GNU bug report logs -
#46566
[PATCH 0/2 core-updates] ghostscript update
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 46566 in the body.
You can then email your comments to 46566 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Tue, 16 Feb 2021 19:12:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Vincent Legoll <vincent.legoll <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 16 Feb 2021 19:12:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
The following patches will update ghostscript
and its new input jbig2dec.
I rebuilt some dependents successfully until my
storage was full.
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Tue, 16 Feb 2021 19:14:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 46566 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source](patches): Remove it.
[native-inputs]: Add jbig2dec.
---
gnu/local.mk | 1 -
gnu/packages/ghostscript.scm | 6 ++--
.../patches/ghostscript-CVE-2020-15900.patch | 36 -------------------
3 files changed, 3 insertions(+), 40 deletions(-)
delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index b9757fe69e..3caa6c6fc9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1061,7 +1061,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
- %D%/packages/patches/ghostscript-CVE-2020-15900.patch \
%D%/packages/patches/ghostscript-freetype-compat.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 19430d315a..53a631b095 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
- (version "9.52")
+ (version "9.53.3")
(source
(origin
(method url-fetch)
@@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.")
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
- "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
+ "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww"))
(patches (search-patches "ghostscript-freetype-compat.patch"
- "ghostscript-CVE-2020-15900.patch"
"ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
@@ -271,6 +270,7 @@ printing, and psresize, for adjusting page sizes.")
("pkg-config" ,pkg-config) ;needed for freetype
("python" ,python-minimal-wrapper)
("tcl" ,tcl)
+ ("jbig2dec" ,jbig2dec)
;; When cross-compiling, some of the natively-built tools require all
;; these libraries.
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
deleted file mode 100644
index b6658d7c7f..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2020-15900.
-
-https://cve.circl.lu/cve/CVE-2020-15900
-https://artifex.com/security-advisories/CVE-2020-15900
-
-Taken from upstream:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
-
-diff --git a/psi/zstring.c b/psi/zstring.c
---- a/psi/zstring.c
-+++ b/psi/zstring.c
-@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
- return 0;
- found:
- op->tas.type_attrs = op1->tas.type_attrs;
-- op->value.bytes = ptr;
-- r_set_size(op, size);
-+ op->value.bytes = ptr; /* match */
-+ op->tas.rsize = size; /* match */
- push(2);
-- op[-1] = *op1;
-- r_set_size(op - 1, ptr - op[-1].value.bytes);
-- op1->value.bytes = ptr + size;
-- r_set_size(op1, count + (!forward ? (size - 1) : 0));
-+ op[-1] = *op1; /* pre */
-+ op[-3].value.bytes = ptr + size; /* post */
-+ if (forward) {
-+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
-+ op[-3].tas.rsize = count; /* post */
-+ } else {
-+ op[-1].tas.rsize = count; /* pre */
-+ op[-3].tas.rsize -= count + size; /* post */
-+ }
- make_true(op);
- return 0;
- }
--
2.30.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Tue, 16 Feb 2021 19:14:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 46566 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/image.scm (jbig2dec): Update to 0.19.
---
gnu/packages/image.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 958f1dcc59..6dff48bd87 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -674,15 +674,15 @@ arithmetic ops.")
(define-public jbig2dec
(package
(name "jbig2dec")
- (version "0.18")
+ (version "0.19")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/ArtifexSoftware"
"/ghostpdl-downloads/releases/download"
- "/gs951/" name "-" version ".tar.gz"))
+ "/gs9533/" name "-" version ".tar.gz"))
(sha256
(base32
- "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy"))))
+ "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517"))))
(build-system gnu-build-system)
(arguments '(#:configure-flags '("--disable-static")
#:phases (modify-phases %standard-phases
--
2.30.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Tue, 16 Feb 2021 19:15:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 46566 <at> debbugs.gnu.org (full text, mbox):
The removed patch is in the new version (it was
extracted from the repository to begin with)
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Sat, 20 Feb 2021 18:26:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 46566 <at> debbugs.gnu.org (full text, mbox):
On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote:
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
> * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source](patches): Remove it.
> [native-inputs]: Add jbig2dec.
Thanks!
$ guix show jbig2dec | grep synopsis
synopsis: Decoder of the JBIG2 image compression format
It seems like it would be a run-time dependency, not just something used
to build ghostscript. In that case it would be an 'input', not a
'native-input'. What do you think?
Also, the idiomatic commit message would be like this:
------
gnu: ghostscript: Update to 9.53.3.
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
[native-inputs]: Add jbig2dec.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
------
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Sat, 20 Feb 2021 19:09:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 46566 <at> debbugs.gnu.org (full text, mbox):
On Sat, Feb 20, 2021 at 7:25 PM Leo Famulari <leo <at> famulari.name> wrote:
> On Tue, Feb 16, 2021 at 08:12:47PM +0100, Vincent Legoll wrote:
> > * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Remove file.
> > * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
> > * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> > [source](patches): Remove it.
> > [native-inputs]: Add jbig2dec.
>
> Thanks!
>
> $ guix show jbig2dec | grep synopsis
> synopsis: Decoder of the JBIG2 image compression format
>
> It seems like it would be a run-time dependency, not just something used
> to build ghostscript. In that case it would be an 'input', not a
> 'native-input'. What do you think?
>
> Also, the idiomatic commit message would be like this:
>
> ------
> gnu: ghostscript: Update to 9.53.3.
>
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
> [native-inputs]: Add jbig2dec.
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.
> ------
Thanks, I'll double check and update the patch & commitmsg.
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Sat, 20 Feb 2021 21:10:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 46566 <at> debbugs.gnu.org (full text, mbox):
OK, now that I've looked at it some more, the
native-input addition was a mistake (jbig2dec
was already in inputs, which is how I knew it
needed to be updated for gs-9.5.53 in the
first place).
So sorry for that, the following has that fixed
and your commit msg.
Thanks
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Sat, 20 Feb 2021 21:11:01 GMT)
Full text and
rfc822 format available.
Message #26 received at 46566 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/image.scm (jbig2dec): Update to 0.19.
---
gnu/packages/image.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 958f1dcc59..6dff48bd87 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -674,15 +674,15 @@ arithmetic ops.")
(define-public jbig2dec
(package
(name "jbig2dec")
- (version "0.18")
+ (version "0.19")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/ArtifexSoftware"
"/ghostpdl-downloads/releases/download"
- "/gs951/" name "-" version ".tar.gz"))
+ "/gs9533/" name "-" version ".tar.gz"))
(sha256
(base32
- "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy"))))
+ "0dwa24kjqyg9hmm40fh048sdxfpnasz43l2rm8wlkw1qbdlpd517"))))
(build-system gnu-build-system)
(arguments '(#:configure-flags '("--disable-static")
#:phases (modify-phases %standard-phases
--
2.30.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#46566; Package
guix-patches.
(Sat, 20 Feb 2021 21:11:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 46566 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
[source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/ghostscript.scm | 5 ++-
.../patches/ghostscript-CVE-2020-15900.patch | 36 -------------------
3 files changed, 2 insertions(+), 40 deletions(-)
delete mode 100644 gnu/packages/patches/ghostscript-CVE-2020-15900.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index b9757fe69e..3caa6c6fc9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1061,7 +1061,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
- %D%/packages/patches/ghostscript-CVE-2020-15900.patch \
%D%/packages/patches/ghostscript-freetype-compat.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 19430d315a..2a13cbd83f 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -160,7 +160,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
- (version "9.52")
+ (version "9.53.3")
(source
(origin
(method url-fetch)
@@ -170,9 +170,8 @@ printing, and psresize, for adjusting page sizes.")
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
- "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
+ "0d52w9ajv1rz533119ywgmkzkapp74riwny0d21v0zkcbg45p7ww"))
(patches (search-patches "ghostscript-freetype-compat.patch"
- "ghostscript-CVE-2020-15900.patch"
"ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
deleted file mode 100644
index b6658d7c7f..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2020-15900.
-
-https://cve.circl.lu/cve/CVE-2020-15900
-https://artifex.com/security-advisories/CVE-2020-15900
-
-Taken from upstream:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
-
-diff --git a/psi/zstring.c b/psi/zstring.c
---- a/psi/zstring.c
-+++ b/psi/zstring.c
-@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
- return 0;
- found:
- op->tas.type_attrs = op1->tas.type_attrs;
-- op->value.bytes = ptr;
-- r_set_size(op, size);
-+ op->value.bytes = ptr; /* match */
-+ op->tas.rsize = size; /* match */
- push(2);
-- op[-1] = *op1;
-- r_set_size(op - 1, ptr - op[-1].value.bytes);
-- op1->value.bytes = ptr + size;
-- r_set_size(op1, count + (!forward ? (size - 1) : 0));
-+ op[-1] = *op1; /* pre */
-+ op[-3].value.bytes = ptr + size; /* post */
-+ if (forward) {
-+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
-+ op[-3].tas.rsize = count; /* post */
-+ } else {
-+ op[-1].tas.rsize = count; /* pre */
-+ op[-3].tas.rsize -= count + size; /* post */
-+ }
- make_true(op);
- return 0;
- }
--
2.30.0
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Sat, 20 Feb 2021 22:40:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Vincent Legoll <vincent.legoll <at> gmail.com>:
bug acknowledged by developer.
(Sat, 20 Feb 2021 22:40:02 GMT)
Full text and
rfc822 format available.
Message #34 received at 46566-done <at> debbugs.gnu.org (full text, mbox):
On Sat, Feb 20, 2021 at 10:10:09PM +0100, Vincent Legoll wrote:
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.53.3.
> [source]: Remove obsolete patch 'ghostscript-CVE-2020-15900.patch'.
> * gnu/packages/patches/ghostscript-CVE-2020-15900.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.
Thanks for the revised patches! Pushed as
f49c13f1833f0db5a5ddcb751c16f6e9ed56355f
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 21 Mar 2021 11:24:09 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 150 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.