summaryrefslogtreecommitdiff
path: root/gnu/packages/ghostscript.scm
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-09-08 12:46:22 +0200
committerMarius Bakke <mbakke@fastmail.com>2018-09-09 16:43:11 +0200
commit0084744b3af0a6f8e125120143f57567902339a8 (patch)
treeae69c6b141ef17db618776342ea2e89317f5a63e /gnu/packages/ghostscript.scm
parent910a20e2b8ac6d1c331ff79535831cce6222b3a3 (diff)
gnu: ghostscript: Update replacement to 9.24 [security fixes].
The following CVEs are fixed with this release: CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509, CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543. * gnu/packages/patches/ghostscript-CVE-2018-10194.patch: Delete file. * gnu/packages/patches/ghostscript-CVE-2018-16509.patch, gnu/packages/patches/ghostscript-bug-699708.patch: New files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/ghostscript.scm (ghostscript/fixed): Update to 9.24. [source](patches): Remove 'ghostscript-CVE-2018-10194.patch' and 'ghostscript-runpath.patch'. Add 'ghostscript-CVE-2018-16509.patch' and 'ghostscript-bug-699708.patch'. [arguments]: Add LDFLAGS to #:configure-flags, and a phase to create output directory.
Diffstat (limited to 'gnu/packages/ghostscript.scm')
-rw-r--r--gnu/packages/ghostscript.scm37
1 files changed, 34 insertions, 3 deletions
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 1240b1dc16..518e18397b 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -38,8 +39,10 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix utils)
#:use-module (guix build-system gnu)
- #:use-module (guix build-system trivial))
+ #:use-module (guix build-system trivial)
+ #:use-module (srfi srfi-1))
(define-public lcms
(package
@@ -255,11 +258,39 @@ output file formats and printers.")
(hidden-package
(package
(inherit ghostscript)
+ (version "9.24")
(source
(origin
(inherit (package-source ghostscript))
- (patches (append (origin-patches (package-source ghostscript))
- (search-patches "ghostscript-CVE-2018-10194.patch"))))))))
+ (uri (string-append "https://github.com/ArtifexSoftware/"
+ "ghostpdl-downloads/releases/download/gs"
+ (string-delete #\. version)
+ "/ghostscript-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1mk922rnml93w2g42yxiyn8xqanc50cm65irrgh0b6lp4kgifjfl"))
+ (patches (search-patches "ghostscript-CVE-2018-16509.patch"
+ "ghostscript-bug-699708.patch"
+ "ghostscript-no-header-creationdate.patch"
+ "ghostscript-no-header-id.patch"
+ "ghostscript-no-header-uuid.patch"))))
+ (arguments
+ (substitute-keyword-arguments (package-arguments ghostscript)
+ ((#:configure-flags flags)
+ ;; Notice that we removed the 'ghostscript-runpath' patch above.
+ ;; The reason is that it conflicts with an upstream change that
+ ;; takes LDFLAGS into account.
+ `(cons (string-append "LDFLAGS=-Wl,-rpath="
+ (assoc-ref %outputs "out") "/lib")
+ ,flags))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (add-before 'configure 'create-output-directory
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Unfortunately the configure script refuses to function if
+ ;; the directory specified as -rpath does not already exist.
+ (mkdir-p (string-append (assoc-ref outputs "out") "/lib"))
+ #t)))))))))
(define-public ghostscript/x
(package/inherit ghostscript