240844 – print/ghostscript9-agpl-base: Update to 9.50 (Fixes security vulnerabilities)

Bug 240844 - print/ghostscript9-agpl-base: Update to 9.50 (Fixes security vulnerabilities)

Summary: print/ghostscript9-agpl-base: Update to 9.50 (Fixes security vulnerabilities)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Tijl Coosemans

URL:
Keywords:	security

Depends on:	240845
Blocks:
	Show dependency tree / graph

Reported:	2019-09-26 14:53 UTC by Greg Veldman
Modified:	2020-01-06 10:05 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (doceng) tijl: merge-quarterly+ antoine: exp-run+

Attachments
ghostscript9-agpl-base to 9.28rc3 (2.37 KB, patch) 2019-09-26 14:53 UTC, Greg Veldman	no flags	Details \| Diff
Update to 9.50 (3.20 KB, patch) 2019-11-29 17:01 UTC, Tijl Coosemans	no flags	Details \| Diff
Update to 9.50 (2) (4.78 KB, patch) 2019-12-07 19:30 UTC, Tijl Coosemans	no flags	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Greg Veldman 2019-09-26 14:53:34 UTC

Created attachment 207857 [details]
ghostscript9-agpl-base to 9.28rc3

Upgrade to 9.28rc3 to fix several security vulnerabilities:

CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817

Also make some minor rearrangements to make portlint happy.

Comment 1 Tijl Coosemans freebsd_committer

2019-11-29 17:01:38 UTC

Created attachment 209530 [details]
Update to 9.50

Update to 9.50.  An exp-run is needed, because of changes to -dSAFER and because -dSAFER is enabled by default now.

Comment 2 Tijl Coosemans freebsd_committer

2019-11-29 17:03:08 UTC

Assign to portmgr for exp-run.

Comment 3 Antoine Brodin freebsd_committer

2019-12-01 19:37:28 UTC

New failure log on 12.0 amd64:

http://package18.nyi.freebsd.org/data/120amd64-default-PR241624/2019-11-30_09h52m12s/logs/errors/mpqc-2.3.1_44.log

New failure log on 12.0 i386:

http://pb2.nyi.freebsd.org/data/120i386-default-PR241624/2019-11-30_09h52m10s/logs/errors/mpqc-2.3.1_44.log

Comment 4 Tijl Coosemans freebsd_committer

2019-12-07 19:30:24 UTC

Created attachment 209776 [details]
Update to 9.50 (2)

The problem is in doxygen.  This version of the patch adds an upstream fix for it.

Comment 5 Antoine Brodin freebsd_committer

2019-12-08 20:29:49 UTC

Exp-run looks fine

Comment 6 commit-hook freebsd_committer

2019-12-09 20:27:00 UTC

A commit references this bug:

Author: tijl
Date: Mon Dec  9 20:26:01 UTC 2019
New revision: 519631
URL: https://svnweb.freebsd.org/changeset/ports/519631

Log:
  Update print/ghostscript9-agpl-* to 9.50.

  PR:		240844
  Approved by:	portmgr (antoine)
  Exp-run by:	antoine

Changes:
  head/devel/doxygen/Makefile
  head/devel/doxygen/files/patch-src_formula.cpp
  head/print/ghostscript9-agpl-base/Makefile
  head/print/ghostscript9-agpl-base/distinfo
  head/print/ghostscript9-agpl-x11/Makefile

Comment 7 Tijl Coosemans freebsd_committer

2020-01-06 10:05:38 UTC

Included in 2020Q1 branch.