[bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes].

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes].
@ 2017-10-09 18:45 Leo Famulari
  2017-10-09 20:52 ` Ludovic Courtès
  0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2017-10-09 18:45 UTC (permalink / raw)
  To: 28762

Fixes CVE-2017-{7948,7975,8908,9216,9610,9611,9612,9618,9619,9620,9726,9727,
9739,9740,9835}.

* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript-9.22): New variables.
---
 gnu/packages/ghostscript.scm | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index d5d5aa2df..1e036a5e4 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -131,6 +131,7 @@ printing, and psresize, for adjusting page sizes.")
 (define-public ghostscript
   (package
     (name "ghostscript")
+    (replacement ghostscript-9.22)
     (version "9.21")
     (source
       (origin
@@ -254,6 +255,34 @@ output file formats and printers.")
     (home-page "https://www.ghostscript.com/")
     (license license:agpl3+)))
 
+(define ghostscript-9.22
+  (package
+    (inherit ghostscript)
+    (version "9.22")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/ArtifexSoftware/"
+                            "ghostpdl-downloads/releases/download/gs"
+                            (string-delete #\. version)
+                            "/ghostscript-" version ".tar.xz"))
+        (sha256
+         (base32
+          "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
+        (patches (search-patches "ghostscript-runpath.patch"
+                                 "ghostscript-no-header-creationdate.patch"
+                                 "ghostscript-no-header-id.patch"
+                                 "ghostscript-no-header-uuid.patch"))
+        (modules '((guix build utils)))
+        (snippet
+          ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so
+          ;; we leave it, at least for now.
+          ;; TODO Try unbundling ijs, which is developed alongside Ghostscript.
+         '(begin
+            (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg"
+                                                "lcms2" "libpng"
+                                                "tiff" "zlib"))))))))
+
 (define-public ghostscript/x
   (package/inherit ghostscript
     (name (string-append (package-name ghostscript) "-with-x"))
-- 
2.14.2

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes].
  2017-10-09 18:45 [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes] Leo Famulari
@ 2017-10-09 20:52 ` Ludovic Courtès
  0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2017-10-09 20:52 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 28762

Leo Famulari <leo@famulari.name> skribis:

> Fixes CVE-2017-{7948,7975,8908,9216,9610,9611,9612,9618,9619,9620,9726,9727,
> 9739,9740,9835}.
>
> * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
> (ghostscript-9.22): New variables.

[...]

> +(define ghostscript-9.22
> +  (package
> +    (inherit ghostscript)
> +    (version "9.22")
> +    (source
> +      (origin
> +        (method url-fetch)
> +        (uri (string-append "https://github.com/ArtifexSoftware/"
> +                            "ghostpdl-downloads/releases/download/gs"
> +                            (string-delete #\. version)
> +                            "/ghostscript-" version ".tar.xz"))
> +        (sha256
> +         (base32
> +          "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
> +        (patches (search-patches "ghostscript-runpath.patch"
> +                                 "ghostscript-no-header-creationdate.patch"
> +                                 "ghostscript-no-header-id.patch"
> +                                 "ghostscript-no-header-uuid.patch"))
> +        (modules '((guix build utils)))
> +        (snippet
> +          ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so
> +          ;; we leave it, at least for now.
> +          ;; TODO Try unbundling ijs, which is developed alongside Ghostscript.
> +         '(begin
> +            (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg"
> +                                                "lcms2" "libpng"
> +                                                "tiff" "zlib"))))))))

Maybe:

  (source
    (origin
      (inherit (package-source ghostscript))
      (uri …)
      (sha256 …)
      (patches …)))

It should be slightly more concise.

Otherwise LGTM, thank you!

Ludo’.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-10-09 20:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-09 18:45 [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes] Leo Famulari
2017-10-09 20:52 ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).