* [bug#46566] [PATCH 0/2 core-updates] ghostscript update
@ 2021-02-16 19:11 Vincent Legoll
2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:11 UTC (permalink / raw)
To: 46566
The following patches will update ghostscript
and its new input jbig2dec.
I rebuilt some dependents successfully until my
storage was full.
--
Vincent Legoll
^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19.
2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll
@ 2021-02-16 19:12 ` Vincent Legoll
2021-02-16 19:12 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
[not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
2 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:12 UTC (permalink / raw)
To: 46566; +Cc: Vincent Legoll
* gnu/packages/image.scm (jbig2dec): Update to 0.19.
---
gnu/packages/image.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 958f1dcc59..6dff48bd87 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -674,15 +674,15 @@ arithmetic ops.")
(define-public jbig2dec
(package
(name "jbig2dec")
- (version "0.18")
+ (version "0.19")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/ArtifexSoftware"
"/ghostpdl-downloads/releases/download"
- "/gs951/" name "-" version ".tar.gz"))
+ "/gs9533/" name "-" version ".tar.gz"))
(sha256
(base32
- "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy"))))
+ "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517"))))
(build-system gnu-build-system)
(arguments '(#:configure-flags '("--disable-static")
#:phases (modify-phases %standard-phases
--
2.30.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
@ 2021-02-16 19:12 ` Vincent Legoll
2021-02-20 18:25 ` Leo Famulari
0 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:12 UTC (permalink / raw)
To: 46566; +Cc: Vincent Legoll
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source](patches): Remove it.
[native-inputs]: Add jbig2dec.
---
gnu/local.mk | 1 -
gnu/packages/ghostscript.scm | 6 ++--
.../patches/ghostscript-CVE-2020-15900.patch | 36 -------------------
3 files changed, 3 insertions(+), 40 deletions(-)
delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index b9757fe69e..3caa6c6fc9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1061,7 +1061,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
- %D%/packages/patches/ghostscript-CVE-2020-15900.patch \
%D%/packages/patches/ghostscript-freetype-compat.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 19430d315a..53a631b095 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
- (version "9.52")
+ (version "9.53.3")
(source
(origin
(method url-fetch)
@@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.")
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
- "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
+ "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww"))
(patches (search-patches "ghostscript-freetype-compat.patch"
- "ghostscript-CVE-2020-15900.patch"
"ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
@@ -271,6 +270,7 @@ printing, and psresize, for adjusting page sizes.")
("pkg-config" ,pkg-config) ;needed for freetype
("python" ,python-minimal-wrapper)
("tcl" ,tcl)
+ ("jbig2dec" ,jbig2dec)
;; When cross-compiling, some of the natively-built tools require all
;; these libraries.
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
deleted file mode 100644
index b6658d7c7f..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2020-15900.
-
-https://cve.circl.lu/cve/CVE-2020-15900
-https://artifex.com/security-advisories/CVE-2020-15900
-
-Taken from upstream:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
-
-diff --git a/psi/zstring.c b/psi/zstring.c
---- a/psi/zstring.c
-+++ b/psi/zstring.c
-@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
- return 0;
- found:
- op->tas.type_attrs = op1->tas.type_attrs;
-- op->value.bytes = ptr;
-- r_set_size(op, size);
-+ op->value.bytes = ptr; /* match */
-+ op->tas.rsize = size; /* match */
- push(2);
-- op[-1] = *op1;
-- r_set_size(op - 1, ptr - op[-1].value.bytes);
-- op1->value.bytes = ptr + size;
-- r_set_size(op1, count + (!forward ? (size - 1) : 0));
-+ op[-1] = *op1; /* pre */
-+ op[-3].value.bytes = ptr + size; /* post */
-+ if (forward) {
-+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
-+ op[-3].tas.rsize = count; /* post */
-+ } else {
-+ op[-1].tas.rsize = count; /* pre */
-+ op[-3].tas.rsize -= count + size; /* post */
-+ }
- make_true(op);
- return 0;
- }
--
2.30.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#46566] Acknowledgement ([PATCH 0/2 core-updates] ghostscript update)
[not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
@ 2021-02-16 19:14 ` Vincent Legoll
0 siblings, 0 replies; 10+ messages in thread
From: Vincent Legoll @ 2021-02-16 19:14 UTC (permalink / raw)
To: 46566
The removed patch is in the new version (it was
extracted from the repository to begin with)
--
Vincent Legoll
^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
2021-02-16 19:12 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
@ 2021-02-20 18:25 ` Leo Famulari
2021-02-20 19:08 ` Vincent Legoll
0 siblings, 1 reply; 10+ messages in thread
From: Leo Famulari @ 2021-02-20 18:25 UTC (permalink / raw)
To: Vincent Legoll; +Cc: 46566
On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote:
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
> * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source](patches): Remove it.
> [native-inputs]: Add jbig2dec.
Thanks!
$ guix show jbig2dec | grep synopsis
synopsis: Decoder of the JBIG2 image compression format
It seems like it would be a run-time dependency, not just something used
to build ghostscript. In that case it would be an 'input', not a
'native-input'. What do you think?
Also, the idiomatic commit message would be like this:
------
gnu: ghostscript: Update to 9.53.3.
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
[native-inputs]: Add jbig2dec.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
------
^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
2021-02-20 18:25 ` Leo Famulari
@ 2021-02-20 19:08 ` Vincent Legoll
2021-02-20 21:09 ` Vincent Legoll
0 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 19:08 UTC (permalink / raw)
To: Leo Famulari; +Cc: 46566
On Sat, Feb 20, 2021 at 7:25 PM Leo Famulari <leo@famulari.name> wrote:
> On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote:
> > * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
> > * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
> > * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> > [source](patches): Remove it.
> > [native-inputs]: Add jbig2dec.
>
> Thanks!
>
> $ guix show jbig2dec | grep synopsis
> synopsis: Decoder of the JBIG2 image compression format
>
> It seems like it would be a run-time dependency, not just something used
> to build ghostscript. In that case it would be an 'input', not a
> 'native-input'. What do you think?
>
> Also, the idiomatic commit message would be like this:
>
> ------
> gnu: ghostscript: Update to 9.53.3.
>
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
> [native-inputs]: Add jbig2dec.
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.
> ------
Thanks, I'll double check and update the patch & commitmsg.
--
Vincent Legoll
^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
2021-02-20 19:08 ` Vincent Legoll
@ 2021-02-20 21:09 ` Vincent Legoll
0 siblings, 0 replies; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 21:09 UTC (permalink / raw)
To: Leo Famulari; +Cc: 46566
OK, now that I've looked at it some more, the
native-input addition was a mistake (jbig2dec
was already in inputs, which is how I knew it
needed to be updated for gs-9.5.53 in the
first place).
So sorry for that, the following has that fixed
and your commit msg.
Thanks
--
Vincent Legoll
^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19.
2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll
2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
[not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
@ 2021-02-20 21:10 ` Vincent Legoll
2021-02-20 21:10 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
2 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 21:10 UTC (permalink / raw)
To: 46566; +Cc: Vincent Legoll
* gnu/packages/image.scm (jbig2dec): Update to 0.19.
---
gnu/packages/image.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 958f1dcc59..6dff48bd87 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -674,15 +674,15 @@ arithmetic ops.")
(define-public jbig2dec
(package
(name "jbig2dec")
- (version "0.18")
+ (version "0.19")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/ArtifexSoftware"
"/ghostpdl-downloads/releases/download"
- "/gs951/" name "-" version ".tar.gz"))
+ "/gs9533/" name "-" version ".tar.gz"))
(sha256
(base32
- "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy"))))
+ "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517"))))
(build-system gnu-build-system)
(arguments '(#:configure-flags '("--disable-static")
#:phases (modify-phases %standard-phases
--
2.30.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
@ 2021-02-20 21:10 ` Vincent Legoll
2021-02-20 22:39 ` bug#46566: " Leo Famulari
0 siblings, 1 reply; 10+ messages in thread
From: Vincent Legoll @ 2021-02-20 21:10 UTC (permalink / raw)
To: 46566; +Cc: Vincent Legoll
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/ghostscript.scm | 5 ++-
.../patches/ghostscript-CVE-2020-15900.patch | 36 -------------------
3 files changed, 2 insertions(+), 40 deletions(-)
delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index b9757fe69e..3caa6c6fc9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1061,7 +1061,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
- %D%/packages/patches/ghostscript-CVE-2020-15900.patch \
%D%/packages/patches/ghostscript-freetype-compat.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 19430d315a..2a13cbd83f 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
- (version "9.52")
+ (version "9.53.3")
(source
(origin
(method url-fetch)
@@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.")
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
- "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
+ "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww"))
(patches (search-patches "ghostscript-freetype-compat.patch"
- "ghostscript-CVE-2020-15900.patch"
"ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
deleted file mode 100644
index b6658d7c7f..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2020-15900.
-
-https://cve.circl.lu/cve/CVE-2020-15900
-https://artifex.com/security-advisories/CVE-2020-15900
-
-Taken from upstream:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
-
-diff --git a/psi/zstring.c b/psi/zstring.c
---- a/psi/zstring.c
-+++ b/psi/zstring.c
-@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
- return 0;
- found:
- op->tas.type_attrs = op1->tas.type_attrs;
-- op->value.bytes = ptr;
-- r_set_size(op, size);
-+ op->value.bytes = ptr; /* match */
-+ op->tas.rsize = size; /* match */
- push(2);
-- op[-1] = *op1;
-- r_set_size(op - 1, ptr - op[-1].value.bytes);
-- op1->value.bytes = ptr + size;
-- r_set_size(op1, count + (!forward ? (size - 1) : 0));
-+ op[-1] = *op1; /* pre */
-+ op[-3].value.bytes = ptr + size; /* post */
-+ if (forward) {
-+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
-+ op[-3].tas.rsize = count; /* post */
-+ } else {
-+ op[-1].tas.rsize = count; /* pre */
-+ op[-3].tas.rsize -= count + size; /* post */
-+ }
- make_true(op);
- return 0;
- }
--
2.30.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* bug#46566: [PATCH 2/2] gnu: ghostscript: Update to 9.53.3.
2021-02-20 21:10 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
@ 2021-02-20 22:39 ` Leo Famulari
0 siblings, 0 replies; 10+ messages in thread
From: Leo Famulari @ 2021-02-20 22:39 UTC (permalink / raw)
To: Vincent Legoll; +Cc: 46566-done
On Sat, Feb 20, 2021 at 10:10:09PM +0100, Vincent Legoll wrote:
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.
Thanks for the revised patches! Pushed as
f49c13f1833f0db5a5ddcb751c16f6e9ed56355f
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-02-20 22:40 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-02-16 19:11 [bug#46566] [PATCH 0/2 core-updates] ghostscript update Vincent Legoll
2021-02-16 19:12 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
2021-02-16 19:12 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
2021-02-20 18:25 ` Leo Famulari
2021-02-20 19:08 ` Vincent Legoll
2021-02-20 21:09 ` Vincent Legoll
[not found] ` <handler.46566.B.16135026945784.ack@debbugs.gnu.org>
2021-02-16 19:14 ` [bug#46566] Acknowledgement ([PATCH 0/2 core-updates] ghostscript update) Vincent Legoll
2021-02-20 21:10 ` [bug#46566] [PATCH 1/2] gnu: jbig2dec: Update to 0.19 Vincent Legoll
2021-02-20 21:10 ` [bug#46566] [PATCH 2/2] gnu: ghostscript: Update to 9.53.3 Vincent Legoll
2021-02-20 22:39 ` bug#46566: " Leo Famulari
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.