summary refs log tree commit diff
path: root/gnu/packages/ghostscript.scm
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-10-13 03:20:46 -0400
committerMark H Weaver <mhw@netris.org>2016-10-13 03:30:21 -0400
commit1de17a648fa631f0074d315bfff0716220ce4880 (patch)
treee4fdfe5becce3f4c6ae03d366bacbfb5127a172b /gnu/packages/ghostscript.scm
parente940a2713dc16c470b0ac7d94f3ee3a9e1251f3d (diff)
downloadguix-1de17a648fa631f0074d315bfff0716220ce4880.tar.gz
gnu: ghostscript: Fix CVE-2013-5653 and CVE-2016-{7976,7978,7979,8602}.
* gnu/packages/patches/ghostscript-CVE-2013-5653.patch,
gnu/packages/patches/ghostscript-CVE-2016-7976.patch,
gnu/packages/patches/ghostscript-CVE-2016-7978.patch,
gnu/packages/patches/ghostscript-CVE-2016-7979.patch,
gnu/packages/patches/ghostscript-CVE-2016-8602.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript/fixed): New variable.
(ghostscript/x): Inherit 'ghostscript/fixed'.
Diffstat (limited to 'gnu/packages/ghostscript.scm')
-rw-r--r--gnu/packages/ghostscript.scm18
1 files changed, 16 insertions, 2 deletions
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index f013a734e5..6a86acb359 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
@@ -127,6 +127,7 @@ printing, and psresize, for adjusting page sizes.")
   (package
    (name "ghostscript")
    (version "9.14.0")
+   (replacement ghostscript/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
@@ -192,8 +193,21 @@ output file formats and printers.")
    (license license:agpl3+)
    (home-page "http://www.gnu.org/software/ghostscript/")))
 
+(define ghostscript/fixed
+  (package
+    (inherit ghostscript)
+    (source (origin
+              (inherit (package-source ghostscript))
+              (patches (search-patches "ghostscript-CVE-2013-5653.patch"
+                                       "ghostscript-CVE-2015-3228.patch"
+                                       "ghostscript-CVE-2016-7976.patch"
+                                       "ghostscript-CVE-2016-7978.patch"
+                                       "ghostscript-CVE-2016-7979.patch"
+                                       "ghostscript-CVE-2016-8602.patch"
+                                       "ghostscript-runpath.patch"))))))
+
 (define-public ghostscript/x
-  (package (inherit ghostscript)
+  (package (inherit ghostscript/fixed)
     (name (string-append (package-name ghostscript) "-with-x"))
     (inputs `(("libxext" ,libxext)
               ("libxt" ,libxt)