* [bug#46566] [PATCH 0/2 core-updates] ghostscript update @ 2021-02-16 19:11 Vincent Legoll 2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll ` (2 more replies) 0 siblings, 3 replies; 10+ messages in thread From: Vincent Legoll @ 2021-02-16 19:11 UTC (permalink / raw) To: 46566 The following patches will update ghostscript and its new input jbig2dec. I rebuilt some dependents successfully until my storage was full. -- Vincent Legoll ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19. 2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll @ 2021-02-16 19:12 ` Vincent Legoll 2021-02-16 19:12 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org> 2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll 2 siblings, 1 reply; 10+ messages in thread From: Vincent Legoll @ 2021-02-16 19:12 UTC (permalink / raw) To: 46566; +Cc: Vincent Legoll * gnu/packages/image.scm (jbig2dec): Update to 0.19. --- gnu/packages/image.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 958f1dcc59..6dff48bd87 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -674,15 +674,15 @@ arithmetic ops.") (define-public jbig2dec (package (name "jbig2dec") - (version "0.18") + (version "0.19") (source (origin (method url-fetch) (uri (string-append "https://github.com/ArtifexSoftware" "/ghostpdl-downloads/releases/download" - "/gs951/" name "-" version ".tar.gz")) + "/gs9533/" name "-" version ".tar.gz")) (sha256 (base32 - "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy")))) + "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--disable-static") #:phases (modify-phases %standard-phases -- 2.30.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3. 2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll @ 2021-02-16 19:12 ` Vincent Legoll 2021-02-20 18:25 ` Leo Famulari 0 siblings, 1 reply; 10+ messages in thread From: Vincent Legoll @ 2021-02-16 19:12 UTC (permalink / raw) To: 46566; +Cc: Vincent Legoll * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3. [source](patches): Remove it. [native-inputs]: Add jbig2dec. --- gnu/local.mk | 1 - gnu/packages/ghostscript.scm | 6 ++-- .../patches/ghostscript-CVE-2020-15900.patch | 36 ------------------- 3 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch diff --git a/gnu/local.mk b/gnu/local.mk index b9757fe69e..3caa6c6fc9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1061,7 +1061,6 @@ dist_patch_DATA = \ %D%/packages/patches/ghc-monad-par-fix-tests.patch \ %D%/packages/patches/ghc-pandoc-fix-html-tests.patch \ %D%/packages/patches/ghc-pandoc-fix-latex-test.patch \ - %D%/packages/patches/ghostscript-CVE-2020-15900.patch \ %D%/packages/patches/ghostscript-freetype-compat.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 19430d315a..53a631b095 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") - (version "9.52") + (version "9.53.3") (source (origin (method url-fetch) @@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.") "/ghostscript-" version ".tar.xz")) (sha256 (base32 - "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p")) + "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww")) (patches (search-patches "ghostscript-freetype-compat.patch" - "ghostscript-CVE-2020-15900.patch" "ghostscript-no-header-creationdate.patch" "ghostscript-no-header-id.patch" "ghostscript-no-header-uuid.patch")) @@ -271,6 +270,7 @@ printing, and psresize, for adjusting page sizes.") ("pkg-config" ,pkg-config) ;needed for freetype ("python" ,python-minimal-wrapper) ("tcl" ,tcl) + ("jbig2dec" ,jbig2dec) ;; When cross-compiling, some of the natively-built tools require all ;; these libraries. diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch deleted file mode 100644 index b6658d7c7f..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2020-15900. - -https://cve.circl.lu/cve/CVE-2020-15900 -https://artifex.com/security-advisories/CVE-2020-15900 - -Taken from upstream: -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b - -diff --git a/psi/zstring.c b/psi/zstring.c ---- a/psi/zstring.c -+++ b/psi/zstring.c -@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward) - return 0; - found: - op->tas.type_attrs = op1->tas.type_attrs; -- op->value.bytes = ptr; -- r_set_size(op, size); -+ op->value.bytes = ptr; /* match */ -+ op->tas.rsize = size; /* match */ - push(2); -- op[-1] = *op1; -- r_set_size(op - 1, ptr - op[-1].value.bytes); -- op1->value.bytes = ptr + size; -- r_set_size(op1, count + (!forward ? (size - 1) : 0)); -+ op[-1] = *op1; /* pre */ -+ op[-3].value.bytes = ptr + size; /* post */ -+ if (forward) { -+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ -+ op[-3].tas.rsize = count; /* post */ -+ } else { -+ op[-1].tas.rsize = count; /* pre */ -+ op[-3].tas.rsize -= count + size; /* post */ -+ } - make_true(op); - return 0; - } -- 2.30.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3. 2021-02-16 19:12 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll @ 2021-02-20 18:25 ` Leo Famulari 2021-02-20 19:08 ` Vincent Legoll 0 siblings, 1 reply; 10+ messages in thread From: Leo Famulari @ 2021-02-20 18:25 UTC (permalink / raw) To: Vincent Legoll; +Cc: 46566 On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote: > * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file. > * gnu/local.mk (dist_patch_DATA): Adjust accordingly. > * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3. > [source](patches): Remove it. > [native-inputs]: Add jbig2dec. Thanks! $ guix show jbig2dec | grep synopsis synopsis: Decoder of the JBIG2 image compression format It seems like it would be a run-time dependency, not just something used to build ghostscript. In that case it would be an 'input', not a 'native-input'. What do you think? Also, the idiomatic commit message would be like this: ------ gnu: ghostscript: Update to 9.53.3. * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3. [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'. [native-inputs]: Add jbig2dec. * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. ------ ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3. 2021-02-20 18:25 ` Leo Famulari @ 2021-02-20 19:08 ` Vincent Legoll 2021-02-20 21:09 ` Vincent Legoll 0 siblings, 1 reply; 10+ messages in thread From: Vincent Legoll @ 2021-02-20 19:08 UTC (permalink / raw) To: Leo Famulari; +Cc: 46566 On Sat, Feb 20, 2021 at 7:25 PM Leo Famulari <leo@famulari.name> wrote: > On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote: > > * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file. > > * gnu/local.mk (dist_patch_DATA): Adjust accordingly. > > * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3. > > [source](patches): Remove it. > > [native-inputs]: Add jbig2dec. > > Thanks! > > $ guix show jbig2dec | grep synopsis > synopsis: Decoder of the JBIG2 image compression format > > It seems like it would be a run-time dependency, not just something used > to build ghostscript. In that case it would be an 'input', not a > 'native-input'. What do you think? > > Also, the idiomatic commit message would be like this: > > ------ > gnu: ghostscript: Update to 9.53.3. > > * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3. > [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'. > [native-inputs]: Add jbig2dec. > * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file. > * gnu/local.mk (dist_patch_DATA): Remove it. > ------ Thanks, I'll double check and update the patch & commitmsg. -- Vincent Legoll ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3. 2021-02-20 19:08 ` Vincent Legoll @ 2021-02-20 21:09 ` Vincent Legoll 0 siblings, 0 replies; 10+ messages in thread From: Vincent Legoll @ 2021-02-20 21:09 UTC (permalink / raw) To: Leo Famulari; +Cc: 46566 OK, now that I've looked at it some more, the native-input addition was a mistake (jbig2dec was already in inputs, which is how I knew it needed to be updated for gs-9.5.53 in the first place). So sorry for that, the following has that fixed and your commit msg. Thanks -- Vincent Legoll ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <handler.46566.B.16135026945784.ack@debbugs.gnu.org>]
* [bug#46566] Acknowledgement ([PATCH 0/2 core-updates] ghostscript update) [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org> @ 2021-02-16 19:14 ` Vincent Legoll 0 siblings, 0 replies; 10+ messages in thread From: Vincent Legoll @ 2021-02-16 19:14 UTC (permalink / raw) To: 46566 The removed patch is in the new version (it was extracted from the repository to begin with) -- Vincent Legoll ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19. 2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll 2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org> @ 2021-02-20 21:10 ` Vincent Legoll 2021-02-20 21:10 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll 2 siblings, 1 reply; 10+ messages in thread From: Vincent Legoll @ 2021-02-20 21:10 UTC (permalink / raw) To: 46566; +Cc: Vincent Legoll * gnu/packages/image.scm (jbig2dec): Update to 0.19. --- gnu/packages/image.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 958f1dcc59..6dff48bd87 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -674,15 +674,15 @@ arithmetic ops.") (define-public jbig2dec (package (name "jbig2dec") - (version "0.18") + (version "0.19") (source (origin (method url-fetch) (uri (string-append "https://github.com/ArtifexSoftware" "/ghostpdl-downloads/releases/download" - "/gs951/" name "-" version ".tar.gz")) + "/gs9533/" name "-" version ".tar.gz")) (sha256 (base32 - "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy")))) + "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--disable-static") #:phases (modify-phases %standard-phases -- 2.30.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3. 2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll @ 2021-02-20 21:10 ` Vincent Legoll 2021-02-20 22:39 ` bug#46566: " Leo Famulari 0 siblings, 1 reply; 10+ messages in thread From: Vincent Legoll @ 2021-02-20 21:10 UTC (permalink / raw) To: 46566; +Cc: Vincent Legoll * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3. [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'. * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/ghostscript.scm | 5 ++- .../patches/ghostscript-CVE-2020-15900.patch | 36 ------------------- 3 files changed, 2 insertions(+), 40 deletions(-) delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch diff --git a/gnu/local.mk b/gnu/local.mk index b9757fe69e..3caa6c6fc9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1061,7 +1061,6 @@ dist_patch_DATA = \ %D%/packages/patches/ghc-monad-par-fix-tests.patch \ %D%/packages/patches/ghc-pandoc-fix-html-tests.patch \ %D%/packages/patches/ghc-pandoc-fix-latex-test.patch \ - %D%/packages/patches/ghostscript-CVE-2020-15900.patch \ %D%/packages/patches/ghostscript-freetype-compat.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 19430d315a..2a13cbd83f 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") - (version "9.52") + (version "9.53.3") (source (origin (method url-fetch) @@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.") "/ghostscript-" version ".tar.xz")) (sha256 (base32 - "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p")) + "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww")) (patches (search-patches "ghostscript-freetype-compat.patch" - "ghostscript-CVE-2020-15900.patch" "ghostscript-no-header-creationdate.patch" "ghostscript-no-header-id.patch" "ghostscript-no-header-uuid.patch")) diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch deleted file mode 100644 index b6658d7c7f..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2020-15900. - -https://cve.circl.lu/cve/CVE-2020-15900 -https://artifex.com/security-advisories/CVE-2020-15900 - -Taken from upstream: -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b - -diff --git a/psi/zstring.c b/psi/zstring.c ---- a/psi/zstring.c -+++ b/psi/zstring.c -@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward) - return 0; - found: - op->tas.type_attrs = op1->tas.type_attrs; -- op->value.bytes = ptr; -- r_set_size(op, size); -+ op->value.bytes = ptr; /* match */ -+ op->tas.rsize = size; /* match */ - push(2); -- op[-1] = *op1; -- r_set_size(op - 1, ptr - op[-1].value.bytes); -- op1->value.bytes = ptr + size; -- r_set_size(op1, count + (!forward ? (size - 1) : 0)); -+ op[-1] = *op1; /* pre */ -+ op[-3].value.bytes = ptr + size; /* post */ -+ if (forward) { -+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ -+ op[-3].tas.rsize = count; /* post */ -+ } else { -+ op[-1].tas.rsize = count; /* pre */ -+ op[-3].tas.rsize -= count + size; /* post */ -+ } - make_true(op); - return 0; - } -- 2.30.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* bug#46566: [PATCH 2/2] gnu: ghostscript: Update to 9.53.3. 2021-02-20 21:10 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll @ 2021-02-20 22:39 ` Leo Famulari 0 siblings, 0 replies; 10+ messages in thread From: Leo Famulari @ 2021-02-20 22:39 UTC (permalink / raw) To: Vincent Legoll; +Cc: 46566-done On Sat, Feb 20, 2021 at 10:10:09PM +0100, Vincent Legoll wrote: > * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3. > [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'. > * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file. > * gnu/local.mk (dist_patch_DATA): Remove it. Thanks for the revised patches! Pushed as f49c13f1833f0db5a5ddcb751c16f6e9ed56355f ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-02-20 22:40 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll 2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll 2021-02-16 19:12 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll 2021-02-20 18:25 ` Leo Famulari 2021-02-20 19:08 ` Vincent Legoll 2021-02-20 21:09 ` Vincent Legoll [not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org> 2021-02-16 19:14 ` [bug#46566] Acknowledgement ([PATCH 0/2 core-updates] ghostscript update) Vincent Legoll 2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll 2021-02-20 21:10 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll 2021-02-20 22:39 ` bug#46566: " Leo Famulari
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).