From mboxrd@z Thu Jan 1 00:00:00 1970 From: Danny Milosavljevic Subject: bug#27563: [PATCH v4 1/3] gnu: ghostscript: Make "/ID" optional, depending on environment variable. Date: Mon, 10 Jul 2017 01:46:42 +0200 Message-ID: <20170709234644.24682-1-dannym@scratchpost.org> References: <20170709234012.26064-1-dannym@scratchpost.org> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54519) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dULuq-0002ZX-RA for bug-guix@gnu.org; Sun, 09 Jul 2017 19:47:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dULuo-0006Oo-ON for bug-guix@gnu.org; Sun, 09 Jul 2017 19:47:04 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:56635) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dULuo-0006Oi-KL for bug-guix@gnu.org; Sun, 09 Jul 2017 19:47:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dULuo-0001go-Dz for bug-guix@gnu.org; Sun, 09 Jul 2017 19:47:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20170709234012.26064-1-dannym@scratchpost.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 27563@debbugs.gnu.org * gnu/packages/patches/ghostscript-no-header-id.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it * gnu/packages/ghostscript.scm (ghostscript): Use it. --- gnu/local.mk | 1 + gnu/packages/ghostscript.scm | 9 +++- .../patches/ghostscript-no-header-id.patch | 49 ++++++++++++++++++++++ 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/ghostscript-no-header-id.patch diff --git a/gnu/local.mk b/gnu/local.mk index 0fe6cdc39..8cbded44e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -619,6 +619,7 @@ dist_patch_DATA = \ %D%/packages/patches/gettext-gnulib-multi-core.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ + %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index b9ba1c081..af565f3e3 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -143,7 +143,8 @@ printing, and psresize, for adjusting page sizes.") (base32 "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) (patches (search-patches "ghostscript-runpath.patch" - "ghostscript-CVE-2017-8291.patch")) + "ghostscript-CVE-2017-8291.patch" + "ghostscript-no-header-id.patch")) (modules '((guix build utils))) (snippet ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so @@ -155,7 +156,11 @@ printing, and psresize, for adjusting page sizes.") "tiff" "zlib")) ;; Get rid of timestamps (remove /CreationDate and /ModDate). (substitute* "devices/vector/gdevpdf.c" - ((", but we do the same") "*/ if (0) /*")))))) + ((", but we do the same") + (string-append "*/ " + "if (!getenv(\"GS_GENERATE_UUIDS\") || " + "(strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"0\") != 0 && " + "strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"no\") != 0)) /*"))))))) (build-system gnu-build-system) (outputs '("out" "doc")) ;19 MiB of HTML/PS doc + examples (arguments diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch new file mode 100644 index 000000000..1e49921ad --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-id.patch @@ -0,0 +1,49 @@ +diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:30:28.960479189 +0200 ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:34:34.306524488 +0200 +@@ -1580,8 +1580,11 @@ + * +1 for the linearisation dict and +1 for the primary hint stream. + */ + linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file); +- gs_sprintf(LDict, "\ntrailer\n<>\nstartxref\r\n0\n%%%%EOF\n \n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, 0); ++ gs_sprintf(LDict, "\ntrailer\n<LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n \n", 0); + fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file); + + /* Write document catalog (Part 4) */ +@@ -2102,8 +2105,11 @@ + * in the missing values. + */ + code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET); +- gs_sprintf(LDict, "\ntrailer\n<>\nstartxref\r\n0\n%%%%EOF\n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref); ++ gs_sprintf(LDict, "\ntrailer\n<LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", mainxref); + fwrite(LDict, strlen(LDict), 1, linear_params->sfile); + + code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET); +@@ -2674,10 +2680,12 @@ + stream_puts(s, "trailer\n"); + pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n", + pdev->next_id, Catalog_id, Info_id); +- stream_puts(s, "/ID ["); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- stream_puts(s, "]\n"); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) { /* ID is mandatory when encrypting */ ++ stream_puts(s, "/ID ["); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ stream_puts(s, "]\n"); ++ } + if (pdev->OwnerPassword.size > 0) { + pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id); + } +Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig.