diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-09-08 12:46:22 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-09-09 16:43:11 +0200 |
commit | 0084744b3af0a6f8e125120143f57567902339a8 (patch) | |
tree | ae69c6b141ef17db618776342ea2e89317f5a63e /gnu/packages/ghostscript.scm | |
parent | 910a20e2b8ac6d1c331ff79535831cce6222b3a3 (diff) |
gnu: ghostscript: Update replacement to 9.24 [security fixes].
The following CVEs are fixed with this release: CVE-2018-15908,
CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509,
CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539,
CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543.
* gnu/packages/patches/ghostscript-CVE-2018-10194.patch: Delete file.
* gnu/packages/patches/ghostscript-CVE-2018-16509.patch,
gnu/packages/patches/ghostscript-bug-699708.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript/fixed): Update to 9.24.
[source](patches): Remove 'ghostscript-CVE-2018-10194.patch' and
'ghostscript-runpath.patch'. Add 'ghostscript-CVE-2018-16509.patch' and
'ghostscript-bug-699708.patch'.
[arguments]: Add LDFLAGS to #:configure-flags, and a phase to create output
directory.
Diffstat (limited to 'gnu/packages/ghostscript.scm')
-rw-r--r-- | gnu/packages/ghostscript.scm | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 1240b1dc16..518e18397b 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -38,8 +39,10 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix utils) #:use-module (guix build-system gnu) - #:use-module (guix build-system trivial)) + #:use-module (guix build-system trivial) + #:use-module (srfi srfi-1)) (define-public lcms (package @@ -255,11 +258,39 @@ output file formats and printers.") (hidden-package (package (inherit ghostscript) + (version "9.24") (source (origin (inherit (package-source ghostscript)) - (patches (append (origin-patches (package-source ghostscript)) - (search-patches "ghostscript-CVE-2018-10194.patch")))))))) + (uri (string-append "https://github.com/ArtifexSoftware/" + "ghostpdl-downloads/releases/download/gs" + (string-delete #\. version) + "/ghostscript-" version ".tar.xz")) + (sha256 + (base32 + "1mk922rnml93w2g42yxiyn8xqanc50cm65irrgh0b6lp4kgifjfl")) + (patches (search-patches "ghostscript-CVE-2018-16509.patch" + "ghostscript-bug-699708.patch" + "ghostscript-no-header-creationdate.patch" + "ghostscript-no-header-id.patch" + "ghostscript-no-header-uuid.patch")))) + (arguments + (substitute-keyword-arguments (package-arguments ghostscript) + ((#:configure-flags flags) + ;; Notice that we removed the 'ghostscript-runpath' patch above. + ;; The reason is that it conflicts with an upstream change that + ;; takes LDFLAGS into account. + `(cons (string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") "/lib") + ,flags)) + ((#:phases phases) + `(modify-phases ,phases + (add-before 'configure 'create-output-directory + (lambda* (#:key outputs #:allow-other-keys) + ;; Unfortunately the configure script refuses to function if + ;; the directory specified as -rpath does not already exist. + (mkdir-p (string-append (assoc-ref outputs "out") "/lib")) + #t))))))))) (define-public ghostscript/x (package/inherit ghostscript |