ghostscript: add patch for CVE-2019-6116

This is tagged as version 9.26a in the ghostpdl repo, but unfortunately there are no tarballs released with that version number so far. We'll continue calling this version 9.26 for now for simplicity's sake (and we can switch to 9.26a and remove the patch when it's properly released). Fixes #58262 Fixes #58089
author: Pierre Bourdon <delroth@gmail.com> 2019-03-26 02:44:16 +0100
committer: Pierre Bourdon <delroth@gmail.com> 2019-03-26 02:46:57 +0100
commit: 91c46d17d5c8b3a69cbae62d91290e53168fe9d2 (patch)
tree: 1036f6ac5622da2c1749157b81fe8ce4ad18897c /pkgs/misc/ghostscript
parent: 749c0a9c16e4ab6cee82884e949eb9fac93f6261 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix
index 10481c217851d..a12d7d7d5acdc 100644
--- a/pkgs/misc/ghostscript/default.nix
+++ b/pkgs/misc/ghostscript/default.nix
@@ -1,6 +1,6 @@
 { config, stdenv, lib, fetchurl, pkgconfig, zlib, expat, openssl, autoconf
 , libjpeg, libpng, libtiff, freetype, fontconfig, libpaper, jbig2dec
-, libiconv, ijs, lcms2
+, libiconv, ijs, lcms2, fetchpatch
 , cupsSupport ? config.ghostscript.cups or (!stdenv.isDarwin), cups ? null
 , x11Support ? cupsSupport, xlibsWrapper ? null # with CUPS, X11 only adds very little
 }:
@@ -46,6 +46,11 @@ stdenv.mkDerivation rec {
   patches = [
     ./urw-font-files.patch
     ./doc-no-ref.diff
+    (fetchpatch {
+      name = "CVE-2019-6116";
+      url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d3537a54740d78c5895ec83694a07b3e4f616f61";
+      sha256 = "1hr8bpi87bbg1kvv28kflmfh1dhzxw66p9q0ddvbrj72qd86p3kx";
+    })
   ];
 
   outputs = [ "out" "man" "doc" ];
author	Pierre Bourdon <delroth@gmail.com>	2019-03-26 02:44:16 +0100
committer	Pierre Bourdon <delroth@gmail.com>	2019-03-26 02:46:57 +0100
commit	91c46d17d5c8b3a69cbae62d91290e53168fe9d2 (patch)
tree	1036f6ac5622da2c1749157b81fe8ce4ad18897c /pkgs/misc/ghostscript
parent	749c0a9c16e4ab6cee82884e949eb9fac93f6261 (diff)