ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and most of CVE-2019-14817

the latter's patch is only partially applied because it doesn't apply
cleanly to 9.27, still the fixes that do apply work and are better than
nothing
This commit is contained in:
Robert Scott 2019-09-28 00:40:04 +01:00 committed by Frederik Rietdijk
parent 6882778e26
commit 4bf03aa616

View File

@ -47,6 +47,24 @@ stdenv.mkDerivation rec {
patches = [ patches = [
./urw-font-files.patch ./urw-font-files.patch
./doc-no-ref.diff ./doc-no-ref.diff
(fetchpatch {
name = "CVE-2019-10216.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5b85ddd19a8420a1bd2d5529325be35d78e94234";
sha256 = "165svml4knq1xlysfvj7vc07h68bhv3rgvl83xrhxsxdzs1ign31";
})
(fetchpatch {
name = "CVE-2019-14811.CVE-2019-14812.CVE-2019-14813.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33";
sha256 = "19928sr7xpx7iibk9gn127g0r1yv2lcfpwgk2ipzz4wgrs3f5j70";
})
(fetchpatch {
name = "CVE-2019-14817-partial.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19";
# patch doesn't apply cleanly to all files, but at least partially applying it fixes
# *most* of the problematic sites.
excludes = ["Resource/Init/pdf_font.ps"];
sha256 = "0f8qgdqpv7bldc9akvjj10af2h2876cvnz4q3nvg4a00rk5i05wn";
})
]; ];
outputs = [ "out" "man" "doc" ]; outputs = [ "out" "man" "doc" ];