From 1de17a648fa631f0074d315bfff0716220ce4880 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 13 Oct 2016 03:20:46 -0400 Subject: gnu: ghostscript: Fix CVE-2013-5653 and CVE-2016-{7976,7978,7979,8602}. * gnu/packages/patches/ghostscript-CVE-2013-5653.patch, gnu/packages/patches/ghostscript-CVE-2016-7976.patch, gnu/packages/patches/ghostscript-CVE-2016-7978.patch, gnu/packages/patches/ghostscript-CVE-2016-7979.patch, gnu/packages/patches/ghostscript-CVE-2016-8602.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field. (ghostscript/fixed): New variable. (ghostscript/x): Inherit 'ghostscript/fixed'. --- gnu/packages/ghostscript.scm | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'gnu/packages/ghostscript.scm') diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index f013a734e5..6a86acb359 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge -;;; Copyright © 2014, 2015 Mark H Weaver +;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès ;;; @@ -127,6 +127,7 @@ printing, and psresize, for adjusting page sizes.") (package (name "ghostscript") (version "9.14.0") + (replacement ghostscript/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-" @@ -192,8 +193,21 @@ output file formats and printers.") (license license:agpl3+) (home-page "http://www.gnu.org/software/ghostscript/"))) +(define ghostscript/fixed + (package + (inherit ghostscript) + (source (origin + (inherit (package-source ghostscript)) + (patches (search-patches "ghostscript-CVE-2013-5653.patch" + "ghostscript-CVE-2015-3228.patch" + "ghostscript-CVE-2016-7976.patch" + "ghostscript-CVE-2016-7978.patch" + "ghostscript-CVE-2016-7979.patch" + "ghostscript-CVE-2016-8602.patch" + "ghostscript-runpath.patch")))))) + (define-public ghostscript/x - (package (inherit ghostscript) + (package (inherit ghostscript/fixed) (name (string-append (package-name ghostscript) "-with-x")) (inputs `(("libxext" ,libxext) ("libxt" ,libxt) -- cgit v1.2.3 From ab8536e4a8c7697580d91ae4a25d56a253b30f6f Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 13 Oct 2016 03:38:03 -0400 Subject: gnu: ghostscript-with-x: Avoid inheriting replacement field. This is a followup to commit 1de17a648fa631f0074d315bfff0716220ce4880. * gnu/packages/ghostscript.scm (ghostscript/fixed)[replacement]: Override inherited value. --- gnu/packages/ghostscript.scm | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/packages/ghostscript.scm') diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 6a86acb359..09b10f7741 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -196,6 +196,7 @@ output file formats and printers.") (define ghostscript/fixed (package (inherit ghostscript) + (replacement #f) ; Prevent ghostscript/x from inheriting the replacement (source (origin (inherit (package-source ghostscript)) (patches (search-patches "ghostscript-CVE-2013-5653.patch" -- cgit v1.2.3