diff options
| author | Nikolay Amiantov <ab@fmap.me> | 2016-01-13 19:47:07 +0300 |
|---|---|---|
| committer | Nikolay Amiantov <ab@fmap.me> | 2016-01-17 15:50:40 +0300 |
| commit | a814e243b5f330267e779b6f037791da49f8d0e5 (patch) | |
| tree | 9ec1b849e5ef713969a106695538a10895f1dc7a /pkgs/misc/ghostscript | |
| parent | 35e1f4954555f465fb4499880dcb6a68417fb959 (diff) | |
| download | nixlib-a814e243b5f330267e779b6f037791da49f8d0e5.tar nixlib-a814e243b5f330267e779b6f037791da49f8d0e5.tar.gz nixlib-a814e243b5f330267e779b6f037791da49f8d0e5.tar.bz2 nixlib-a814e243b5f330267e779b6f037791da49f8d0e5.tar.lz nixlib-a814e243b5f330267e779b6f037791da49f8d0e5.tar.xz nixlib-a814e243b5f330267e779b6f037791da49f8d0e5.tar.zst nixlib-a814e243b5f330267e779b6f037791da49f8d0e5.zip | |
ghostscript: 9.15 -> 9.18
Diffstat (limited to 'pkgs/misc/ghostscript')
| -rw-r--r-- | pkgs/misc/ghostscript/CVE-2015-3228.patch | 20 | ||||
| -rw-r--r-- | pkgs/misc/ghostscript/default.nix | 50 |
2 files changed, 40 insertions, 30 deletions
diff --git a/pkgs/misc/ghostscript/CVE-2015-3228.patch b/pkgs/misc/ghostscript/CVE-2015-3228.patch deleted file mode 100644 index 7be18b0a7302..000000000000 --- a/pkgs/misc/ghostscript/CVE-2015-3228.patch +++ /dev/null @@ -1,20 +0,0 @@ -Description: Sanity check for memory allocation. - In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the - variable holding the actual number of bytes we allocate. -Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0c0b085 -Author: Chris Liddell <chris.liddell@artifex.com> -Forwarded: yes -Bug-Debian: http://bugs.debian.org/793489 -Last-Update: 2015-07-26 - ---- a/base/gsmalloc.c -+++ b/base/gsmalloc.c -@@ -178,7 +178,7 @@ - } else { - uint added = size + sizeof(gs_malloc_block_t); - -- if (mmem->limit - added < mmem->used) -+ if (added <= size || mmem->limit - added < mmem->used) - set_msg("exceeded limit"); - else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) - set_msg("failed"); diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix index 53b5caf93122..658fa346f1ea 100644 --- a/pkgs/misc/ghostscript/default.nix +++ b/pkgs/misc/ghostscript/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchurl, pkgconfig, zlib, expat, openssl +{ stdenv, fetchurl, fetchpatch, pkgconfig, zlib, expat, openssl, autoconf , libjpeg, libpng, libtiff, freetype, fontconfig, lcms2, libpaper, jbig2dec -, libiconv +, libiconv, ijs , x11Support ? false, xlibsWrapper ? null , cupsSupport ? false, cups ? null }: @@ -8,8 +8,8 @@ assert x11Support -> xlibsWrapper != null; assert cupsSupport -> cups != null; let - version = "9.15"; - sha256 = "0p1isp6ssfay141klirn7n9s8b546vcz6paksfmksbwy0ljsypg6"; + version = "9.18"; + sha256 = "18ad90za28dxybajqwf3y3dld87cgkx1ljllmcnc7ysspfxzbnl3"; fonts = stdenv.mkDerivation { name = "ghostscript-fonts"; @@ -45,28 +45,58 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + nativeBuildInputs = [ pkgconfig autoconf ]; buildInputs = - [ pkgconfig zlib expat openssl + [ zlib expat openssl libjpeg libpng libtiff freetype fontconfig lcms2 libpaper jbig2dec - libiconv + libiconv ijs ] ++ stdenv.lib.optional x11Support xlibsWrapper ++ stdenv.lib.optional cupsSupport cups - # [] # maybe sometimes jpeg2000 support ; patches = [ ./urw-font-files.patch - # fetched from debian's ghostscript 9.15_dfsg-1 (called 020150707~0c0b085.patch there) - ./CVE-2015-3228.patch + # http://bugs.ghostscript.com/show_bug.cgi?id=696281 + (fetchpatch { + name = "fix-check-for-using-shared-freetype-lib.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285"; + sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr"; + }) + # http://bugs.ghostscript.com/show_bug.cgi?id=696301 + (fetchpatch { + name = "add-gserrors.h-to-the-installed-files.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=feafe5e5"; + sha256 = "0s4ayzakjv809dkn7vilxwvs4dw35p3pw942ml91bk9z4kkaxyz7"; + }) + # http://bugs.ghostscript.com/show_bug.cgi?id=696246 + (fetchpatch { + name = "guard-against-NULL-base-for-non-clist-devices.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=007bd77d08d800e6b07274d62e3c91be7c4a3f47"; + sha256 = "1la53273agl92lpy7qd0qhgzynx8b90hrk8g9jsj3055ssn6rqwh"; + }) + (fetchpatch { + name = "ensure-plib-devices-always-use-the-clist.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=1bdbe4f87dc57648821e613ebcc591b84e8b35b3"; + sha256 = "1cq83fgyvrycapxm69v4r9f9qhzsr40ygrc3bkp8pk15wsmvq0k7"; + }) + (fetchpatch { + name = "prevent-rinkj-device-crash-when-misconfigured.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5571ddfa377c5d7d98f55af40e693814ac287ae4"; + sha256 = "08iqdlrngi6k0ml2b71dj5q136fyp1s9g0rr87ayyshn0k0lxwkv"; + }) ]; makeFlags = [ "cups_serverroot=$(out)" "cups_serverbin=$(out)/lib/cups" ]; preConfigure = '' - rm -rf jpeg libpng zlib jasper expat tiff lcms{,2} jbig2dec openjpeg freetype cups/libs + # requires in-tree (heavily patched) openjpeg + rm -rf jpeg libpng zlib jasper expat tiff lcms{,2} jbig2dec freetype cups/libs ijs sed "s@if ( test -f \$(INCLUDE)[^ ]* )@if ( true )@; s@INCLUDE=/usr/include@INCLUDE=/no-such-path@" -i base/unix-aux.mak + sed "s@^ZLIBDIR=.*@ZLIBDIR=${zlib}/include@" -i configure.ac + + autoconf ''; configureFlags = |