From: Volker Schlecht <openbsd-ports@schlecht.dev>
Subject: Re: [SECURITY] print/ghostscript/gnu 10.04.0
To: ports@openbsd.org
Date: Mon, 23 Sep 2024 18:35:04 +0200

Here's the fixed diff.

On 2024-09-23 11:31, Stuart Henderson wrote:
>Patches need regenerating.
>
>What's the reason for the bump? I don't see new functions in the
>libraries (but haven't ooked for struct changes). Library bumps in
>-stable are problematic.
>
>On 2024/09/23 00:32, Volker Schlecht wrote:
>> Fixes
>>
>> CVE-2024-46951
>> CVE-2024-46952
>> CVE-2024-46953
>> CVE-2024-46954
>> CVE-2024-46955
>> CVE-2024-46956
>>
>> Looking for OKs to commit once the tree is unlocked, both to -current and
>> 7.6-stable.

Index: Makefile
===================================================================
RCS file: /cvs/ports/print/ghostscript/gnu/Makefile,v
diff -u -p -r1.134 Makefile
--- Makefile	1 Aug 2024 11:34:27 -0000	1.134
+++ Makefile	23 Sep 2024 11:49:36 -0000
@@ -1,13 +1,12 @@
 COMMENT =	PostScript and PDF interpreter
 
-VERSION =	10.03.1
+VERSION =	10.04.0
 DISTNAME =	ghostpdl-${VERSION}
 PKGNAME =	ghostscript-${VERSION}
 EXTRACT_SUFX =	.tar.xz
 CATEGORIES =	lang print
 SHARED_LIBS =	gs	18.2
 SHARED_LIBS +=	gpcl6	18.2
-REVISION =	2
 
 SITES =		https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${VERSION:S/.//g}/
 
@@ -105,6 +104,7 @@ pre-configure:
 	rm -rf ${WRKSRC}/zlib
 
 post-install:
+	rm -f ${PREFIX}/lib/libgpcl6.so{,.${LIBgpcl6_VERSION:R}}
 	rm -f ${PREFIX}/lib/libgs.so{,.${LIBgs_VERSION:R}}
 .if !${FLAVOR:Mgtk}
 	rm -f ${PREFIX}/bin/gsx
Index: distinfo
===================================================================
RCS file: /cvs/ports/print/ghostscript/gnu/distinfo,v
diff -u -p -r1.27 distinfo
--- distinfo	28 Jul 2024 07:59:55 -0000	1.27
+++ distinfo	23 Sep 2024 11:49:36 -0000
@@ -1,2 +1,2 @@
-SHA256 (ghostpdl-10.03.1.tar.xz) = Be7kUmj2uyxhifmkBoXEYIygiUQ6k/KvX1GU2D3DaNs=
-SIZE (ghostpdl-10.03.1.tar.xz) = 73553744
+SHA256 (ghostpdl-10.04.0.tar.xz) = BgP1YpvG9We0VJEdEEzZZwJInJ5w5Xd4eEP0gLI9Snc=
+SIZE (ghostpdl-10.04.0.tar.xz) = 73576724
Index: patches/patch-configure
===================================================================
RCS file: /cvs/ports/print/ghostscript/gnu/patches/patch-configure,v
diff -u -p -r1.8 patch-configure
--- patches/patch-configure	8 Mar 2024 12:19:02 -0000	1.8
+++ patches/patch-configure	23 Sep 2024 11:49:36 -0000
@@ -1,7 +1,7 @@
 Index: configure
 --- configure.orig
 +++ configure
-@@ -13158,8 +13158,8 @@ DLL_EXT=""
+@@ -13210,8 +13210,8 @@ DLL_EXT=""
  SO_LIB_VERSION_SEPARATOR="."
  
  libname1="_SO_BASE)\$(GS_SOEXT)\$(DLL_EXT)"
@@ -12,7 +12,7 @@ Index: configure
  GS_SONAME="lib\$(GS${libname1}"
  GS_SONAME_MAJOR="lib\$(GS${libname2}"
  GS_SONAME_MAJOR_MINOR="lib\$(GS${libname3}"
-@@ -13271,11 +13271,11 @@ case $host in
+@@ -13323,11 +13323,11 @@ case $host in
      ;;
      *bsd*)
        DYNAMIC_CFLAGS="-fPIC $DYNAMIC_CFLAGS"
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/print/ghostscript/gnu/pkg/PLIST,v
diff -u -p -r1.39 PLIST
--- pkg/PLIST	1 Aug 2024 11:34:27 -0000	1.39
+++ pkg/PLIST	23 Sep 2024 11:49:36 -0000
@@ -34,8 +34,6 @@ include/ghostscript/gserrors.h
 include/ghostscript/iapi.h
 include/ghostscript/ierrors.h
 include/ghostscript/plapi.h
-@comment @so lib/libgpcl6.so
-@comment lib/libgpcl6.so.18
 @lib lib/libgpcl6.so.${LIBgpcl6_VERSION}
 @lib lib/libgs.so.${LIBgs_VERSION}
 @man man/man1/dvipdf.1