#3150: ghostscript-9.00
--------------------------------------+-------------------------------------
Reporter: k...@… | Owner: k...@…
Type: task | Status: assigned
Priority: normal | Milestone: 6.7
Component: BOOK | Version: SVN
Severity: normal | Keywords:
--------------------------------------+-------------------------------------
Comment(by k...@…):
System jasper *does* need a patch - I installed jasper in /usr/local on my
other box, and watched the gs build blow up in my face. I have a patch
originally from fedora, not yet tested.
I'm interested in using system libs - debian apparently do that, but I
haven't yet checked their details.
Debian *do* apply a one-liner to use vsnprintf instead of vsprintf in
base/gsmisc.c [ claimed to be CVE-2009-4270 ]. Gentoo use a much larger
patch, from fedora. I've now managed to get connected to fedora gitweb [
generally, that site is overloaded ] and it is described as "to harden the
debugging output functions" which makes it sound good but not essential.
I'll need to check mitre.
For jbig2, won't most of our users *not* have a system version ? Fedora
have another patch to fix a null pointer dereference in the internal jbig2
code.
For ijs, I thought the only source was from a version of ghostscript ?
I'm also of the opinion it should now be called merely 'ghostscript'
instead of 'GPL ghostscript' in the book.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3150#comment:4>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
