ghostscript: add patch for CVE-2019-6116

This is tagged as version 9.26a in the ghostpdl repo, but unfortunately
there are no tarballs released with that version number so far. We'll
continue calling this version 9.26 for now for simplicity's sake (and we
can switch to 9.26a and remove the patch when it's properly released).

Fixes #58262
Fixes #58089
This commit is contained in:
Pierre Bourdon 2019-03-26 02:44:16 +01:00
parent 749c0a9c16
commit 91c46d17d5
No known key found for this signature in database
GPG Key ID: 6FB80DCD84DA0F1C

View File

@ -1,6 +1,6 @@
{ config, stdenv, lib, fetchurl, pkgconfig, zlib, expat, openssl, autoconf
, libjpeg, libpng, libtiff, freetype, fontconfig, libpaper, jbig2dec
, libiconv, ijs, lcms2
, libiconv, ijs, lcms2, fetchpatch
, cupsSupport ? config.ghostscript.cups or (!stdenv.isDarwin), cups ? null
, x11Support ? cupsSupport, xlibsWrapper ? null # with CUPS, X11 only adds very little
}:
@ -46,6 +46,11 @@ stdenv.mkDerivation rec {
patches = [
./urw-font-files.patch
./doc-no-ref.diff
(fetchpatch {
name = "CVE-2019-6116";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d3537a54740d78c5895ec83694a07b3e4f616f61";
sha256 = "1hr8bpi87bbg1kvv28kflmfh1dhzxw66p9q0ddvbrj72qd86p3kx";
})
];
outputs = [ "out" "man" "doc" ];