From: Stuart Henderson Subject: Re: [SECURITY] print/ghostscript/gnu 10.04.0 To: Volker Schlecht Cc: ports@openbsd.org Date: Mon, 23 Sep 2024 11:38:14 +0100 (this could probably do with DPB_PROPERTIES=parallel too) On 2024/09/23 11:31, Stuart Henderson wrote: > Patches need regenerating. > > What's the reason for the bump? I don't see new functions in the > libraries (but haven't ooked for struct changes). Library bumps in > -stable are problematic. > > On 2024/09/23 00:32, Volker Schlecht wrote: > > Fixes > > > > CVE-2024-46951 > > CVE-2024-46952 > > CVE-2024-46953 > > CVE-2024-46954 > > CVE-2024-46955 > > CVE-2024-46956 > > > > Looking for OKs to commit once the tree is unlocked, both to -current and > > 7.6-stable. > > > Index: Makefile > > =================================================================== > > RCS file: /cvs/ports/print/ghostscript/gnu/Makefile,v > > diff -u -p -r1.134 Makefile > > --- Makefile 1 Aug 2024 11:34:27 -0000 1.134 > > +++ Makefile 22 Sep 2024 21:56:12 -0000 > > @@ -1,13 +1,12 @@ > > COMMENT = PostScript and PDF interpreter > > > > -VERSION = 10.03.1 > > +VERSION = 10.04.0 > > DISTNAME = ghostpdl-${VERSION} > > PKGNAME = ghostscript-${VERSION} > > EXTRACT_SUFX = .tar.xz > > CATEGORIES = lang print > > -SHARED_LIBS = gs 18.2 > > -SHARED_LIBS += gpcl6 18.2 > > -REVISION = 2 > > +SHARED_LIBS = gs 18.3 > > +SHARED_LIBS += gpcl6 18.3 > > > > SITES = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${VERSION:S/.//g}/ > > > > @@ -105,6 +104,7 @@ pre-configure: > > rm -rf ${WRKSRC}/zlib > > > > post-install: > > + rm -f ${PREFIX}/lib/libgpcl6.so{,.${LIBgs_VERSION:R}} > > rm -f ${PREFIX}/lib/libgs.so{,.${LIBgs_VERSION:R}} > > .if !${FLAVOR:Mgtk} > > rm -f ${PREFIX}/bin/gsx > > Index: distinfo > > =================================================================== > > RCS file: /cvs/ports/print/ghostscript/gnu/distinfo,v > > diff -u -p -r1.27 distinfo > > --- distinfo 28 Jul 2024 07:59:55 -0000 1.27 > > +++ distinfo 22 Sep 2024 21:56:12 -0000 > > @@ -1,2 +1,2 @@ > > -SHA256 (ghostpdl-10.03.1.tar.xz) = Be7kUmj2uyxhifmkBoXEYIygiUQ6k/KvX1GU2D3DaNs= > > -SIZE (ghostpdl-10.03.1.tar.xz) = 73553744 > > +SHA256 (ghostpdl-10.04.0.tar.xz) = BgP1YpvG9We0VJEdEEzZZwJInJ5w5Xd4eEP0gLI9Snc= > > +SIZE (ghostpdl-10.04.0.tar.xz) = 73576724 > > Index: pkg/PLIST > > =================================================================== > > RCS file: /cvs/ports/print/ghostscript/gnu/pkg/PLIST,v > > diff -u -p -r1.39 PLIST > > --- pkg/PLIST 1 Aug 2024 11:34:27 -0000 1.39 > > +++ pkg/PLIST 22 Sep 2024 21:56:12 -0000 > > @@ -34,8 +34,6 @@ include/ghostscript/gserrors.h > > include/ghostscript/iapi.h > > include/ghostscript/ierrors.h > > include/ghostscript/plapi.h > > -@comment @so lib/libgpcl6.so > > -@comment lib/libgpcl6.so.18 > > @lib lib/libgpcl6.so.${LIBgpcl6_VERSION} > > @lib lib/libgs.so.${LIBgs_VERSION} > > @man man/man1/dvipdf.1 >