A problem with Ghostscript could make it possible to execute
arbitrary commands. The vulnerability exists when GhostScript
is used to process specially formatted PS files.
An attacker can exploit this vulnerability by creating a
malicious PS file which, when processed with GhostScript, will
result in the execution of arbitrary system commands.
Bump version to 7.05p1
ok naddy@
Let ghostscript-encrypt grab its directory directly from aladdin or gnu
ghostscript.
Includes a perfectly sick hack to obtain PDFDIR from those directories:
we do need PORTSDIR at Makefile parsing time, and for that, we just hack
its value from the current Makefile, avoiding endless recursion with
a flag.
Note that this hack is clean though, and doesn't need extra knowledge from
the rest of the ports tree.
Important changes:
- prodded by Nikolay Sturm to do the upgrade,
- Gnu-ghostscript is now 5.50, packaging changed slightly,
- most patches have been integrated,
- use MAKE_FLAGS to remove Makefile patches and gnu-make dependency,
- pull pdf_encrypt out from the main package so that gs can be distributed
on CD-Rom,
- simplify DEVICE_DEVS (get list from NetBSD), removed interactive script
for now, as it wasn't reliably upgraded,
- infrastructure allows for Aladdin ghostscript along-side.
