4bf03aa616
the latter's patch is only partially applied because it doesn't apply cleanly to 9.27, still the fixes that do apply work and are better than nothing
147 lines
4.8 KiB
Nix
147 lines
4.8 KiB
Nix
{ config, stdenv, lib, fetchurl, pkgconfig, zlib, expat, openssl, autoconf
|
|
, libjpeg, libpng, libtiff, freetype, fontconfig, libpaper, jbig2dec
|
|
, libiconv, ijs, lcms2, fetchpatch
|
|
, cupsSupport ? config.ghostscript.cups or (!stdenv.isDarwin), cups ? null
|
|
, x11Support ? cupsSupport, xlibsWrapper ? null # with CUPS, X11 only adds very little
|
|
}:
|
|
|
|
assert x11Support -> xlibsWrapper != null;
|
|
assert cupsSupport -> cups != null;
|
|
|
|
let
|
|
version = "9.${ver_min}";
|
|
ver_min = "27";
|
|
sha512 = "00m8pfvvg4dzvrzk66myr8kid76x44sgqk84m9562g4viv9zbw759l8q9qg64mgvbajzn78zpqfgdlgz9nwgcdb1vpwc08gm12ssrsy";
|
|
|
|
fonts = stdenv.mkDerivation {
|
|
name = "ghostscript-fonts";
|
|
|
|
srcs = [
|
|
(fetchurl {
|
|
url = "mirror://sourceforge/gs-fonts/ghostscript-fonts-std-8.11.tar.gz";
|
|
sha256 = "00f4l10xd826kak51wsmaz69szzm2wp8a41jasr4jblz25bg7dhf";
|
|
})
|
|
(fetchurl {
|
|
url = "mirror://gnu/ghostscript/gnu-gs-fonts-other-6.0.tar.gz";
|
|
sha256 = "1cxaah3r52qq152bbkiyj2f7dx1rf38vsihlhjmrvzlr8v6cqil1";
|
|
})
|
|
# ... add other fonts here
|
|
];
|
|
|
|
installPhase = ''
|
|
mkdir "$out"
|
|
mv -v * "$out/"
|
|
'';
|
|
};
|
|
|
|
in
|
|
stdenv.mkDerivation rec {
|
|
pname = "ghostscript";
|
|
inherit version;
|
|
|
|
src = fetchurl {
|
|
url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9${ver_min}/${pname}-${version}.tar.xz";
|
|
inherit sha512;
|
|
};
|
|
|
|
patches = [
|
|
./urw-font-files.patch
|
|
./doc-no-ref.diff
|
|
(fetchpatch {
|
|
name = "CVE-2019-10216.patch";
|
|
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5b85ddd19a8420a1bd2d5529325be35d78e94234";
|
|
sha256 = "165svml4knq1xlysfvj7vc07h68bhv3rgvl83xrhxsxdzs1ign31";
|
|
})
|
|
(fetchpatch {
|
|
name = "CVE-2019-14811.CVE-2019-14812.CVE-2019-14813.patch";
|
|
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33";
|
|
sha256 = "19928sr7xpx7iibk9gn127g0r1yv2lcfpwgk2ipzz4wgrs3f5j70";
|
|
})
|
|
(fetchpatch {
|
|
name = "CVE-2019-14817-partial.patch";
|
|
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19";
|
|
# patch doesn't apply cleanly to all files, but at least partially applying it fixes
|
|
# *most* of the problematic sites.
|
|
excludes = ["Resource/Init/pdf_font.ps"];
|
|
sha256 = "0f8qgdqpv7bldc9akvjj10af2h2876cvnz4q3nvg4a00rk5i05wn";
|
|
})
|
|
];
|
|
|
|
outputs = [ "out" "man" "doc" ];
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
nativeBuildInputs = [ pkgconfig autoconf ];
|
|
buildInputs =
|
|
[ zlib expat openssl
|
|
libjpeg libpng libtiff freetype fontconfig libpaper jbig2dec
|
|
libiconv ijs lcms2
|
|
]
|
|
++ lib.optional x11Support xlibsWrapper
|
|
++ lib.optional cupsSupport cups
|
|
;
|
|
|
|
preConfigure = ''
|
|
# requires in-tree (heavily patched) openjpeg
|
|
rm -rf jpeg libpng zlib jasper expat tiff lcms2mt jbig2dec freetype cups/libs ijs
|
|
|
|
sed "s@if ( test -f \$(INCLUDE)[^ ]* )@if ( true )@; s@INCLUDE=/usr/include@INCLUDE=/no-such-path@" -i base/unix-aux.mak
|
|
sed "s@^ZLIBDIR=.*@ZLIBDIR=${zlib.dev}/include@" -i configure.ac
|
|
|
|
autoconf
|
|
'' + lib.optionalString cupsSupport ''
|
|
configureFlags="$configureFlags --with-cups-serverbin=$out/lib/cups --with-cups-serverroot=$out/etc/cups --with-cups-datadir=$out/share/cups"
|
|
'';
|
|
|
|
configureFlags =
|
|
[ "--with-system-libtiff"
|
|
"--enable-dynamic"
|
|
] ++ lib.optional x11Support "--with-x"
|
|
++ lib.optional cupsSupport "--enable-cups";
|
|
|
|
doCheck = true;
|
|
|
|
# don't build/install statically linked bin/gs
|
|
buildFlags = [ "so" ];
|
|
installTargets = [ "soinstall" ];
|
|
|
|
postInstall = ''
|
|
ln -s gsc "$out"/bin/gs
|
|
|
|
cp -r Resource "$out/share/ghostscript/${version}"
|
|
|
|
mkdir -p "$doc/share/doc/ghostscript"
|
|
mv "$doc/share/doc/${version}" "$doc/share/doc/ghostscript/"
|
|
|
|
ln -s "${fonts}" "$out/share/ghostscript/fonts"
|
|
'' + stdenv.lib.optionalString stdenv.isDarwin ''
|
|
for file in $out/lib/*.dylib* ; do
|
|
install_name_tool -id "$file" $file
|
|
done
|
|
'';
|
|
|
|
preFixup = lib.optionalString stdenv.isDarwin ''
|
|
install_name_tool -change libgs.dylib.${version} $out/lib/libgs.dylib.${version} $out/bin/gs
|
|
'';
|
|
|
|
passthru = { inherit version; };
|
|
|
|
meta = {
|
|
homepage = https://www.ghostscript.com/;
|
|
description = "PostScript interpreter (mainline version)";
|
|
|
|
longDescription = ''
|
|
Ghostscript is the name of a set of tools that provides (i) an
|
|
interpreter for the PostScript language and the PDF file format,
|
|
(ii) a set of C procedures (the Ghostscript library) that
|
|
implement the graphics capabilities that appear as primitive
|
|
operations in the PostScript language, and (iii) a wide variety
|
|
of output drivers for various file formats and printers.
|
|
'';
|
|
|
|
license = stdenv.lib.licenses.agpl3;
|
|
|
|
platforms = stdenv.lib.platforms.all;
|
|
maintainers = [ stdenv.lib.maintainers.viric ];
|
|
};
|
|
}
|