mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-21 13:10:33 +00:00
Code Issues Wiki Activity

ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and most of CVE-2019-14817

Browse source 
the latter's patch is only partially applied because it doesn't apply
cleanly to 9.27, still the fixes that do apply work and are better than
nothing
This commit is contained in:
Robert Scott 2019-09-28 00:40:04 +01:00 committed by Frederik Rietdijk
parent 6882778e26
commit 4bf03aa616
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pkgs/misc/ghostscript/default.nix
View file

@ -47,6 +47,24 @@ stdenv.mkDerivation rec {
patches = [
./urw-font-files.patch
./doc-no-ref.diff
(fetchpatch {
name = "CVE-2019-10216.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5b85ddd19a8420a1bd2d5529325be35d78e94234";
sha256 = "165svml4knq1xlysfvj7vc07h68bhv3rgvl83xrhxsxdzs1ign31";
})
(fetchpatch {
name = "CVE-2019-14811.CVE-2019-14812.CVE-2019-14813.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33";
sha256 = "19928sr7xpx7iibk9gn127g0r1yv2lcfpwgk2ipzz4wgrs3f5j70";
})
(fetchpatch {
name = "CVE-2019-14817-partial.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19";
# patch doesn't apply cleanly to all files, but at least partially applying it fixes
# *most* of the problematic sites.
excludes = ["Resource/Init/pdf_font.ps"];
sha256 = "0f8qgdqpv7bldc9akvjj10af2h2876cvnz4q3nvg4a00rk5i05wn";
})
];
outputs = [ "out" "man" "doc" ];