Bug 234013 - print/ghostscript9-agpl-base: Update to 9.26 (Fixes several security vulnerabilities)
Summary: print/ghostscript9-agpl-base: Update to 9.26 (Fixes several security vulnerab...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Document Engineering Group (Nobody)
URL: https://www.ghostscript.com/doc/9.26/...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2018-12-14 15:50 UTC by Tijl Coosemans
Modified: 2018-12-23 19:43 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (doceng)
koobs: merge-quarterly?

Attachments
patch (4.70 KB, patch)
2018-12-14 15:50 UTC, Tijl Coosemans 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tijl Coosemans freebsd_committer freebsd_triage 2018-12-14 15:50:01 UTC 
Created attachment 200119 [details]
patch

Another security update for ghostscript: https://www.ghostscript.com/doc/9.26/News.htm

Also make openjpeg dependency optional and off by default because it's been vulnerable for a long time.  Disable IJS option because print/hpijs, the last port that used it (afaik), has been removed.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2018-12-17 06:02:24 UTC 
Pending (needs) VuXML entry
Comment 2 Tijl Coosemans freebsd_committer freebsd_triage 2018-12-22 17:33:01 UTC 
Hey doceng, WAKE UP sleepy heads!!  :P

Seriously though this non-responsiveness is bad...
I'm thinking of taking over maintainership.
Comment 3 Benedict Reuschling freebsd_committer freebsd_triage 2018-12-22 18:35:25 UTC 
Hi Tijl,

if you have the cycles to that an upgrade, that'd be great. At least, I don't have a problem with it and having an updated version with security fixes is good.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-12-23 19:41:35 UTC 
A commit references this bug:

Author: tijl
Date: Sun Dec 23 19:41:21 UTC 2018
New revision: 488238
URL: https://svnweb.freebsd.org/changeset/ports/488238

Log:
  - Update to 9.26.
  - Make openjpeg dependency optional and off by default because it's been
    vulnerable for a long time.
  - Disable IJS option because print/hpijs, the last port that used it, has
    been removed.

  PR:		234013
  Approved by:	doceng (bcr)

Changes:
  head/print/ghostscript9-agpl-base/Makefile
  head/print/ghostscript9-agpl-base/distinfo
  head/print/ghostscript9-agpl-base/pkg-plist
  head/print/ghostscript9-agpl-x11/Makefile