From 0084744b3af0a6f8e125120143f57567902339a8 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 8 Sep 2018 12:46:22 +0200 Subject: gnu: ghostscript: Update replacement to 9.24 [security fixes]. The following CVEs are fixed with this release: CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509, CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543. * gnu/packages/patches/ghostscript-CVE-2018-10194.patch: Delete file. * gnu/packages/patches/ghostscript-CVE-2018-16509.patch, gnu/packages/patches/ghostscript-bug-699708.patch: New files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/ghostscript.scm (ghostscript/fixed): Update to 9.24. [source](patches): Remove 'ghostscript-CVE-2018-10194.patch' and 'ghostscript-runpath.patch'. Add 'ghostscript-CVE-2018-16509.patch' and 'ghostscript-bug-699708.patch'. [arguments]: Add LDFLAGS to #:configure-flags, and a phase to create output directory. --- gnu/packages/ghostscript.scm | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) (limited to 'gnu/packages/ghostscript.scm') diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 1240b1dc16..518e18397b 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2017 Efraim Flashner ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -38,8 +39,10 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix utils) #:use-module (guix build-system gnu) - #:use-module (guix build-system trivial)) + #:use-module (guix build-system trivial) + #:use-module (srfi srfi-1)) (define-public lcms (package @@ -255,11 +258,39 @@ output file formats and printers.") (hidden-package (package (inherit ghostscript) + (version "9.24") (source (origin (inherit (package-source ghostscript)) - (patches (append (origin-patches (package-source ghostscript)) - (search-patches "ghostscript-CVE-2018-10194.patch")))))))) + (uri (string-append "https://github.com/ArtifexSoftware/" + "ghostpdl-downloads/releases/download/gs" + (string-delete #\. version) + "/ghostscript-" version ".tar.xz")) + (sha256 + (base32 + "1mk922rnml93w2g42yxiyn8xqanc50cm65irrgh0b6lp4kgifjfl")) + (patches (search-patches "ghostscript-CVE-2018-16509.patch" + "ghostscript-bug-699708.patch" + "ghostscript-no-header-creationdate.patch" + "ghostscript-no-header-id.patch" + "ghostscript-no-header-uuid.patch")))) + (arguments + (substitute-keyword-arguments (package-arguments ghostscript) + ((#:configure-flags flags) + ;; Notice that we removed the 'ghostscript-runpath' patch above. + ;; The reason is that it conflicts with an upstream change that + ;; takes LDFLAGS into account. + `(cons (string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") "/lib") + ,flags)) + ((#:phases phases) + `(modify-phases ,phases + (add-before 'configure 'create-output-directory + (lambda* (#:key outputs #:allow-other-keys) + ;; Unfortunately the configure script refuses to function if + ;; the directory specified as -rpath does not already exist. + (mkdir-p (string-append (assoc-ref outputs "out") "/lib")) + #t))))))))) (define-public ghostscript/x (package/inherit ghostscript -- cgit v1.2.3