From 3c2306e21665b6367c88cb379bccf85f61ca4466 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Wed, 19 Oct 2016 08:09:17 -0400 Subject: [PATCH] ghostscript: 9.18 -> 9.20 for multiple CVEs: https://lwn.net/Vulnerabilities/703324/ --- pkgs/development/libraries/ijs/default.nix | 9 ------ pkgs/misc/ghostscript/default.nix | 34 ++-------------------- 2 files changed, 3 insertions(+), 40 deletions(-) diff --git a/pkgs/development/libraries/ijs/default.nix b/pkgs/development/libraries/ijs/default.nix index a08a653dc71f..4506d3c41048 100644 --- a/pkgs/development/libraries/ijs/default.nix +++ b/pkgs/development/libraries/ijs/default.nix @@ -5,15 +5,6 @@ stdenv.mkDerivation { inherit (ghostscript) src; - patches = [ - # http://bugs.ghostscript.com/show_bug.cgi?id=696246 - (fetchpatch { - name = "devijs-account-for-device-subclassing.patch"; - url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=b68e05c3"; - sha256 = "1c3fzfjzvf15z533vpw3l3da8wcxw98qi3p1lc6lf13940a57c7n"; - }) - ]; - postPatch = "cd ijs"; enableParallelBuilding = true; diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix index 1242d99398fd..22a148398c5c 100644 --- a/pkgs/misc/ghostscript/default.nix +++ b/pkgs/misc/ghostscript/default.nix @@ -8,8 +8,8 @@ assert x11Support -> xlibsWrapper != null; assert cupsSupport -> cups != null; let - version = "9.18"; - sha256 = "18ad90za28dxybajqwf3y3dld87cgkx1ljllmcnc7ysspfxzbnl3"; + version = "9.20"; + sha256 = "1az0dnvgingqv78yvfhzmx1zavn5sv1xrrscz984hy3gvz2ks3rw"; fonts = stdenv.mkDerivation { name = "ghostscript-fonts"; @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { name = "ghostscript-${version}"; src = fetchurl { - url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs918/${name}.tar.bz2"; + url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920/${name}.tar.xz"; inherit sha256; }; @@ -57,34 +57,6 @@ stdenv.mkDerivation rec { patches = [ ./urw-font-files.patch - # http://bugs.ghostscript.com/show_bug.cgi?id=696281 - (fetchpatch { - name = "fix-check-for-using-shared-freetype-lib.patch"; - url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285"; - sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr"; - }) - # http://bugs.ghostscript.com/show_bug.cgi?id=696301 - (fetchpatch { - name = "add-gserrors.h-to-the-installed-files.patch"; - url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=feafe5e5"; - sha256 = "0s4ayzakjv809dkn7vilxwvs4dw35p3pw942ml91bk9z4kkaxyz7"; - }) - # http://bugs.ghostscript.com/show_bug.cgi?id=696246 - (fetchpatch { - name = "guard-against-NULL-base-for-non-clist-devices.patch"; - url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=007bd77d08d800e6b07274d62e3c91be7c4a3f47"; - sha256 = "1la53273agl92lpy7qd0qhgzynx8b90hrk8g9jsj3055ssn6rqwh"; - }) - (fetchpatch { - name = "ensure-plib-devices-always-use-the-clist.patch"; - url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=1bdbe4f87dc57648821e613ebcc591b84e8b35b3"; - sha256 = "1cq83fgyvrycapxm69v4r9f9qhzsr40ygrc3bkp8pk15wsmvq0k7"; - }) - (fetchpatch { - name = "prevent-rinkj-device-crash-when-misconfigured.patch"; - url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5571ddfa377c5d7d98f55af40e693814ac287ae4"; - sha256 = "08iqdlrngi6k0ml2b71dj5q136fyp1s9g0rr87ayyshn0k0lxwkv"; - }) ]; preConfigure = ''