Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 63905a7b6f29
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4bf03aa61683
Choose a head ref
  • 3 commits
  • 2 files changed
  • 1 contributor

Commits on Oct 22, 2019

  1. jbig2dec: 0.14 -> 0.16

    @risicle @FRidh
    risicle authored and FRidh committed Oct 22, 2019
    Copy the full SHA
    90a48bb View commit details

  2. ghostscript: 9.26 -> 9.27 (security)

    @risicle @FRidh
    risicle authored and FRidh committed Oct 22, 2019
    Copy the full SHA
    6882778 View commit details

  3. ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019… 

    …-14812, CVE-2019-14813 and most of CVE-2019-14817

the latter's patch is only partially applied because it doesn't apply
cleanly to 9.27, still the fixes that do apply work and are better than
nothing
    @risicle @FRidh
    risicle authored and FRidh committed Oct 22, 2019
    Copy the full SHA
    4bf03aa View commit details
Showing with 21 additions and 16 deletions.
  1. +7 −5 pkgs/development/libraries/jbig2dec/default.nix
  2. +14 −11 pkgs/misc/ghostscript/default.nix
12 changes: 7 additions & 5 deletions pkgs/development/libraries/jbig2dec/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
{ stdenv, fetchurl, python }:
{ stdenv, fetchurl, python, autoconf }:

stdenv.mkDerivation rec {
name = "jbig2dec-0.14";
name = "jbig2dec-0.16";

src = fetchurl {
url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/${name}.tar.gz";
sha256 = "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11";
url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/${name}.tar.gz";
sha256 = "00h61y7bh3z6mqfzxyb318gyh0f8jwarg4hvlrm83rqps8avzxm4";
};

postPatch = ''
patchShebangs test_jbig2dec.py
'';

buildInputs = [ autoconf ];

checkInputs = [ python ];
doCheck = false; # fails 1 of 4 tests
doCheck = true;

meta = {
homepage = https://www.jbig2dec.com/;
25 changes: 14 additions & 11 deletions pkgs/misc/ghostscript/default.nix
View file
Original file line number Diff line number Diff line change
@@ -10,8 +10,8 @@ assert cupsSupport -> cups != null;

let
version = "9.${ver_min}";
ver_min = "26";
sha512 = "0z2mvsh06qgnxl7p9isw7swg8jp8xcx3rnbqk727avw7ammvfh8785d2bn5i4fhz8y45ka3cpgp7b598m06yq5zawijhcnzkq187nrx";
ver_min = "27";
sha512 = "00m8pfvvg4dzvrzk66myr8kid76x44sgqk84m9562g4viv9zbw759l8q9qg64mgvbajzn78zpqfgdlgz9nwgcdb1vpwc08gm12ssrsy";

fonts = stdenv.mkDerivation {
name = "ghostscript-fonts";
@@ -48,19 +48,22 @@ stdenv.mkDerivation rec {
./urw-font-files.patch
./doc-no-ref.diff
(fetchpatch {
name = "CVE-2019-6116";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d3537a54740d78c5895ec83694a07b3e4f616f61";
sha256 = "1hr8bpi87bbg1kvv28kflmfh1dhzxw66p9q0ddvbrj72qd86p3kx";
name = "CVE-2019-10216.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5b85ddd19a8420a1bd2d5529325be35d78e94234";
sha256 = "165svml4knq1xlysfvj7vc07h68bhv3rgvl83xrhxsxdzs1ign31";
})
(fetchpatch {
name = "CVE-2019-3839-part-1";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9";
sha256 = "0gn1n9fq5msrxxzspidcnmykp1iv3yvx5485fddmgrslr52ngcf9";
name = "CVE-2019-14811.CVE-2019-14812.CVE-2019-14813.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33";
sha256 = "19928sr7xpx7iibk9gn127g0r1yv2lcfpwgk2ipzz4wgrs3f5j70";
})
(fetchpatch {
name = "CVE-2019-3839-part-2";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=db24f253409d5d085c2760c814c3e1d3fa2dac59";
sha256 = "1h6kpwc6ryr6jlxjr6bfnvmmf8x0kqmyjlx3hggqjs23n0wsr9p9";
name = "CVE-2019-14817-partial.patch";
url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19";
# patch doesn't apply cleanly to all files, but at least partially applying it fixes
# *most* of the problematic sites.
excludes = ["Resource/Init/pdf_font.ps"];
sha256 = "0f8qgdqpv7bldc9akvjj10af2h2876cvnz4q3nvg4a00rk5i05wn";
})
];