From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53004)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e1f3r-0002m6-A1
	for guix-patches@gnu.org; Mon, 09 Oct 2017 16:54:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e1f3q-0006Ag-AX
	for guix-patches@gnu.org; Mon, 09 Oct 2017 16:54:03 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:50013)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1e1f3q-0006AY-6c
	for guix-patches@gnu.org; Mon, 09 Oct 2017 16:54:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e1f3p-0008Vb-VR
	for guix-patches@gnu.org; Mon, 09 Oct 2017 16:54:02 -0400
Subject: [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security
	fixes].
Resent-Message-ID: <handler.28762.B28762.150758239032632@debbugs.gnu.org>
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
References: <b1b2e35d4f9d68d8200757c60c69962fb8dff6d1.1507574751.git.leo@famulari.name>
Date: Mon, 09 Oct 2017 22:52:58 +0200
In-Reply-To: <b1b2e35d4f9d68d8200757c60c69962fb8dff6d1.1507574751.git.leo@famulari.name>
	(Leo Famulari's message of "Mon, 9 Oct 2017 14:45:51 -0400")
Message-ID: <874lr8qc0l.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: 28762@debbugs.gnu.org

Leo Famulari <leo@famulari.name> skribis:

> Fixes CVE-2017-{7948,7975,8908,9216,9610,9611,9612,9618,9619,9620,9726,97=
27,
> 9739,9740,9835}.
>
> * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
> (ghostscript-9.22): New variables.

[...]

> +(define ghostscript-9.22
> +  (package
> +    (inherit ghostscript)
> +    (version "9.22")
> +    (source
> +      (origin
> +        (method url-fetch)
> +        (uri (string-append "https://github.com/ArtifexSoftware/"
> +                            "ghostpdl-downloads/releases/download/gs"
> +                            (string-delete #\. version)
> +                            "/ghostscript-" version ".tar.xz"))
> +        (sha256
> +         (base32
> +          "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
> +        (patches (search-patches "ghostscript-runpath.patch"
> +                                 "ghostscript-no-header-creationdate.pat=
ch"
> +                                 "ghostscript-no-header-id.patch"
> +                                 "ghostscript-no-header-uuid.patch"))
> +        (modules '((guix build utils)))
> +        (snippet
> +          ;; Remove bundled libraries. The bundled OpenJPEG is a patched=
 fork so
> +          ;; we leave it, at least for now.
> +          ;; TODO Try unbundling ijs, which is developed alongside Ghost=
script.
> +         '(begin
> +            (for-each delete-file-recursively '("freetype" "jbig2dec" "j=
peg"
> +                                                "lcms2" "libpng"
> +                                                "tiff" "zlib"))))))))

Maybe:

  (source
    (origin
      (inherit (package-source ghostscript))
      (uri =E2=80=A6)
      (sha256 =E2=80=A6)
      (patches =E2=80=A6)))

It should be slightly more concise.

Otherwise LGTM, thank you!

Ludo=E2=80=99.