From 1de17a648fa631f0074d315bfff0716220ce4880 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Thu, 13 Oct 2016 03:20:46 -0400
Subject: gnu: ghostscript: Fix CVE-2013-5653 and
 CVE-2016-{7976,7978,7979,8602}.

* gnu/packages/patches/ghostscript-CVE-2013-5653.patch,
gnu/packages/patches/ghostscript-CVE-2016-7976.patch,
gnu/packages/patches/ghostscript-CVE-2016-7978.patch,
gnu/packages/patches/ghostscript-CVE-2016-7979.patch,
gnu/packages/patches/ghostscript-CVE-2016-8602.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript/fixed): New variable.
(ghostscript/x): Inherit 'ghostscript/fixed'.
---
 gnu/packages/ghostscript.scm | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'gnu/packages/ghostscript.scm')

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index f013a734e5..6a86acb359 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
@@ -127,6 +127,7 @@ printing, and psresize, for adjusting page sizes.")
   (package
    (name "ghostscript")
    (version "9.14.0")
+   (replacement ghostscript/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
@@ -192,8 +193,21 @@ output file formats and printers.")
    (license license:agpl3+)
    (home-page "http://www.gnu.org/software/ghostscript/")))
 
+(define ghostscript/fixed
+  (package
+    (inherit ghostscript)
+    (source (origin
+              (inherit (package-source ghostscript))
+              (patches (search-patches "ghostscript-CVE-2013-5653.patch"
+                                       "ghostscript-CVE-2015-3228.patch"
+                                       "ghostscript-CVE-2016-7976.patch"
+                                       "ghostscript-CVE-2016-7978.patch"
+                                       "ghostscript-CVE-2016-7979.patch"
+                                       "ghostscript-CVE-2016-8602.patch"
+                                       "ghostscript-runpath.patch"))))))
+
 (define-public ghostscript/x
-  (package (inherit ghostscript)
+  (package (inherit ghostscript/fixed)
     (name (string-append (package-name ghostscript) "-with-x"))
     (inputs `(("libxext" ,libxext)
               ("libxt" ,libxt)
-- 
cgit v1.2.3