1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 11:40:45 +00:00
Commit graph

129 commits

Author SHA1 Message Date
Vladimír Čunát bc263d91ce
Merge #243316: ghostscript: 10.01.1 -> 10.01.2
..into staging-next.  This is a topologically earlier re-merge,
as it seems fairly important security fix and not that huge rebuild.
2023-07-15 14:21:07 +02:00
Samae cd5749c5b0 ghostscript: 10.01.1 -> 10.01.2
Minor update to counter CVE-2023-36664

Closes #243250
2023-07-14 00:53:43 +03:00
Vincenzo Mantova 67bf09ea95 ghostscript: fix dynamic linking of gsx on darwin 2023-06-26 23:12:31 +01:00
figsoda b643a42a1f ghostscript: don't use lib.optional with a list 2023-05-29 19:41:39 -04:00
Robert Scott bcf58d9125 ghostscript.tests.test-corpus-render: unstable-2020-02-19 -> unstable-2022-12-01 2023-04-12 23:05:55 +01:00
Robert Scott a0878852ff ghostscript: add some key reverse-dependencies to passthru.tests 2023-04-12 00:25:58 +01:00
Robert Scott 0afc44be9a ghostscript: 9.56.1 -> 10.01.1 2023-04-12 00:25:57 +01:00
Sergei Trofimovich 051228cee4 ghostscript: use xorg.* packages directly instead of xlibsWrapper indirection
Validated as no change in `out`, `man`, `doc` outputs with diffoscope on
`ghostscript` expression.
2022-10-04 19:59:30 +01:00
Robert Scott 2047e6eb7d ghostscript: 9.55.0 -> 9.56.1 2022-04-29 22:36:08 +01:00
Maximilian Bosch d9218155d2
ghostscript: use system-wide openjpeg
The following error occurs when using `imagemagickBig`:

    $ ./result/bin/identify sample.jp2
    [1]    699089 IOT instruction (core dumped)  ./result/bin/identify sample.jp2

When looking at the call-trace it seems as if certain symbols, e.g.
`opj_malloc` are mixed up:

    #8  0x00007f78c79ad2f5 in MagickSignalHandler.cold () from /nix/store/bqy80qiw6czqh7vsmmmivwdswp9zzjgl-imagemagick-7.1.0-29/lib/libMagickCore-7.Q16HDRI.so.10
    #9  <signal handler called>
    #10 0x00007f78c5a6095f in opj_malloc () from /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9
    #11 0x00007f78c5a60981 in opj_calloc () from /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9
    #12 0x00007f78c4f48e24 in opj_create_decompress () from /nix/store/qwalb0kjz1p9c4j48qkk6ql47ds2lnhh-openjpeg-2.4.0/lib/libopenjp2.so.7

The `opj_create_decompress()` is called from the `openjpeg`-integration
of `imagemagick` and thus shouldn't affect `ghostscript` at all.
However, `ghostscript` (`libgs.so` to be precise) also exposes e.g.
`opj_malloc`:

    $ objdump -t /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9.55|grep opj_malloc
    0000000000205940 g     F .text	000000000000002b              opj_malloc

Because of that, two incompatible symbols are used in the same process
and thus the `identify`-call breaks because the wrong one is used. To
work around that I decided to use the system-wide openjpeg instead.
I'm not sure why `libgs.so` wants to expose these symbols anyways, but
with that workaround the problem is solved.

Even though it's mentioned that ghostscript's openjpeg is heavily
patched, I think that this is somewhat outdated or at least irrelevant
considering that both ArchLinux[1] and Fedora[2] use the system-wide
`openjpeg` instead.

[1] bafcb5473b/trunk/PKGBUILD (L50)
[2] e4eec13ab6/f/ghostscript.spec (_245)
2022-04-23 00:54:22 +02:00
Felix Buehler c01851e31c ghostscriptX: remove appendToName to have a consistent package name for repology 2022-02-23 10:22:05 +01:00
Robert Scott f789367c26
ghostscript: 9.53.3 -> 9.55.0 (#153239)
leaving new tesseract support disabled for now
2022-01-08 20:01:38 -05:00
Alyssa Ross 4e1852096f
Merge remote-tracking branch 'nixpkgs/staging-next' into staging
Conflicts:
	pkgs/development/tools/parsing/flex/2.6.1.nix
2021-11-14 14:17:46 +00:00
Markus S. Wamser b0249fdf99 pkgs.misc: remove unused args 2021-11-13 23:09:33 +01:00
Sandro Jäckel 1ab1b4561d
ghostscript: remove ? null, format 2021-11-05 21:08:58 +01:00
Artturin 75fd86fb25 ghostscript: fix cross-compile
zlib has to be in nativeBuildInputs too because its run during the
build, i think.
2021-11-05 19:57:04 +02:00
Samuel Gräfenstein 5323733f7b
ghostscript: set meta.mainProgram 2021-10-11 16:44:25 +02:00
Robert Scott 57692f6d3e ghostscript: add passthru.tests.test-corpus-render
this simply attempts rendering every ps/eps/pdf file in the ghostscript
test corpus
2021-09-12 13:14:03 +01:00
Robert Scott 8dba41756b
Merge pull request #137421 from risicle/ris-ghostscript-install-tests
ghostscript: disable checkPhase, expand installCheckPhase
2021-09-12 12:32:19 +01:00
Robert Scott d24d65786c ghostscript: disable checkPhase, expand installCheckPhase
upon closer inspection, `make check` does little except rebuild
everything with some different options. ghostscript has a python-based
test suite, but it looks like an unmaintained disaster zone.

so the best we can probably do for now is ensure we can render all the
provided examples.
2021-09-11 19:42:38 +01:00
Timothy 79eed79c8f ghostscript: add patch for CVE-2021-3781 2021-09-11 11:11:19 +07:00
Ben Siraphob badf51221d treewide: stdenv.lib -> lib 2021-01-16 17:58:11 +07:00
Sirio Balmelli a775974c8a
ghostscript: fix broken rpath on Darwin
Dynamic library name on Darwin contains only 'maj.min' eg "9.53";
the build however used $version to set rpath;
this broke on 2029ca37 when $version went from "9.52" to "9.53.3".

Add a call to 'gs' in installCheckPhase,
to break the build if dylib issues arise in the future.

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
2020-11-25 10:28:21 +01:00
Jan Tojnar 6b76a2d004 ghostscript: clean up
* Do not use pkgconfig alias.
* Move version & hash inline.
2020-11-01 10:04:30 +01:00
TredwellGit 2029ca3791 ghostscript: 9.52 -> 9.53.3
https://www.ghostscript.com/doc/9.53.3/News.htm
2020-11-01 10:04:08 +01:00
Robert Scott 9292dbf7fa ghostscript: add patch for CVE-2020-15900 2020-08-24 11:57:06 +02:00
Alyssa Ross 39fef703bf ghostscript: fix build
This hack is no longer necessary, since multiple-outputs.sh has been
fixed to install docs in the right location.
2020-06-29 13:56:27 +00:00
Martin Milata 1c7d22e663 ghostscript: 9.50 -> 9.52
https://www.ghostscript.com/doc/9.51/News.htm
https://www.ghostscript.com/doc/9.52/News.htm
2020-06-04 18:27:53 +02:00
Benno Fünfstück 260be73708 ghostscript: apply patch to fix parallel build
The build process of ghostscript has missing dependencies, causing
failures in parallel builds (see hydra build
https://hydra.nixos.org/build/117095669/, reported as ghostscript bug
https://bugs.ghostscript.com/show_bug.cgi?id=702364 here)
2020-05-01 17:03:24 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Robin Gloster e9c27ed5f9
treewide: configureFlags is a flat list 2019-12-31 01:34:39 +01:00
Robert Scott 6217e94778 ghostscript: add patch for CVE-2019-14869 2019-11-16 13:36:25 +00:00
Robert Scott 0b32782d33 ghostscript: 9.27 -> 9.50 2019-10-29 13:31:22 +01:00
Robert Scott 4bf03aa616 ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and most of CVE-2019-14817
the latter's patch is only partially applied because it doesn't apply
cleanly to 9.27, still the fixes that do apply work and are better than
nothing
2019-10-22 09:48:50 +02:00
Robert Scott 6882778e26 ghostscript: 9.26 -> 9.27 (security) 2019-10-22 09:48:50 +02:00
volth c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
Robert Scott f55969bbb3 ghostscript: add patches for CVE-2019-3839 2019-05-24 23:21:38 +01:00
Pierre Bourdon 91c46d17d5
ghostscript: add patch for CVE-2019-6116
This is tagged as version 9.26a in the ghostpdl repo, but unfortunately
there are no tarballs released with that version number so far. We'll
continue calling this version 9.26 for now for simplicity's sake (and we
can switch to 9.26a and remove the patch when it's properly released).

Fixes #58262
Fixes #58089
2019-03-26 02:46:57 +01:00
Pierre Bourdon 128bb7be2a
ghostscript: link against "systemwide" liblcms2
GS ships with a fork of lcms2 ("lcms2mt"), but the ABI separation
between the fork and the original seems insufficient. If libgs is linked
alongside liblcms2 (for example, this is the case with imagemagick) then
it will call into the original library instead of the fork, causing
segfaults.

Follow the example of both Arch and Debian in this regard -- they both
use the systemwide lib instead of the fork.
2019-03-11 00:07:18 +01:00
Jan Malakhovski d064592f36 ghostscript: move defaults to package file 2019-02-03 15:30:19 +00:00
Tor Hedin Brønner 0ed7d3c62a ghostscript: 9.25 -> 9.26 2018-12-08 19:15:06 +01:00
Florian Klink 02b0836d42 ghostscript: update hash (#47946)
I previously didn't update the hash, so was still building ghostscript-9.24
(which explained why docs were still from 9.24)

The ICC profile validation patch from #47937 is included in 9.25, so we
can strip it from the list of patches.

cc @xeji
2018-10-06 01:54:26 +02:00
Andreas Rammhold 938d98ebd5
Merge pull request #47937 from flokli/ghostscript-icc-profile-validation
ghostscript: include icc profile validation patch
2018-10-06 00:47:49 +02:00
Florian Klink 3f65f10982 ghostscript: 9.24 -> 9.25 (#47934)
Highlights in this release include:

This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.

CVE-2018-16802
CVE-2018-17183

Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.

Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.

As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.

IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).

The usual round of bug fixes, compatibility changes, and incremental improvements.
2018-10-06 00:47:08 +02:00
Edmund Wu 9a57e00a36 ghostscript: include icc profile validation patch
See https://github.com/apple/cups/issues/5394

closes #47193, #46216

source url
http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=bc3df0773fcc
contains invalid characters, which is why we don't fetchpatch.

(cherry picked from commit 2aa750694e)
2018-10-05 23:20:00 +02:00
Vladimír Čunát a3f6a4b9b6
ghostscript: fix nitpicks after the update
- unused lcms2 input
- reference $out -> $doc
2018-09-04 18:50:49 +02:00
Vladimír Čunát c19136b1cd
ghostscript: 9.22 -> 9.24 (security)
The $doc stuff needed changes, probably because of ghostscript newly
reacting to some configure flags that stdenv passes.
 - share/ghostscript/9.22/doc was an ugly location for documentation,
   and I didn't like their new share/ghostscript/9.24 either,
   so that got changed to share/doc/ghostscript/9.24
 - their process no longer installs examples, apparently,
   but I don't expect that would be any problem for us
2018-09-04 18:17:01 +02:00
volth 52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Vladimír Čunát ca6952fcb7
ghostscript: security 9.20 -> 9.22
There are also non-security changes in the releases. /cc #32459.
Printing test OK, and I tested work with some postscript files.
I also fixed the license - it was changed in 2013 :-/
2017-12-09 17:50:05 +01:00
Frederik Rietdijk 62dac1bdd9 Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-14 09:34:10 +02:00