3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

87 commits

Author SHA1 Message Date
Robert Scott 4bf03aa616 ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and most of CVE-2019-14817
the latter's patch is only partially applied because it doesn't apply
cleanly to 9.27, still the fixes that do apply work and are better than
nothing
2019-10-22 09:48:50 +02:00
Robert Scott 6882778e26 ghostscript: 9.26 -> 9.27 (security) 2019-10-22 09:48:50 +02:00
volth c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
Robert Scott f55969bbb3 ghostscript: add patches for CVE-2019-3839 2019-05-24 23:21:38 +01:00
Pierre Bourdon 91c46d17d5
ghostscript: add patch for CVE-2019-6116
This is tagged as version 9.26a in the ghostpdl repo, but unfortunately
there are no tarballs released with that version number so far. We'll
continue calling this version 9.26 for now for simplicity's sake (and we
can switch to 9.26a and remove the patch when it's properly released).

Fixes #58262
Fixes #58089
2019-03-26 02:46:57 +01:00
Pierre Bourdon 128bb7be2a
ghostscript: link against "systemwide" liblcms2
GS ships with a fork of lcms2 ("lcms2mt"), but the ABI separation
between the fork and the original seems insufficient. If libgs is linked
alongside liblcms2 (for example, this is the case with imagemagick) then
it will call into the original library instead of the fork, causing
segfaults.

Follow the example of both Arch and Debian in this regard -- they both
use the systemwide lib instead of the fork.
2019-03-11 00:07:18 +01:00
Jan Malakhovski d064592f36 ghostscript: move defaults to package file 2019-02-03 15:30:19 +00:00
Tor Hedin Brønner 0ed7d3c62a ghostscript: 9.25 -> 9.26 2018-12-08 19:15:06 +01:00
Florian Klink 02b0836d42 ghostscript: update hash (#47946)
I previously didn't update the hash, so was still building ghostscript-9.24
(which explained why docs were still from 9.24)

The ICC profile validation patch from #47937 is included in 9.25, so we
can strip it from the list of patches.

cc @xeji
2018-10-06 01:54:26 +02:00
Andreas Rammhold 938d98ebd5
Merge pull request #47937 from flokli/ghostscript-icc-profile-validation
ghostscript: include icc profile validation patch
2018-10-06 00:47:49 +02:00
Florian Klink 3f65f10982 ghostscript: 9.24 -> 9.25 (#47934)
Highlights in this release include:

This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.

CVE-2018-16802
CVE-2018-17183

Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.

Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.

As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.

IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).

The usual round of bug fixes, compatibility changes, and incremental improvements.
2018-10-06 00:47:08 +02:00
Edmund Wu 9a57e00a36 ghostscript: include icc profile validation patch
See https://github.com/apple/cups/issues/5394

closes #47193, #46216

source url
http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=bc3df0773fcc
contains invalid characters, which is why we don't fetchpatch.

(cherry picked from commit 2aa750694e)
2018-10-05 23:20:00 +02:00
Vladimír Čunát a3f6a4b9b6
ghostscript: fix nitpicks after the update
- unused lcms2 input
- reference $out -> $doc
2018-09-04 18:50:49 +02:00
Vladimír Čunát c19136b1cd
ghostscript: 9.22 -> 9.24 (security)
The $doc stuff needed changes, probably because of ghostscript newly
reacting to some configure flags that stdenv passes.
 - share/ghostscript/9.22/doc was an ugly location for documentation,
   and I didn't like their new share/ghostscript/9.24 either,
   so that got changed to share/doc/ghostscript/9.24
 - their process no longer installs examples, apparently,
   but I don't expect that would be any problem for us
2018-09-04 18:17:01 +02:00
volth 52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Vladimír Čunát ca6952fcb7
ghostscript: security 9.20 -> 9.22
There are also non-security changes in the releases. /cc #32459.
Printing test OK, and I tested work with some postscript files.
I also fixed the license - it was changed in 2013 :-/
2017-12-09 17:50:05 +01:00
Frederik Rietdijk 62dac1bdd9 Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-14 09:34:10 +02:00
Tuomas Tynkkynen 3f29eb8248 ghostscript: Add man output 2017-08-11 21:32:53 +03:00
mimadrid 09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Silvan Mosberger f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Anthony Cowley c37464a9b1 ghostscript: fix installed library name on darwin 2017-02-16 13:32:39 -05:00
Graham Christensen 3c2306e216
ghostscript: 9.18 -> 9.20 for multiple CVEs: https://lwn.net/Vulnerabilities/703324/ 2016-10-19 08:09:17 -04:00
Tuomas Tynkkynen 7fb29bfa73 treewide: Make explicit that 'dev' output of zlib is used 2016-05-19 10:04:38 +02:00
Sebastian Hagen c84d366295
ghostscript: update upstream URL
Closes #15342
2016-05-10 10:32:48 +02:00
Nikolay Amiantov a589b7bd5f ijs: derive from ghostscript 2016-04-30 03:12:32 +03:00
Nikolay Amiantov 70efc87a06 ghostscript: copy resources, cleanup 2016-02-02 16:52:03 +03:00
Nikolay Amiantov a814e243b5 ghostscript: 9.15 -> 9.18 2016-01-17 15:50:40 +03:00
Sven Keidel dfc8217aa0 ghostscript: change dynamic library path, fixes #11165 2016-01-05 16:04:33 +01:00
Vladimír Čunát 21e3ff658a x11: replace its usage by xlibsWrapper directly
Scilab note: the parameters already had pointed to nonexistent dirs
before this set of refactoring. But that config wasn't even used by
default.
2015-09-15 12:08:24 +02:00
Vladimír Čunát a732b1413f ghostcript: work around a parallel check problem
http://hydra.nixos.org/build/24811657
Hopefully OK now - I couldn't reproduce it with 4 cores and HT.
2015-08-18 10:36:00 +02:00
William A. Kennington III 49adfe2ff9 ghostscript: Fix patches 2015-08-03 14:28:11 -07:00
William A. Kennington III a2da9cfcaf Merge branch 'master.upstream' into staging.upstream 2015-08-03 14:27:14 -07:00
Robert Scott 179cdbc62c ghostscript: add patch fixing CVE-2015-3228 (from debian) 2015-08-02 09:40:05 +02:00
William A. Kennington III 494be35e40 ghostscript: Fix after merge from master 2015-07-27 09:11:23 -07:00
William A. Kennington III bd5f2c9638 Merge branch 'master.upstream' into staging.upstream 2015-07-27 08:17:19 -07:00
Eelco Dolstra 0c91c169c0 ghostscript: Get rid of docs/examples 2015-07-26 22:46:45 +02:00
Vladimír Čunát 3465ffa8b0 ghostscript: reduce size significantly, /cc #8990
- Don't use static bin/gs.
- Split docs into a separate output.
- Split fonts into another derivation, so they're not reinstalled when
  something changes.
- Drop --disable-sse2
  https://github.com/NixOS/nixpkgs/commit/e723c512c#commitcomment-12361078
- Some cleanups.
2015-07-26 16:04:17 +02:00
Eric Seidel e08b9ab8d3 kill libiconvOr*
Conflicts:
	pkgs/applications/networking/mailreaders/sup/default.nix
	pkgs/development/compilers/ghc/7.8.3-binary.nix
	pkgs/development/interpreters/php/5.3.nix
	pkgs/development/interpreters/ruby/patches.nix
	pkgs/development/libraries/cairo/default.nix
	pkgs/development/libraries/poppler/default.nix
	pkgs/top-level/all-packages.nix
2015-02-07 20:29:28 -08:00
Nikolay Amiantov e723c512c5 ghostscript: drop GNU fork and update 2014-11-14 13:51:26 +03:00
Mateusz Kowalczyk 277f6a9779 Revert "ghostscriptX: update from 9.06 to 9.14, potentially fixes CVE-2012-4405"
This reverts commit 13fab57d12.

Hopefully fixes the printing tests at
http://hydra.nixos.org/build/14952070/log/raw ; if not, it's probably
gutenprint although I doubt:

client# lp: Unsupported document-format "application/pdf".
2014-10-02 09:04:23 +01:00
Mateusz Kowalczyk 13fab57d12 ghostscriptX: update from 9.06 to 9.14, potentially fixes CVE-2012-4405
cc @viric
2014-09-30 11:11:47 +01:00
Bjørn Forsman c9baba9212 Fix many package descriptions
(My OCD kicked in today...)

Remove repeated package names, capitalize first word, remove trailing
periods and move overlong descriptions to longDescription.

I also simplified some descriptions as well, when they were particularly
long or technical, often based on Arch Linux' package descriptions.

I've tried to stay away from generated expressions (and I think I
succeeded).

Some specifics worth mentioning:
 * cron, has "Vixie Cron" in its description. The "Vixie" part is not
   mentioned anywhere else. I kept it in a parenthesis at the end of the
   description.

 * ctags description started with "Exuberant Ctags ...", and the
   "exuberant" part is not mentioned elsewhere. Kept it in a parenthesis
   at the end of description.

 * nix has the description "The Nix Deployment System". Since that
   doesn't really say much what it is/does (especially after removing
   the package name!), I changed that to "Powerful package manager that
   makes package management reliable and reproducible" (borrowed from
   nixos.org).

 * Tons of "GNU Foo, Foo is a [the important bits]" descriptions
   is changed to just [the important bits]. If the package name doesn't
   contain GNU I don't think it's needed to say it in the description
   either.
2014-08-24 22:31:37 +02:00
Mateusz Kowalczyk 7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
Eelco Dolstra fc961af360 ghostscript: Revert to 9.06
The newer version breaks printing to non-Postscript printers (e.g. HP
Deskjets).  This is because the gstoraster and gstopxl filters were
removed.  They are now in a package named "cups-filters" that we don't
have yet.
2013-09-26 18:03:43 +02:00
Vladimír Čunát 83c734cf38 ghostscript: maintenance update 2013-09-02 17:14:49 +02:00
Vladimír Čunát c1e62e7e91 Merge branch 'master' into x-updates 2013-08-22 19:29:09 +02:00
Vladimír Čunát af0e6b6b2b ghostscript: bugfix update (old tarball removed upstream)
There was some incompatibility problem with the last update,
so upstream retracted the previous release.
2013-08-22 12:37:19 +02:00
Ludovic Courtès 2e937c437a unmaintain several packages 2013-08-16 23:45:01 +02:00
Vladimír Čunát b8d00ac153 ghostscript: minor update, a little refactoring
Builds fine, I tried running some apps depending on it.
2013-08-15 20:48:14 +02:00
Mathijs Kwik 04cbaef102 keep lcms versioning in all-packages.nix 2013-07-01 07:52:13 +02:00