summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/ghostscript.scm25
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2017-8291.patch195
3 files changed, 2 insertions, 219 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 6c1cde7ac4..5639db1f75 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -647,7 +647,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gettext-multi-core.patch          	\
   %D%/packages/patches/gettext-gnulib-multi-core.patch          \
   %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch	\
-  %D%/packages/patches/ghostscript-CVE-2017-8291.patch		\
   %D%/packages/patches/ghostscript-no-header-id.patch		\
   %D%/packages/patches/ghostscript-no-header-uuid.patch		\
   %D%/packages/patches/ghostscript-no-header-creationdate.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index c2e8a55cbc..72a737b013 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -131,8 +131,7 @@ printing, and psresize, for adjusting page sizes.")
 (define-public ghostscript
   (package
     (name "ghostscript")
-    (replacement ghostscript-9.22)
-    (version "9.21")
+    (version "9.22")
     (source
       (origin
         (method url-fetch)
@@ -142,9 +141,8 @@ printing, and psresize, for adjusting page sizes.")
                             "/ghostscript-" version ".tar.xz"))
         (sha256
          (base32
-          "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b"))
+          "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
         (patches (search-patches "ghostscript-runpath.patch"
-                                 "ghostscript-CVE-2017-8291.patch"
                                  "ghostscript-no-header-creationdate.patch"
                                  "ghostscript-no-header-id.patch"
                                  "ghostscript-no-header-uuid.patch"))
@@ -255,25 +253,6 @@ output file formats and printers.")
     (home-page "https://www.ghostscript.com/")
     (license license:agpl3+)))
 
-(define ghostscript-9.22
-  (package
-    (inherit ghostscript)
-    (version "9.22")
-    (source
-      (origin
-        (inherit (package-source ghostscript))
-        (uri (string-append "https://github.com/ArtifexSoftware/"
-                            "ghostpdl-downloads/releases/download/gs"
-                            (string-delete #\. version)
-                            "/ghostscript-" version ".tar.xz"))
-        (sha256
-         (base32
-          "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
-        (patches (search-patches "ghostscript-runpath.patch"
-                                 "ghostscript-no-header-creationdate.patch"
-                                 "ghostscript-no-header-id.patch"
-                                 "ghostscript-no-header-uuid.patch"))))))
-
 (define-public ghostscript/x
   (package/inherit ghostscript
     (name (string-append (package-name ghostscript) "-with-x"))
diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
deleted file mode 100644
index d38bd593c0..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-Fix CVE-2017-8291:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697799
-https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate)
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
-
-Patches copied from upstream source repository:
-
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
-
-From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 27 Apr 2017 13:03:33 +0100
-Subject: [PATCH] Bug 697799: have .eqproc check its parameters
-
-The Ghostscript custom operator .eqproc was not check the number or type of
-the parameters it was given.
----
- psi/zmisc3.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 54b304246..37293ff4b 100644
---- a/psi/zmisc3.c
-+++ b/psi/zmisc3.c
-@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
-     ref2_t stack[MAX_DEPTH + 1];
-     ref2_t *top = stack;
- 
-+    if (ref_stack_count(&o_stack) < 2)
-+        return_error(gs_error_stackunderflow);
-+    if (!r_is_array(op - 1) || !r_is_array(op)) {
-+        return_error(gs_error_typecheck);
-+    }
-+
-     make_array(&stack[0].proc1, 0, 1, op - 1);
-     make_array(&stack[0].proc2, 0, 1, op);
-     for (;;) {
--- 
-2.13.0
-
-From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 27 Apr 2017 13:21:31 +0100
-Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
-
-The Ghostscript internal operator .rsdparams wasn't checking the number or
-type of the operands it was being passed. Do so.
----
- psi/zfrsd.c | 22 +++++++++++++++-------
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/psi/zfrsd.c b/psi/zfrsd.c
-index 191107d8a..950588d69 100644
---- a/psi/zfrsd.c
-+++ b/psi/zfrsd.c
-@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
-     ref *pFilter;
-     ref *pDecodeParms;
-     int Intent = 0;
--    bool AsyncRead;
-+    bool AsyncRead = false;
-     ref empty_array, filter1_array, parms1_array;
-     uint i;
--    int code;
-+    int code = 0;
-+
-+    if (ref_stack_count(&o_stack) < 1)
-+        return_error(gs_error_stackunderflow);
-+    if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
-+        return_error(gs_error_typecheck);
-+    }
- 
-     make_empty_array(&empty_array, a_readonly);
--    if (dict_find_string(op, "Filter", &pFilter) > 0) {
-+    if (r_has_type(op, t_dictionary)
-+        && dict_find_string(op, "Filter", &pFilter) > 0) {
-         if (!r_is_array(pFilter)) {
-             if (!r_has_type(pFilter, t_name))
-                 return_error(gs_error_typecheck);
-@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
-                 return_error(gs_error_typecheck);
-         }
-     }
--    code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
-+    if (r_has_type(op, t_dictionary))
-+        code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
-     if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
-         return code;
--    if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
--        )
--        return code;
-+    if (r_has_type(op, t_dictionary))
-+        if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
-+            return code;
-     push(1);
-     op[-1] = *pFilter;
-     if (pDecodeParms)
--- 
-2.13.0
-
-From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 3 May 2017 12:05:45 +0100
-Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc)
-
-When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
-parameters that are not both procedures. In this case, it turns out, the
-expectation is for the operator to return 'false', rather than throw an error.
----
- psi/zmisc3.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 37293ff4b..3f01d39a3 100644
---- a/psi/zmisc3.c
-+++ b/psi/zmisc3.c
-@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
-     return gs_cliprestore(igs);
- }
- 
-+static inline bool
-+eqproc_check_type(ref *r)
-+{
-+    return r_has_type(r, t_array)
-+           || r_has_type(r, t_mixedarray)
-+           || r_has_type(r, t_shortarray)
-+           || r_has_type(r, t_oparray);
-+}
-+
- /* <proc1> <proc2> .eqproc <bool> */
- /*
-  * Test whether two procedures are equal to depth 10.
-@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
- 
-     if (ref_stack_count(&o_stack) < 2)
-         return_error(gs_error_stackunderflow);
--    if (!r_is_array(op - 1) || !r_is_array(op)) {
--        return_error(gs_error_typecheck);
-+    if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
-+        make_false(op - 1);
-+        pop(1);
-+        return 0;
-     }
- 
-     make_array(&stack[0].proc1, 0, 1, op - 1);
--- 
-2.13.0
-
-From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 11 May 2017 14:07:48 +0100
-Subject: [PATCH] Bug 697892: fix check for op stack underflow.
-
-In the original fix, I used the wrong method to check for stack underflow, this
-is using the correct method.
----
- psi/zfrsd.c  | 3 +--
- psi/zmisc3.c | 3 +--
- 2 files changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/psi/zfrsd.c b/psi/zfrsd.c
-index 950588d69..9c035b96d 100644
---- a/psi/zfrsd.c
-+++ b/psi/zfrsd.c
-@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p)
-     uint i;
-     int code = 0;
- 
--    if (ref_stack_count(&o_stack) < 1)
--        return_error(gs_error_stackunderflow);
-+    check_op(1);
-     if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
-         return_error(gs_error_typecheck);
-     }
-diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 3f01d39a3..43803b55b 100644
---- a/psi/zmisc3.c
-+++ b/psi/zmisc3.c
-@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p)
-     ref2_t stack[MAX_DEPTH + 1];
-     ref2_t *top = stack;
- 
--    if (ref_stack_count(&o_stack) < 2)
--        return_error(gs_error_stackunderflow);
-+    check_op(2);
-     if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
-         make_false(op - 1);
-         pop(1);
--- 
-2.13.0
-