Index | Thread | Search

From:
Stuart Henderson <stu@spacehopper.org>
Subject:
Re: [SECURITY] print/ghostscript/gnu 10.04.0
To:
Volker Schlecht <openbsd-ports@schlecht.dev>
Cc:
ports@openbsd.org
Date:
Mon, 23 Sep 2024 11:38:14 +0100

Download raw body.

Thread 
(this could probably do with DPB_PROPERTIES=parallel too)

On 2024/09/23 11:31, Stuart Henderson wrote:
> Patches need regenerating.
> 
> What's the reason for the bump? I don't see new functions in the
> libraries (but haven't ooked for struct changes). Library bumps in
> -stable are problematic.
> 
> On 2024/09/23 00:32, Volker Schlecht wrote:
> > Fixes
> > 
> > CVE-2024-46951
> > CVE-2024-46952
> > CVE-2024-46953
> > CVE-2024-46954
> > CVE-2024-46955
> > CVE-2024-46956
> > 
> > Looking for OKs to commit once the tree is unlocked, both to -current and
> > 7.6-stable.
> 
> > Index: Makefile
> > ===================================================================
> > RCS file: /cvs/ports/print/ghostscript/gnu/Makefile,v
> > diff -u -p -r1.134 Makefile
> > --- Makefile	1 Aug 2024 11:34:27 -0000	1.134
> > +++ Makefile	22 Sep 2024 21:56:12 -0000
> > @@ -1,13 +1,12 @@
> >  COMMENT =	PostScript and PDF interpreter
> >  
> > -VERSION =	10.03.1
> > +VERSION =	10.04.0
> >  DISTNAME =	ghostpdl-${VERSION}
> >  PKGNAME =	ghostscript-${VERSION}
> >  EXTRACT_SUFX =	.tar.xz
> >  CATEGORIES =	lang print
> > -SHARED_LIBS =	gs	18.2
> > -SHARED_LIBS +=	gpcl6	18.2
> > -REVISION =	2
> > +SHARED_LIBS =	gs	18.3
> > +SHARED_LIBS +=	gpcl6	18.3
> >  
> >  SITES =		https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${VERSION:S/.//g}/
> >  
> > @@ -105,6 +104,7 @@ pre-configure:
> >  	rm -rf ${WRKSRC}/zlib
> >  
> >  post-install:
> > +	rm -f ${PREFIX}/lib/libgpcl6.so{,.${LIBgs_VERSION:R}}
> >  	rm -f ${PREFIX}/lib/libgs.so{,.${LIBgs_VERSION:R}}
> >  .if !${FLAVOR:Mgtk}
> >  	rm -f ${PREFIX}/bin/gsx
> > Index: distinfo
> > ===================================================================
> > RCS file: /cvs/ports/print/ghostscript/gnu/distinfo,v
> > diff -u -p -r1.27 distinfo
> > --- distinfo	28 Jul 2024 07:59:55 -0000	1.27
> > +++ distinfo	22 Sep 2024 21:56:12 -0000
> > @@ -1,2 +1,2 @@
> > -SHA256 (ghostpdl-10.03.1.tar.xz) = Be7kUmj2uyxhifmkBoXEYIygiUQ6k/KvX1GU2D3DaNs=
> > -SIZE (ghostpdl-10.03.1.tar.xz) = 73553744
> > +SHA256 (ghostpdl-10.04.0.tar.xz) = BgP1YpvG9We0VJEdEEzZZwJInJ5w5Xd4eEP0gLI9Snc=
> > +SIZE (ghostpdl-10.04.0.tar.xz) = 73576724
> > Index: pkg/PLIST
> > ===================================================================
> > RCS file: /cvs/ports/print/ghostscript/gnu/pkg/PLIST,v
> > diff -u -p -r1.39 PLIST
> > --- pkg/PLIST	1 Aug 2024 11:34:27 -0000	1.39
> > +++ pkg/PLIST	22 Sep 2024 21:56:12 -0000
> > @@ -34,8 +34,6 @@ include/ghostscript/gserrors.h
> >  include/ghostscript/iapi.h
> >  include/ghostscript/ierrors.h
> >  include/ghostscript/plapi.h
> > -@comment @so lib/libgpcl6.so
> > -@comment lib/libgpcl6.so.18
> >  @lib lib/libgpcl6.so.${LIBgpcl6_VERSION}
> >  @lib lib/libgs.so.${LIBgs_VERSION}
> >  @man man/man1/dvipdf.1
>