* [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes].
@ 2017-10-09 18:45 Leo Famulari
2017-10-09 20:52 ` Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2017-10-09 18:45 UTC (permalink / raw)
To: 28762
Fixes CVE-2017-{7948,7975,8908,9216,9610,9611,9612,9618,9619,9620,9726,9727,
9739,9740,9835}.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript-9.22): New variables.
---
gnu/packages/ghostscript.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index d5d5aa2df..1e036a5e4 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -131,6 +131,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
+ (replacement ghostscript-9.22)
(version "9.21")
(source
(origin
@@ -254,6 +255,34 @@ output file formats and printers.")
(home-page "https://www.ghostscript.com/")
(license license:agpl3+)))
+(define ghostscript-9.22
+ (package
+ (inherit ghostscript)
+ (version "9.22")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/ArtifexSoftware/"
+ "ghostpdl-downloads/releases/download/gs"
+ (string-delete #\. version)
+ "/ghostscript-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
+ (patches (search-patches "ghostscript-runpath.patch"
+ "ghostscript-no-header-creationdate.patch"
+ "ghostscript-no-header-id.patch"
+ "ghostscript-no-header-uuid.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so
+ ;; we leave it, at least for now.
+ ;; TODO Try unbundling ijs, which is developed alongside Ghostscript.
+ '(begin
+ (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg"
+ "lcms2" "libpng"
+ "tiff" "zlib"))))))))
+
(define-public ghostscript/x
(package/inherit ghostscript
(name (string-append (package-name ghostscript) "-with-x"))
--
2.14.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes].
2017-10-09 18:45 [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes] Leo Famulari
@ 2017-10-09 20:52 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2017-10-09 20:52 UTC (permalink / raw)
To: Leo Famulari; +Cc: 28762
Leo Famulari <leo@famulari.name> skribis:
> Fixes CVE-2017-{7948,7975,8908,9216,9610,9611,9612,9618,9619,9620,9726,9727,
> 9739,9740,9835}.
>
> * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
> (ghostscript-9.22): New variables.
[...]
> +(define ghostscript-9.22
> + (package
> + (inherit ghostscript)
> + (version "9.22")
> + (source
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://github.com/ArtifexSoftware/"
> + "ghostpdl-downloads/releases/download/gs"
> + (string-delete #\. version)
> + "/ghostscript-" version ".tar.xz"))
> + (sha256
> + (base32
> + "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
> + (patches (search-patches "ghostscript-runpath.patch"
> + "ghostscript-no-header-creationdate.patch"
> + "ghostscript-no-header-id.patch"
> + "ghostscript-no-header-uuid.patch"))
> + (modules '((guix build utils)))
> + (snippet
> + ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so
> + ;; we leave it, at least for now.
> + ;; TODO Try unbundling ijs, which is developed alongside Ghostscript.
> + '(begin
> + (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg"
> + "lcms2" "libpng"
> + "tiff" "zlib"))))))))
Maybe:
(source
(origin
(inherit (package-source ghostscript))
(uri …)
(sha256 …)
(patches …)))
It should be slightly more concise.
Otherwise LGTM, thank you!
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-10-09 20:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-09 18:45 [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes] Leo Famulari
2017-10-09 20:52 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).