Bug 234013 - print/ghostscript9-agpl-base: Update to 9.26 (Fixes several security vulnerabilities)
Summary: print/ghostscript9-agpl-base: Update to 9.26 (Fixes several security vulnerab...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: doceng
URL: https://www.ghostscript.com/doc/9.26/...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2018-12-14 15:50 UTC by Tijl Coosemans
Modified: 2018-12-23 19:43 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (doceng)
koobs: merge-quarterly?


Attachments
patch (4.70 KB, patch)
2018-12-14 15:50 UTC, Tijl Coosemans
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tijl Coosemans freebsd_committer 2018-12-14 15:50:01 UTC
Created attachment 200119 [details]
patch

Another security update for ghostscript: https://www.ghostscript.com/doc/9.26/News.htm

Also make openjpeg dependency optional and off by default because it's been vulnerable for a long time.  Disable IJS option because print/hpijs, the last port that used it (afaik), has been removed.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2018-12-17 06:02:24 UTC
Pending (needs) VuXML entry
Comment 2 Tijl Coosemans freebsd_committer 2018-12-22 17:33:01 UTC
Hey doceng, WAKE UP sleepy heads!!  :P

Seriously though this non-responsiveness is bad...
I'm thinking of taking over maintainership.
Comment 3 Benedict Reuschling freebsd_committer 2018-12-22 18:35:25 UTC
Hi Tijl,

if you have the cycles to that an upgrade, that'd be great. At least, I don't have a problem with it and having an updated version with security fixes is good.
Comment 4 commit-hook freebsd_committer 2018-12-23 19:41:35 UTC
A commit references this bug:

Author: tijl
Date: Sun Dec 23 19:41:21 UTC 2018
New revision: 488238
URL: https://svnweb.freebsd.org/changeset/ports/488238

Log:
  - Update to 9.26.
  - Make openjpeg dependency optional and off by default because it's been
    vulnerable for a long time.
  - Disable IJS option because print/hpijs, the last port that used it, has
    been removed.

  PR:		234013
  Approved by:	doceng (bcr)

Changes:
  head/print/ghostscript9-agpl-base/Makefile
  head/print/ghostscript9-agpl-base/distinfo
  head/print/ghostscript9-agpl-base/pkg-plist
  head/print/ghostscript9-agpl-x11/Makefile