diff options
author | Robert Scott <code@humanleg.org.uk> | 2019-09-28 00:40:04 +0100 |
---|---|---|
committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2019-10-22 09:48:50 +0200 |
commit | 4bf03aa6168344ae5aded70ea0ed5378679c661a (patch) | |
tree | 1780a519a64fc33df318bba344784219cf672446 /pkgs/misc/ghostscript | |
parent | 6882778e26d7c9173de207897b9526780fa4fbf0 (diff) |
ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and most of CVE-2019-14817
the latter's patch is only partially applied because it doesn't apply cleanly to 9.27, still the fixes that do apply work and are better than nothing
Diffstat (limited to 'pkgs/misc/ghostscript')
-rw-r--r-- | pkgs/misc/ghostscript/default.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix index 60960ab789c56..ac410a2299707 100644 --- a/pkgs/misc/ghostscript/default.nix +++ b/pkgs/misc/ghostscript/default.nix @@ -47,6 +47,24 @@ stdenv.mkDerivation rec { patches = [ ./urw-font-files.patch ./doc-no-ref.diff + (fetchpatch { + name = "CVE-2019-10216.patch"; + url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5b85ddd19a8420a1bd2d5529325be35d78e94234"; + sha256 = "165svml4knq1xlysfvj7vc07h68bhv3rgvl83xrhxsxdzs1ign31"; + }) + (fetchpatch { + name = "CVE-2019-14811.CVE-2019-14812.CVE-2019-14813.patch"; + url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33"; + sha256 = "19928sr7xpx7iibk9gn127g0r1yv2lcfpwgk2ipzz4wgrs3f5j70"; + }) + (fetchpatch { + name = "CVE-2019-14817-partial.patch"; + url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19"; + # patch doesn't apply cleanly to all files, but at least partially applying it fixes + # *most* of the problematic sites. + excludes = ["Resource/Init/pdf_font.ps"]; + sha256 = "0f8qgdqpv7bldc9akvjj10af2h2876cvnz4q3nvg4a00rk5i05wn"; + }) ]; outputs = [ "out" "man" "doc" ]; |