Merge #46047: ghostscript: 9.22 -> 9.24 (security)

2024-09-22 13:08:39 +03:00 · 2018-09-04 19:14:22 +02:00 · 2018-09-04 19:14:22 +02:00 · 281a629c2a
commit 281a629c2a
parent da0c385a69 a3f6a4b9b6
2 changed files with 21 additions and 11 deletions
--- a/pkgs/misc/ghostscript/default.nix
+++ b/pkgs/misc/ghostscript/default.nix
@ -1,5 +1,5 @@
 { stdenv, lib, fetchurl, pkgconfig, zlib, expat, openssl, autoconf
-, libjpeg, libpng, libtiff, freetype, fontconfig, lcms2, libpaper, jbig2dec
+, libjpeg, libpng, libtiff, freetype, fontconfig, libpaper, jbig2dec
 , libiconv, ijs
 , x11Support ? false, xlibsWrapper ? null
 , cupsSupport ? false, cups ? null
@ -9,8 +9,9 @@ assert x11Support -> xlibsWrapper != null;
 assert cupsSupport -> cups != null;
 let
  version = "9.${ver_min}";
-  ver_min = "22";
-  sha256 = "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61";
+  ver_min = "24";
+  # ghostscript*.tar.xz in https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9xx/SHA512SUMS
+  sha512 = "dcbeeb5d3dd5ccaf949dc4be68363c50b1d35e647be4790a50b1bbf5f259f1d9181f705be27bfca708c4d270f945ff4b24e3db10b57800c1ee0ea7a40931c547";

  fonts = stdenv.mkDerivation {
    name = "ghostscript-fonts";
@ -39,9 +40,14 @@ stdenv.mkDerivation rec {

  src = fetchurl {
    url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9${ver_min}/${name}.tar.xz";
-    inherit sha256;
+    inherit sha512;
  };

+  patches = [
+    ./urw-font-files.patch
+    ./doc-no-ref.diff
+  ];
+
  outputs = [ "out" "man" "doc" ];

  enableParallelBuilding = true;
@ -49,16 +55,13 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [ pkgconfig autoconf ];
  buildInputs =
    [ zlib expat openssl
-      libjpeg libpng libtiff freetype fontconfig lcms2 libpaper jbig2dec
+      libjpeg libpng libtiff freetype fontconfig libpaper jbig2dec
      libiconv ijs
    ]
    ++ lib.optional x11Support xlibsWrapper
    ++ lib.optional cupsSupport cups
    ;
-
-  patches = [
-    ./urw-font-files.patch
-  ];
+  # No lcms2; upstream "is in process of forking it" and thus won't use one from a library.

  preConfigure = ''
    # requires in-tree (heavily patched) openjpeg
@ -89,8 +92,8 @@ stdenv.mkDerivation rec {

    cp -r Resource "$out/share/ghostscript/${version}"

-    mkdir -p "$doc/share/ghostscript/${version}"
-    mv "$out/share/ghostscript/${version}"/{doc,examples} "$doc/share/ghostscript/${version}/"
+    mkdir -p "$doc/share/doc/ghostscript"
+    mv "$doc/share/doc/${version}" "$doc/share/doc/ghostscript/"

    ln -s "${fonts}" "$out/share/ghostscript/fonts"
  '' + stdenv.lib.optionalString stdenv.isDarwin ''
--- a/pkgs/misc/ghostscript/doc-no-ref.diff
+++ b/pkgs/misc/ghostscript/doc-no-ref.diff
@ -0,0 +1,7 @@
+Kill the reference from libgc.so to the documentation directory.
+It's bad for closure, and probably not really good for anything.
+--- a/base/gs.mak
+++ b/base/gs.mak
+@@ -538,1 +538,1 @@
+-	$(EXP)$(ECHOGS_XE) -a $(gconfigd_h) -x 23 define -s -u GS_DOCDIR -x 2022 $(GS_DOCDIR) -x 22
+	$(EXP)$(ECHOGS_XE) -a $(gconfigd_h) -x 23 define -s -u GS_DOCDIR -x 2022 /no-path-to-docs -x 22