has been removed. It allowed
  61. low level access to the graphics library in a way that was, essentially impossible to secure.
  62. </li>
  63. <li>
  64. <p>(10.03.1) The &quot;putdeviceprops&quot;, &quot;getdeviceprops&quot;, &quot;finddevice&quot;,
  65. &quot;copydevice&quot;, &quot;findprotodevice&quot; non-standard operators have all been removed.
  66. They provided functionality that is either accessible through standard operators, or should not
  67. be used by user PostScript.
  68. </li>
  69. <li>
  70. <p>(10.03.1) The process of &quot;tidying&quot; the PostScript namespace should have removed
  71. only non-standard and undocumented operators. Nevertheless, it is possible that
  72. any integrations or utilities that rely on those non-standard and undocumented
  73. operators may stop working or may change behaviour.
  74. <p>If you encounter such a case, please contact us (<a href="https://discord.gg/H9GXKwyPvY">Discord<a>,
  75. <a href="https://web.libera.chat/#ghostscript">#ghostscript IRC channel</a>,
  76. or the gs-devel mailing list would be best), and we'll work with you to either find an
  77. alternative solution or return the previous functionality, if there is genuinely no other
  78. option.
  79. </li>
  80. <li>
  81. <p>(9.55.0) Changes to the <code>device API</code>. This will affect developers and maintainers of
  82. Ghostscript devices. Firstly, and most importantly, the way device-specific "procs" are specified has
  83. been rewritten to make it (we think!) clearer and less confusing. See
  84. <a href="https://ghostscript.readthedocs.io/Drivers.htm">The Interface between Ghostscript and Device Drivers</a> and
  85. <a href="https://www.notion.so/artifexsoftware/The-Great-Device-Rework-Of-2021-94092fe1395d4a088b91462f0ca5038a">The Great Device Rework Of 2021</a>
  86. for more details.
  87. </li>
  88. <li>
  89. <p>(9.55.0) The command line options <code>-sGraphicsICCProfile=___</code>, <code>-dGraphicsIntent=#</code>, <code>-dGraphicsBlackPt=#</code>,
  90. <code>-dGraphicsKPreserve=#</code> have been changed to <code>-sVectorICCProfile=___</code>, <code>-dVectorIntent=#</code>, <code>-dVectorBlackPt=#</code>,
  91. <code>-dVectorKPreserve=#</code>.
  92. </li>
  93. <li>
  94. <p>(9.53.0) As of 9.53.0, we have (re-)introduced the patch level to the version number,
  95. this helps facilitate a revised policy on handling security-related issues.
  96. <p><strong>Note for GSView Users: </strong>The patch level addition breaks GSView 5 (it is
  97. hardcoded to check for versions <code>704-999</code>. It is possible, but not guaranteed that
  98. a GSView update might be forthcoming to resolve this.
  99. </li>
  100. <li>
  101. <p>(9.52) <code>-dALLOWPSTRANSPARENCY</code>: The transparency compositor (and related
  102. features), whilst we are improving it, remains sensitive to being driven correctly, and
  103. incorrect use can have unexpected/undefined results. Hence, as part of improving security,
  104. we limited access to these operators, originally using the <code>-dSAFER</code> feature.
  105. As we made "SAFER" the default mode, that became unacceptable, hence the new option
  106. <code>-dALLOWPSTRANSPARENCY</code> which enables access to the operators.
  107. </li>
  108. <li>
  109. <p>(9.50) There are a couple of subtle incompatibilities between the old and new SAFER
  110. implementations. Firstly, as mentioned in the 9.50 release notes, SAFER now leaves
  111. standard PostScript functionality unchanged (except for the file access limitations).
  112. Secondly, the interaction with <code>save</code>&sol;<code>restore</code> operations
  113. has changed. See <a href="https://ghostscript.readthedocs.io/Use.htm#Safer">SAFER</a>.
  114. <p><strong>Important Note for Windows Users</strong>:
  115. <br>
  116. The file/path pattern matching is case-sensitive, even on Windows. This is a
  117. change in behaviour compared to the old code which, on Windows, was case
  118. <i>in</i>sensitive. This is in recognition of changes in Windows behaviour,
  119. in that it now supports (although does not enforce) case sensitivity.
  120. </li>
  121. </ul>
  122. <h3><a name="10.04.0_changelog"></a>Changelog</h3>
  123. <p>From 9.55.0 onwards, in recognition of how unwieldy very large HTML files can become
  124. (History9.html had reached 8.1Mb!), we intend to only include the summary highlights (above).
  125. <p>For anyone wanting the full details of the changes in
  126. a release, we ask them to look at the history in our public git repository:
  127. <a href="https://git.ghostscript.com/?p=ghostpdl.git;a=shortlog;h=refs/tags/ghostpdl-10.04.0">ghostpdl-10.04.0</a> log.
  128. <p>If this change does not draw negative feedback, History?.htm file(s) will be removed from the release archives.
  130. <!-- [2.0 end contents] ==================================================== -->
  132. <!-- [3.0 begin visible trailer] =========================================== -->
  133. <hr>
  135. <p>
  136. <small>Copyright &copy; 2005-2024 Artifex Software, Inc.
  137. All rights reserved.</small>
  139. <p>
  140. This software is provided AS-IS with no warranty, either express or
  141. implied.
  143. This software is distributed under license and may not be copied, modified
  144. or distributed except as expressly authorized under the terms of that
  145. license. Refer to licensing information at <a href="https://www.artifex.com">https://www.artifex.com</a>
  146. or contact Artifex Software, Inc., 39 Mesa Street, Suite 108A, San Francisco, CA 94129, USA,
  148. <p>
  149. <small>Ghostscript version 10.04.0, 18 September 2024
  151. <!-- [3.0 end visible trailer] ============================================= -->
  154. <!--FINISH EDITING HERE-->