gnu: ghostscript: Fix CVE-2013-5653 and CVE-2016-{7976,7978,7979,8602}.

[jackhill/guix/guix.git] / gnu / packages / ghostscript.scm

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index f013a73..6a86acb 100644 (file)
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
@@ -127,6 +127,7 @@ printing, and psresize, for adjusting page sizes.")
   (package
    (name "ghostscript")
    (version "9.14.0")
+   (replacement ghostscript/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
@@ -192,8 +193,21 @@ output file formats and printers.")
    (license license:agpl3+)
    (home-page "http://www.gnu.org/software/ghostscript/")))
 
+(define ghostscript/fixed
+  (package
+    (inherit ghostscript)
+    (source (origin
+              (inherit (package-source ghostscript))
+              (patches (search-patches "ghostscript-CVE-2013-5653.patch"
+                                       "ghostscript-CVE-2015-3228.patch"
+                                       "ghostscript-CVE-2016-7976.patch"
+                                       "ghostscript-CVE-2016-7978.patch"
+                                       "ghostscript-CVE-2016-7979.patch"
+                                       "ghostscript-CVE-2016-8602.patch"
+                                       "ghostscript-runpath.patch"))))))
+
 (define-public ghostscript/x
-  (package (inherit ghostscript)
+  (package (inherit ghostscript/fixed)
     (name (string-append (package-name ghostscript) "-with-x"))
     (inputs `(("libxext" ,libxext)
               ("libxt" ,libxt)