Created attachment 203802 [details] patch Update print/ghostscript9-agpl-{base,x11} to 9.27. This version removes some undocumented features. An exp-run is needed to make sure no port depends on them.
Assign to portmgr for exp-run.
If I'm not mistaken, I believe this is also CVE-2019-3835 and CVE-2019-3838, which should be documented in vuxml. Tagging ports-secteam on this as well.
Exp-run looks fine
A commit references this bug: Author: tijl Date: Sun Apr 21 16:41:38 UTC 2019 New revision: 499546 URL: https://svnweb.freebsd.org/changeset/ports/499546 Log: Update to 9.27. PR: 237390 Exp-run by: antoine Approved by: portmgr (antoine) MFH: 2019Q2 Security: CVE-2019-3835, CVE-2019-3838 Changes: head/print/ghostscript9-agpl-base/Makefile head/print/ghostscript9-agpl-base/distinfo head/print/ghostscript9-agpl-base/pkg-plist head/print/ghostscript9-agpl-x11/Makefile
A commit references this bug: Author: tijl Date: Sun Apr 21 17:36:00 UTC 2019 New revision: 499548 URL: https://svnweb.freebsd.org/changeset/ports/499548 Log: Document Ghostscript CVE-2019-3835 and CVE-2019-3838. PR: 237390 Security: CVE-2019-3835, CVE-2019-3838 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: tijl Date: Mon Apr 22 08:53:17 UTC 2019 New revision: 499618 URL: https://svnweb.freebsd.org/changeset/ports/499618 Log: MFH: r499546 Update to 9.27. PR: 237390 Security: CVE-2019-3835, CVE-2019-3838 Approved by: ports-secteam (miwi) Changes: _U branches/2019Q2/ branches/2019Q2/print/ghostscript9-agpl-base/Makefile branches/2019Q2/print/ghostscript9-agpl-base/distinfo branches/2019Q2/print/ghostscript9-agpl-base/pkg-plist branches/2019Q2/print/ghostscript9-agpl-x11/Makefile
this broke cups-filters see here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237765