#3150: Ghostscript-9.00
--------------------------------------+-------------------------------------
Reporter: k...@… | Owner: k...@…
Type: task | Status: assigned
Priority: normal | Milestone: 6.7
Component: BOOK | Version: SVN
Severity: normal | Keywords:
--------------------------------------+-------------------------------------
Comment(by k...@…):
These packages that include copies of other things are hard. I'm
increasingly forming the view that where ghostscript includes a library
that is a copy of one from elsewhere, we ought to *recommend* the system
version so that people have a chance of fixing vulnerabilities.
So, libpng, jpeg, lcms1, expat, freetype, zlib, tiff and even jasper
should be recommended. The internal copy of lcms1 appears to have been
patched up to date, but who knows what the future will hold. The internal
tiff (3.9.2) has *some* patches, but I can't confirm if all the known
vulnerabilities have been fixed (some were only reported against
opensuse/novell and I can't find how they fixed them).
This adds a shedload of dependencies, but since we are specifically
building the x11 driver I suppose they aren't excessive.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3150#comment:37>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
