From a01f15759a00503101baa23af87cbd6095a1fbd6 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 28 Apr 2017 16:34:05 -0400
Subject: gnu: ghostscript: Fix CVE-2017-8291.

* gnu/packages/patches/ghostscript-CVE-2017-8291.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript/fixed): New variable.
(ghostscript-with-x)[replacement]: New field.
---
 gnu/packages/ghostscript.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'gnu/packages/ghostscript.scm')

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 076046e721..5340107f99 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -130,6 +130,7 @@ printing, and psresize, for adjusting page sizes.")
 (define-public ghostscript
   (package
    (name "ghostscript")
+   (replacement ghostscript/fixed)
    (version "9.14.0")
    (source (origin
             (method url-fetch)
@@ -209,11 +210,23 @@ output file formats and printers.")
 
 (define-public ghostscript/x
   (package (inherit ghostscript)
+    (replacement #f)
     (name (string-append (package-name ghostscript) "-with-x"))
     (inputs `(("libxext" ,libxext)
               ("libxt" ,libxt)
               ,@(package-inputs ghostscript)))))
 
+(define ghostscript/fixed
+  (package
+    (inherit ghostscript)
+    (source
+      (origin
+        (inherit (package-source ghostscript))
+        (patches
+          (append
+            (origin-patches (package-source ghostscript))
+            (search-patches "ghostscript-CVE-2017-8291.patch")))))))
+
 (define-public ijs
   (package
    (name "ijs")
-- 
cgit v1.2.3


From 7020a6ab8b8678e148d01814fa8c750743681c4e Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 2 May 2017 03:41:24 -0400
Subject: gnu: ghostscript: Fix grafting of ghostscript/x and ghostscript/cups.

* gnu/packages/cups.scm (ghostscript/cups): Use package/inherit.
* gnu/packages/ghostscript.scm (ghostscript/x): Use package/inherit.
(ghostscript/fixed)[replacement]: Override to #f.
---
 gnu/packages/cups.scm        | 4 ++--
 gnu/packages/ghostscript.scm | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'gnu/packages/ghostscript.scm')

diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index bbdd89ec08..accfe410ba 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,9 +45,8 @@
 ;; Delay to avoid module circularity problems.
 (define ghostscript/cups
   (delay
-    (package (inherit ghostscript)
+    (package/inherit ghostscript
       (name "ghostscript-with-cups")
-      (replacement #f)
       (inputs `(("cups" ,cups-minimal)
                 ,@(package-inputs ghostscript))))))
 
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 5340107f99..4e8736cd71 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
@@ -209,8 +209,7 @@ output file formats and printers.")
    (properties '((upstream-name . "gnu-ghostscript")))))
 
 (define-public ghostscript/x
-  (package (inherit ghostscript)
-    (replacement #f)
+  (package/inherit ghostscript
     (name (string-append (package-name ghostscript) "-with-x"))
     (inputs `(("libxext" ,libxext)
               ("libxt" ,libxt)
@@ -219,6 +218,7 @@ output file formats and printers.")
 (define ghostscript/fixed
   (package
     (inherit ghostscript)
+    (replacement #f)
     (source
       (origin
         (inherit (package-source ghostscript))
-- 
cgit v1.2.3


From fda33e495b5ae0ad4688588f1b07c15dc04305c7 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 20 May 2017 16:24:42 -0400
Subject: gnu: ghostscript: Add TODO comment about bundled jbig2dec.

* gnu/packages/ghostscript.scm (ghostscript): Add comment.
---
 gnu/packages/ghostscript.scm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'gnu/packages/ghostscript.scm')

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 4e8736cd71..1cb651c96b 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -132,6 +132,7 @@ printing, and psresize, for adjusting page sizes.")
    (name "ghostscript")
    (replacement ghostscript/fixed)
    (version "9.14.0")
+   ;; XXX Try removing the bundled copy of jbig2dec.
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
-- 
cgit v1.2.3