Bug 240844 - print/ghostscript9-agpl-base: Update to 9.50 (Fixes security vulnerabilities)
Summary: print/ghostscript9-agpl-base: Update to 9.50 (Fixes security vulnerabilities)
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Tijl Coosemans
URL:
Keywords: needs-qa, security
Depends on: 240845
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-26 14:53 UTC by Greg Veldman
Modified: 2019-12-09 20:27 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (doceng)
koobs: merge-quarterly?
antoine: exp-run+


Attachments
ghostscript9-agpl-base to 9.28rc3 (2.37 KB, patch)
2019-09-26 14:53 UTC, Greg Veldman
no flags Details | Diff
Update to 9.50 (3.20 KB, patch)
2019-11-29 17:01 UTC, Tijl Coosemans
no flags Details | Diff
Update to 9.50 (2) (4.78 KB, patch)
2019-12-07 19:30 UTC, Tijl Coosemans
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Veldman 2019-09-26 14:53:34 UTC
Created attachment 207857 [details]
ghostscript9-agpl-base to 9.28rc3

Upgrade to 9.28rc3 to fix several security vulnerabilities:

CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817

Also make some minor rearrangements to make portlint happy.
Comment 1 Tijl Coosemans freebsd_committer 2019-11-29 17:01:38 UTC
Created attachment 209530 [details]
Update to 9.50

Update to 9.50.  An exp-run is needed, because of changes to -dSAFER and because -dSAFER is enabled by default now.
Comment 2 Tijl Coosemans freebsd_committer 2019-11-29 17:03:08 UTC
Assign to portmgr for exp-run.
Comment 4 Tijl Coosemans freebsd_committer 2019-12-07 19:30:24 UTC
Created attachment 209776 [details]
Update to 9.50 (2)

The problem is in doxygen.  This version of the patch adds an upstream fix for it.
Comment 5 Antoine Brodin freebsd_committer 2019-12-08 20:29:49 UTC
Exp-run looks fine
Comment 6 commit-hook freebsd_committer 2019-12-09 20:27:00 UTC
A commit references this bug:

Author: tijl
Date: Mon Dec  9 20:26:01 UTC 2019
New revision: 519631
URL: https://svnweb.freebsd.org/changeset/ports/519631

Log:
  Update print/ghostscript9-agpl-* to 9.50.

  PR:		240844
  Approved by:	portmgr (antoine)
  Exp-run by:	antoine

Changes:
  head/devel/doxygen/Makefile
  head/devel/doxygen/files/patch-src_formula.cpp
  head/print/ghostscript9-agpl-base/Makefile
  head/print/ghostscript9-agpl-base/distinfo
  head/print/ghostscript9-agpl-x11/Makefile