unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#46566] [PATCH 0/2 core-updates] ghostscript update
@ 2021-02-16 19:11 Vincent Legoll
  2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
                   ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:11 UTC (permalink / raw)
  To: 46566

The following patches will update ghostscript
and its new input jbig2dec.

I rebuilt some dependents successfully until my
storage was full.

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19.
  2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll
@ 2021-02-16 19:12 ` Vincent Legoll
  2021-02-16 19:12   ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
       [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
  2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
  2 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:12 UTC (permalink / raw)
  To: 46566; +Cc: Vincent Legoll

* gnu/packages/image.scm (jbig2dec): Update to 0.19.
---
 gnu/packages/image.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 958f1dcc59..6dff48bd87 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -674,15 +674,15 @@ arithmetic ops.")
 (define-public jbig2dec
   (package
     (name "jbig2dec")
-    (version "0.18")
+    (version "0.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/ArtifexSoftware"
                                   "/ghostpdl-downloads/releases/download"
-                                  "/gs951/" name "-" version ".tar.gz"))
+                                  "/gs9533/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy"))))
+                "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--disable-static")
                  #:phases (modify-phases %standard-phases
-- 
2.30.0





^ permalink raw reply related	[flat|nested] 10+ messages in thread

* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
  2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
@ 2021-02-16 19:12   ` Vincent Legoll
  2021-02-20 18:25     ` Leo Famulari
  0 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:12 UTC (permalink / raw)
  To: 46566; +Cc: Vincent Legoll

* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source](patches): Remove it.
[native-inputs]: Add jbig2dec.
---
 gnu/local.mk                                  |  1 -
 gnu/packages/ghostscript.scm                  |  6 ++--
 .../patches/ghostscript-CVE-2020-15900.patch  | 36 -------------------
 3 files changed, 3 insertions(+), 40 deletions(-)
 delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index b9757fe69e..3caa6c6fc9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1061,7 +1061,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ghc-monad-par-fix-tests.patch		\
   %D%/packages/patches/ghc-pandoc-fix-html-tests.patch		\
   %D%/packages/patches/ghc-pandoc-fix-latex-test.patch		\
-  %D%/packages/patches/ghostscript-CVE-2020-15900.patch		\
   %D%/packages/patches/ghostscript-freetype-compat.patch	\
   %D%/packages/patches/ghostscript-no-header-id.patch		\
   %D%/packages/patches/ghostscript-no-header-uuid.patch		\
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 19430d315a..53a631b095 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.")
 (define-public ghostscript
   (package
     (name "ghostscript")
-    (version "9.52")
+    (version "9.53.3")
     (source
       (origin
         (method url-fetch)
@@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.")
                             "/ghostscript-" version ".tar.xz"))
         (sha256
          (base32
-          "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
+          "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww"))
         (patches (search-patches "ghostscript-freetype-compat.patch"
-                                 "ghostscript-CVE-2020-15900.patch"
                                  "ghostscript-no-header-creationdate.patch"
                                  "ghostscript-no-header-id.patch"
                                  "ghostscript-no-header-uuid.patch"))
@@ -271,6 +270,7 @@ printing, and psresize, for adjusting page sizes.")
        ("pkg-config" ,pkg-config)       ;needed for freetype
        ("python" ,python-minimal-wrapper)
        ("tcl" ,tcl)
+       ("jbig2dec" ,jbig2dec)
 
        ;; When cross-compiling, some of the natively-built tools require all
        ;; these libraries.
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
deleted file mode 100644
index b6658d7c7f..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2020-15900.
-
-https://cve.circl.lu/cve/CVE-2020-15900
-https://artifex.com/security-advisories/CVE-2020-15900
-
-Taken from upstream:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
-
-diff --git a/psi/zstring.c b/psi/zstring.c
---- a/psi/zstring.c
-+++ b/psi/zstring.c
-@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
-     return 0;
- found:
-     op->tas.type_attrs = op1->tas.type_attrs;
--    op->value.bytes = ptr;
--    r_set_size(op, size);
-+    op->value.bytes = ptr;				/* match */
-+    op->tas.rsize = size;				/* match */
-     push(2);
--    op[-1] = *op1;
--    r_set_size(op - 1, ptr - op[-1].value.bytes);
--    op1->value.bytes = ptr + size;
--    r_set_size(op1, count + (!forward ? (size - 1) : 0));
-+    op[-1] = *op1;					/* pre */
-+    op[-3].value.bytes = ptr + size;			/* post */
-+    if (forward) {
-+        op[-1].tas.rsize = ptr - op[-1].value.bytes;	/* pre */
-+        op[-3].tas.rsize = count;			/* post */
-+    } else {
-+        op[-1].tas.rsize = count;			/* pre */
-+        op[-3].tas.rsize -= count + size;		/* post */
-+    }
-     make_true(op);
-     return 0;
- }
-- 
2.30.0





^ permalink raw reply related	[flat|nested] 10+ messages in thread

* [bug#46566] Acknowledgement ([PATCH 0/2 core-updates] ghostscript update)
       [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
@ 2021-02-16 19:14   ` Vincent Legoll
  0 siblings, 0 replies; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:14 UTC (permalink / raw)
  To: 46566

The removed patch is in the new version (it was
extracted from the repository to begin with)

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
  2021-02-16 19:12   ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
@ 2021-02-20 18:25     ` Leo Famulari
  2021-02-20 19:08       ` Vincent Legoll
  0 siblings, 1 reply; 10+ messages in thread
From: Leo Famulari @ 2021-02-20 18:25 UTC (permalink / raw)
  To: Vincent Legoll; +Cc: 46566

On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote:
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
> * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source](patches): Remove it.
> [native-inputs]: Add jbig2dec.

Thanks!

$ guix show jbig2dec | grep synopsis
synopsis: Decoder of the JBIG2 image compression format 

It seems like it would be a run-time dependency, not just something used
to build ghostscript. In that case it would be an 'input', not a
'native-input'. What do you think?

Also, the idiomatic commit message would be like this:

------
gnu: ghostscript: Update to 9.53.3.

* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
[native-inputs]: Add jbig2dec.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
------




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
  2021-02-20 18:25     ` Leo Famulari
@ 2021-02-20 19:08       ` Vincent Legoll
  2021-02-20 21:09         ` Vincent Legoll
  0 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 19:08 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 46566

On Sat, Feb 20, 2021 at 7:25 PM Leo Famulari <leo@famulari.name> wrote:
> On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote:
> > * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
> > * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
> > * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> > [source](patches): Remove it.
> > [native-inputs]: Add jbig2dec.
>
> Thanks!
>
> $ guix show jbig2dec | grep synopsis
> synopsis: Decoder of the JBIG2 image compression format
>
> It seems like it would be a run-time dependency, not just something used
> to build ghostscript. In that case it would be an 'input', not a
> 'native-input'. What do you think?
>
> Also, the idiomatic commit message would be like this:
>
> ------
> gnu: ghostscript: Update to 9.53.3.
>
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
> [native-inputs]: Add jbig2dec.
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.
> ------

Thanks, I'll double check and update the patch & commitmsg.

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
  2021-02-20 19:08       ` Vincent Legoll
@ 2021-02-20 21:09         ` Vincent Legoll
  0 siblings, 0 replies; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 21:09 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 46566

OK, now that I've looked at it some more, the
native-input addition was a mistake (jbig2dec
was already in inputs, which is how I knew it
needed to be updated for gs-9.5.53 in the
first place).

So sorry for that, the following has that fixed
and your commit msg.

Thanks

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19.
  2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll
  2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
       [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
@ 2021-02-20 21:10 ` Vincent Legoll
  2021-02-20 21:10   ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
  2 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 21:10 UTC (permalink / raw)
  To: 46566; +Cc: Vincent Legoll

* gnu/packages/image.scm (jbig2dec): Update to 0.19.
---
 gnu/packages/image.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 958f1dcc59..6dff48bd87 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -674,15 +674,15 @@ arithmetic ops.")
 (define-public jbig2dec
   (package
     (name "jbig2dec")
-    (version "0.18")
+    (version "0.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/ArtifexSoftware"
                                   "/ghostpdl-downloads/releases/download"
-                                  "/gs951/" name "-" version ".tar.gz"))
+                                  "/gs9533/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy"))))
+                "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--disable-static")
                  #:phases (modify-phases %standard-phases
-- 
2.30.0





^ permalink raw reply related	[flat|nested] 10+ messages in thread

* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
  2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
@ 2021-02-20 21:10   ` Vincent Legoll
  2021-02-20 22:39     ` bug#46566: " Leo Famulari
  0 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 21:10 UTC (permalink / raw)
  To: 46566; +Cc: Vincent Legoll

* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                  |  1 -
 gnu/packages/ghostscript.scm                  |  5 ++-
 .../patches/ghostscript-CVE-2020-15900.patch  | 36 -------------------
 3 files changed, 2 insertions(+), 40 deletions(-)
 delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index b9757fe69e..3caa6c6fc9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1061,7 +1061,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ghc-monad-par-fix-tests.patch		\
   %D%/packages/patches/ghc-pandoc-fix-html-tests.patch		\
   %D%/packages/patches/ghc-pandoc-fix-latex-test.patch		\
-  %D%/packages/patches/ghostscript-CVE-2020-15900.patch		\
   %D%/packages/patches/ghostscript-freetype-compat.patch	\
   %D%/packages/patches/ghostscript-no-header-id.patch		\
   %D%/packages/patches/ghostscript-no-header-uuid.patch		\
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 19430d315a..2a13cbd83f 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.")
 (define-public ghostscript
   (package
     (name "ghostscript")
-    (version "9.52")
+    (version "9.53.3")
     (source
       (origin
         (method url-fetch)
@@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.")
                             "/ghostscript-" version ".tar.xz"))
         (sha256
          (base32
-          "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
+          "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww"))
         (patches (search-patches "ghostscript-freetype-compat.patch"
-                                 "ghostscript-CVE-2020-15900.patch"
                                  "ghostscript-no-header-creationdate.patch"
                                  "ghostscript-no-header-id.patch"
                                  "ghostscript-no-header-uuid.patch"))
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
deleted file mode 100644
index b6658d7c7f..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2020-15900.
-
-https://cve.circl.lu/cve/CVE-2020-15900
-https://artifex.com/security-advisories/CVE-2020-15900
-
-Taken from upstream:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
-
-diff --git a/psi/zstring.c b/psi/zstring.c
---- a/psi/zstring.c
-+++ b/psi/zstring.c
-@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
-     return 0;
- found:
-     op->tas.type_attrs = op1->tas.type_attrs;
--    op->value.bytes = ptr;
--    r_set_size(op, size);
-+    op->value.bytes = ptr;				/* match */
-+    op->tas.rsize = size;				/* match */
-     push(2);
--    op[-1] = *op1;
--    r_set_size(op - 1, ptr - op[-1].value.bytes);
--    op1->value.bytes = ptr + size;
--    r_set_size(op1, count + (!forward ? (size - 1) : 0));
-+    op[-1] = *op1;					/* pre */
-+    op[-3].value.bytes = ptr + size;			/* post */
-+    if (forward) {
-+        op[-1].tas.rsize = ptr - op[-1].value.bytes;	/* pre */
-+        op[-3].tas.rsize = count;			/* post */
-+    } else {
-+        op[-1].tas.rsize = count;			/* pre */
-+        op[-3].tas.rsize -= count + size;		/* post */
-+    }
-     make_true(op);
-     return 0;
- }
-- 
2.30.0





^ permalink raw reply related	[flat|nested] 10+ messages in thread

* bug#46566: [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
  2021-02-20 21:10   ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
@ 2021-02-20 22:39     ` Leo Famulari
  0 siblings, 0 replies; 10+ messages in thread
From: Leo Famulari @ 2021-02-20 22:39 UTC (permalink / raw)
  To: Vincent Legoll; +Cc: 46566-done

On Sat, Feb 20, 2021 at 10:10:09PM +0100, Vincent Legoll wrote:
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.

Thanks for the revised patches! Pushed as
f49c13f1833f0db5a5ddcb751c16f6e9ed56355f




^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-02-20 22:40 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll
2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
2021-02-16 19:12   ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
2021-02-20 18:25     ` Leo Famulari
2021-02-20 19:08       ` Vincent Legoll
2021-02-20 21:09         ` Vincent Legoll
     [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
2021-02-16 19:14   ` [bug#46566] Acknowledgement ([PATCH 0/2 core-updates] ghostscript update) Vincent Legoll
2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
2021-02-20 21:10   ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
2021-02-20 22:39     ` bug#46566: " Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).