From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: Re: [PATCH] gnu: mupdf: Fix some security problems in bundled mujs. Date: Sun, 15 Jan 2017 20:05:48 +0100 Message-ID: <87lgucxhwz.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> References: <20170112180655.1588-1-mbakke@fastmail.com> <20170112183017.GB23706@jasmine> <87wpe05adv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170112200346.GA11411@jasmine> <87shonai6b.fsf@netris.org> <20170115184717.GA29718@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44140) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cSq7r-0004d1-0v for guix-devel@gnu.org; Sun, 15 Jan 2017 14:06:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cSq7m-0005KP-7m for guix-devel@gnu.org; Sun, 15 Jan 2017 14:05:58 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:35871) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cSq7m-0005Je-1s for guix-devel@gnu.org; Sun, 15 Jan 2017 14:05:54 -0500 In-Reply-To: <20170115184717.GA29718@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari , Mark H Weaver Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Thu, Jan 12, 2017 at 07:59:40PM -0500, Mark H Weaver wrote: >> Here's what we can do: in addition to mupdf itself, we can also add a >> graft for cups-filters (our only package that includes mupdf as an >> input). The replacement for cups-filters would change its mupdf input >> to refer directly to the fixed version of mupdf. >>=20 >> What do you think? > > I've attached two patches that should do this. Thanks for doing this! =20=20 > +(define cups-filters/fixed > + (package > + (inherit cups-filters) > + (inputs > + `(("avahi" ,avahi) > + ("fontconfig" ,fontconfig) > + ("freetype" ,freetype) > + ("font-dejavu" ,font-dejavu) ; also needed by test suite > + ("ghostscript" ,(force ghostscript/cups)) > + ("ijs" ,ijs) > + ("dbus" ,dbus) > + ("lcms" ,lcms) > + ("libjpeg" ,libjpeg) > + ("libpng" ,libpng) > + ("libtiff" ,libtiff) > + ("mupdf" ,(@@ (gnu packages pdf) mupdf/fixed)) > + ("glib" ,glib) > + ("qpdf" ,qpdf) > + ("poppler" ,poppler) > + ("cups-minimal" ,cups-minimal))))) Is it possible to use the 'package-input-rewriting' procedure here? See example at the end of section 5.1.0: https://www.gnu.org/software/guix/manual/guix.html#Defining-Packages Otherwise this LGTM, thanks a lot! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlh7yAwACgkQoqBt8qM6 VPo0mAgA1dJx7B7Go94SAfgMTBIlkLIFrduQJu+2g45dE3nqTh5+GLy7qxOGU+PB kbrgTxf8ggQM6yqNQmsBJqYDrQlxezD2/4kZ1gXIgRFmmTjm/QRGlCthT960WvCM kZkhJ9YvkzgD6w3DJ3qAMmVzFUXKtnkyu2roNtgYcwsfOtYpeoStp53bvY2mcSku XrcDVk3srJfpxxbYw61hO7/cL8CzBbCboiv3b40ZiTPDQ78kKocYGbh6XH6ZrRDT lodk7kRew1JUMxtbfYKuZISZdIUpjKNKTIaO/kjNp0OcEWQJRgKQ+0CKwQbkyxz7 3/znod2JOBGHiEtsUBhLDDu25klYyg== =ZXhw -----END PGP SIGNATURE----- --=-=-=--