From unknown Fri Sep 19 19:42:44 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes]. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 09 Oct 2017 18:47:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 28762 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 28762@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.150757477117675 (code B ref -1); Mon, 09 Oct 2017 18:47:01 +0000 Received: (at submit) by debbugs.gnu.org; 9 Oct 2017 18:46:11 +0000 Received: from localhost ([127.0.0.1]:58553 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1d47-0004b1-Di for submit@debbugs.gnu.org; Mon, 09 Oct 2017 14:46:11 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52709) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1d45-0004am-Lw for submit@debbugs.gnu.org; Mon, 09 Oct 2017 14:46:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e1d3z-0002yo-Dl for submit@debbugs.gnu.org; Mon, 09 Oct 2017 14:46:04 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47835) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e1d3z-0002yf-9b for submit@debbugs.gnu.org; Mon, 09 Oct 2017 14:46:03 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43659) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e1d3x-0008Oh-Kc for guix-patches@gnu.org; Mon, 09 Oct 2017 14:46:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e1d3u-0002vJ-Sd for guix-patches@gnu.org; Mon, 09 Oct 2017 14:46:01 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:50413) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e1d3u-0002uS-P2 for guix-patches@gnu.org; Mon, 09 Oct 2017 14:45:58 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B7F98218C7; Mon, 9 Oct 2017 14:45:56 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 09 Oct 2017 14:45:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=B7XhJX5YnmJaetirk2yD9+q6OpO v3RoAFlxJsdDoMwk=; b=SPukoFX8EVNfEPXkIl11hHI3FpzzxlEx+1fEORLdgdw aSwm9lqwAmvD2b8Dtc8rBJyECGp/UmukR/gKxC27qHv7WpOtEJah/H3AbzFbh0+0 hogX3GIdjHktCb3XXzJTxLUAYnndcEqt3noU1/Pyya+c+j3dTSZUvM5EToYDq5bs = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=B7XhJX 5YnmJaetirk2yD9+q6OpOv3RoAFlxJsdDoMwk=; b=LfOsL8VPAB4/ildT4IyfAT PQ7DFCPyBLih37Yieifvg+wHq3RcCidLKvJp55zyNDqK5RMUYRVCDE4CsDilm26l nX6VdhZpWI1hHOlhG7MGkAn9lxgrL79DtIwPhVzihTjVPoGCYmBbZKY3SCL+L3gi 5qujKVIcTym8t1xlo+mpVuQRdZl4WJebeD0AFMFmYJ2MrH1s+vhrW+O999DrJcAQ br+8FV0M1t/OYg9+F8VkS8SvAHOPvcnt/KS3wIIUN9v9g+YcBtZmquu0Su9yyiRm TnNhymHwPBcIqum9OcNhm3RRGw2lO0KzbYdU5FAv4AlsGxuZT2XAWRdRElP+FQvA == X-ME-Sender: X-Sasl-enc: FQeN/NnGuzZl+KcCzLzxtvVqQ4wuZqtUN+5XTVWBm149 1507574756 Received: from jasmine.lan (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 6A34E7FA74 for ; Mon, 9 Oct 2017 14:45:56 -0400 (EDT) From: Leo Famulari Date: Mon, 9 Oct 2017 14:45:51 -0400 Message-Id: X-Mailer: git-send-email 2.14.2 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) Fixes CVE-2017-{7948,7975,8908,9216,9610,9611,9612,9618,9619,9620,9726,9727, 9739,9740,9835}. * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field. (ghostscript-9.22): New variables. --- gnu/packages/ghostscript.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index d5d5aa2df..1e036a5e4 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -131,6 +131,7 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") + (replacement ghostscript-9.22) (version "9.21") (source (origin @@ -254,6 +255,34 @@ output file formats and printers.") (home-page "https://www.ghostscript.com/") (license license:agpl3+))) +(define ghostscript-9.22 + (package + (inherit ghostscript) + (version "9.22") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/ArtifexSoftware/" + "ghostpdl-downloads/releases/download/gs" + (string-delete #\. version) + "/ghostscript-" version ".tar.xz")) + (sha256 + (base32 + "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61")) + (patches (search-patches "ghostscript-runpath.patch" + "ghostscript-no-header-creationdate.patch" + "ghostscript-no-header-id.patch" + "ghostscript-no-header-uuid.patch")) + (modules '((guix build utils))) + (snippet + ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so + ;; we leave it, at least for now. + ;; TODO Try unbundling ijs, which is developed alongside Ghostscript. + '(begin + (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg" + "lcms2" "libpng" + "tiff" "zlib")))))))) + (define-public ghostscript/x (package/inherit ghostscript (name (string-append (package-name ghostscript) "-with-x")) -- 2.14.2 From unknown Fri Sep 19 19:42:44 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28762] [PATCH] gnu: ghostscript: Replace with 9.22 [security fixes]. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 09 Oct 2017 20:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28762 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Famulari Cc: 28762@debbugs.gnu.org Received: via spool by 28762-submit@debbugs.gnu.org id=B28762.150758239032632 (code B ref 28762); Mon, 09 Oct 2017 20:54:01 +0000 Received: (at 28762) by debbugs.gnu.org; 9 Oct 2017 20:53:10 +0000 Received: from localhost ([127.0.0.1]:58694 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1f30-0008UG-1W for submit@debbugs.gnu.org; Mon, 09 Oct 2017 16:53:10 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33626) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1f2x-0008U4-UN for 28762@debbugs.gnu.org; Mon, 09 Oct 2017 16:53:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e1f2r-0005s3-QM for 28762@debbugs.gnu.org; Mon, 09 Oct 2017 16:53:02 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:38180) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e1f2r-0005rx-Mg; Mon, 09 Oct 2017 16:53:01 -0400 Received: from [2a01:e0a:1d:7270:6a6c:dc17:fc02:cfda] (port=40404 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1e1f2r-0007EV-4x; Mon, 09 Oct 2017 16:53:01 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 =?UTF-8?Q?Vend=C3=A9miaire?= an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 09 Oct 2017 22:52:58 +0200 In-Reply-To: (Leo Famulari's message of "Mon, 9 Oct 2017 14:45:51 -0400") Message-ID: <874lr8qc0l.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > Fixes CVE-2017-{7948,7975,8908,9216,9610,9611,9612,9618,9619,9620,9726,97= 27, > 9739,9740,9835}. > > * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field. > (ghostscript-9.22): New variables. [...] > +(define ghostscript-9.22 > + (package > + (inherit ghostscript) > + (version "9.22") > + (source > + (origin > + (method url-fetch) > + (uri (string-append "https://github.com/ArtifexSoftware/" > + "ghostpdl-downloads/releases/download/gs" > + (string-delete #\. version) > + "/ghostscript-" version ".tar.xz")) > + (sha256 > + (base32 > + "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61")) > + (patches (search-patches "ghostscript-runpath.patch" > + "ghostscript-no-header-creationdate.pat= ch" > + "ghostscript-no-header-id.patch" > + "ghostscript-no-header-uuid.patch")) > + (modules '((guix build utils))) > + (snippet > + ;; Remove bundled libraries. The bundled OpenJPEG is a patched= fork so > + ;; we leave it, at least for now. > + ;; TODO Try unbundling ijs, which is developed alongside Ghost= script. > + '(begin > + (for-each delete-file-recursively '("freetype" "jbig2dec" "j= peg" > + "lcms2" "libpng" > + "tiff" "zlib")))))))) Maybe: (source (origin (inherit (package-source ghostscript)) (uri =E2=80=A6) (sha256 =E2=80=A6) (patches =E2=80=A6))) It should be slightly more concise. Otherwise LGTM, thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 10 10:55:46 2017 Received: (at control) by debbugs.gnu.org; 10 Oct 2017 14:55:46 +0000 Received: from localhost ([127.0.0.1]:60750 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1vwg-0005xF-HA for submit@debbugs.gnu.org; Tue, 10 Oct 2017 10:55:46 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:51791) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1vwe-0005x8-KY for control@debbugs.gnu.org; Tue, 10 Oct 2017 10:55:44 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 8CCB0216E7; Tue, 10 Oct 2017 10:55:43 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Tue, 10 Oct 2017 10:55:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=kDeLlYpeFIcu6Y5 kBvm16ZVkC9fdECZxhUZMDKbNyDU=; b=v7F9Elf+9HKXJ9jHYrO2A8kJ4/LgJA8 baMNTmdgnuq2dYfo1/Vz69vC1weAYCUFDan02EPrUpi+WHheOfweYoJ2ID8mzgfO yyvDo519oDkbZdmjc6g6b7/KsXrdhyJn/3HNslFyUAm5BAm1eOsk6a22198O7Nt4 QP7t5KtAEHFE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=kDeLlYpeFIcu6Y5kBvm16ZVkC9fdECZxhUZMDKbNyDU=; b=b/rmY pZq5TMhhkurYOgOkNOyqG7p8WxDc1Hy+P5DHN3eUq03Uy2lfwtPAYBrteC3oUpfb cS0esUEkk7n4sGga5YPbQoWBiTZ9fiacNmAo4Sy9kPEg7WkIr90uYC+WNC8BL2en ssv35n8BbDOwPKrHUIkRUIxbzLqZKFrK/DLT2tZE0zuQjvRxCWt4d6qFctK50Z8Z IAvWY/cfMwELLHZWPkXWXdqUp+V/t7ysw4dpGpq33XJ4FbUNyUegxdlM3QqgAZT7 xPddOA36ggpeVQZGTTJFHUkDr6I98bBdlfDpiJQZWZ91yalPi0+Q1BPUIGlUbixw DoJtCYS8kwSLwehbg== X-ME-Sender: X-Sasl-enc: U++FGDema6UXx5qhiOIL3Ja/D2oJ9WGnAEeHRcoFLhs1 1507647343 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 3D2A97E3DB for ; Tue, 10 Oct 2017 10:55:43 -0400 (EDT) Date: Tue, 10 Oct 2017 10:55:41 -0400 From: Leo Famulari To: control@debbugs.gnu.org Message-ID: <20171010145541.GA18637@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline User-Agent: Mutt/1.9.1 (2017-09-22) X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: close 28762 28762 close [...] Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [66.111.4.25 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.25 listed in wl.mailspike.net] 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: close 28762 28762 close [...] Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.25 listed in wl.mailspike.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [66.111.4.25 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline close 28762 28762 close --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlnc320ACgkQJkb6MLrK fwg5LA//Xi+GkXi4B/4hKroDTttkoaezKvpoA5Gh9Iv5v2RY20Rqj5aNBSamn+/m wh09S3zBLhR+Gb/ubJCiBxCl8x79kmE4cYqxcKnk8DG2B+F647mTbqQISAamDsWN fW9dV8kqooYSkjoAvh3t1aQ/wXqgveco+xrbq7VkfL1/24f0bKknZds1RZaHmTCm vTBhcYwrLTe+6BT4ksc697GL4PYSKhJUKtCa3RPELjNdFrcBaO7/gqKKqdfUADL9 xxs9TKsak/kG9+FpkIOF/yR1y3oHrv7f52A/y1zv3/xAtwdDprsHK2QMmY1lTEli 4OzN5oeRGzXdBeb85LIbNB0871T7pa+CdLfhJn7Zv0uUxlQGxmR3kt+ywr7VEK15 VGcq1HRiMlqJuhgyNbVFagxLQ8YXSOKHEtCfCodzrt2wYx/XUotITw0TJn+8JZlF 439vu3FM+cytYaXPKRNBGtmNNGD6sOC0CkWUgFYDUG6qEqIcWPLSNRSzXOKhdL29 XdypWW/Tkp92TVCS6rkvYtA1G38GG/1vmkrRcCFFxF9d+ZSgGLbdy2aqw0FpXZA6 BPVTOgORHDQvNA8S1FhxFccBiHpxCBd1OY8I8SE0oEL/PywDgZ0YZPIM+2kZsLxF rXciFUfvkOnHieqaznd2IKRFwV4nztFbmyrEry72RyUDBR+cjR0= =Nr7G -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE--