| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2019-14813 and most of CVE-2019-14817
the latter's patch is only partially applied because it doesn't apply
cleanly to 9.27, still the fixes that do apply work and are better than
nothing
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is tagged as version 9.26a in the ghostpdl repo, but unfortunately
there are no tarballs released with that version number so far. We'll
continue calling this version 9.26 for now for simplicity's sake (and we
can switch to 9.26a and remove the patch when it's properly released).
Fixes #58262
Fixes #58089
|
|
|
|
|
|
|
|
|
|
|
| |
GS ships with a fork of lcms2 ("lcms2mt"), but the ABI separation
between the fork and the original seems insufficient. If libgs is linked
alongside liblcms2 (for example, this is the case with imagemagick) then
it will call into the original library instead of the fork, causing
segfaults.
Follow the example of both Arch and Debian in this regard -- they both
use the systemwide lib instead of the fork.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
I previously didn't update the hash, so was still building ghostscript-9.24
(which explained why docs were still from 9.24)
The ICC profile validation patch from #47937 is included in 9.25, so we
can strip it from the list of patches.
cc @xeji
|
|\
| |
| | |
ghostscript: include icc profile validation patch
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See https://github.com/apple/cups/issues/5394
closes #47193, #46216
source url
http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=bc3df0773fcc
contains invalid characters, which is why we don't fetchpatch.
(cherry picked from commit 2aa750694e2e0d77bf14e3145c4999b6bcee25b0)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Highlights in this release include:
This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.
CVE-2018-16802
CVE-2018-17183
Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.
Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.
As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.
IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).
The usual round of bug fixes, compatibility changes, and incremental improvements.
|
|
|
|
|
| |
- unused lcms2 input
- reference $out -> $doc
|
|
|
|
|
|
|
|
|
|
| |
The $doc stuff needed changes, probably because of ghostscript newly
reacting to some configure flags that stdenv passes.
- share/ghostscript/9.22/doc was an ugly location for documentation,
and I didn't like their new share/ghostscript/9.24 either,
so that got changed to share/doc/ghostscript/9.24
- their process no longer installs examples, apparently,
but I don't expect that would be any problem for us
|
| |
|
|
|
|
|
|
| |
There are also non-security changes in the releases. /cc #32459.
Printing test OK, and I tested work with some postscript files.
I also fixed the license - it was changed in 2013 :-/
|
|\ |
|
| |
| |
| |
| |
| | |
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pkgs: refactor needless quoting of homepage meta attribute
A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.
* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit
* Fixed some instances
|
| |
|
|
|
|
| |
https://lwn.net/Vulnerabilities/703324/
|
| |
|
|
|
|
| |
Closes #15342
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Scilab note: the parameters already had pointed to nonexistent dirs
before this set of refactoring. But that config wasn't even used by
default.
|
|
|
|
|
| |
http://hydra.nixos.org/build/24811657
Hopefully OK now - I couldn't reproduce it with 4 cores and HT.
|
| |
|
|\ |
|
| | |
|
| | |
|
|\| |
|
| | |
|
|/
|
|
|
|
|
|
|
|
| |
- Don't use static bin/gs.
- Split docs into a separate output.
- Split fonts into another derivation, so they're not reinstalled when
something changes.
- Drop --disable-sse2
https://github.com/NixOS/nixpkgs/commit/e723c512c#commitcomment-12361078
- Some cleanups.
|
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
pkgs/applications/networking/mailreaders/sup/default.nix
pkgs/development/compilers/ghc/7.8.3-binary.nix
pkgs/development/interpreters/php/5.3.nix
pkgs/development/interpreters/ruby/patches.nix
pkgs/development/libraries/cairo/default.nix
pkgs/development/libraries/poppler/default.nix
pkgs/top-level/all-packages.nix
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 13fab57d127bf70a338901b422da32e562d16889.
Hopefully fixes the printing tests at
http://hydra.nixos.org/build/14952070/log/raw ; if not, it's probably
gutenprint although I doubt:
client# lp: Unsupported document-format "application/pdf".
|
|
|
|
| |
cc @viric
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(My OCD kicked in today...)
Remove repeated package names, capitalize first word, remove trailing
periods and move overlong descriptions to longDescription.
I also simplified some descriptions as well, when they were particularly
long or technical, often based on Arch Linux' package descriptions.
I've tried to stay away from generated expressions (and I think I
succeeded).
Some specifics worth mentioning:
* cron, has "Vixie Cron" in its description. The "Vixie" part is not
mentioned anywhere else. I kept it in a parenthesis at the end of the
description.
* ctags description started with "Exuberant Ctags ...", and the
"exuberant" part is not mentioned elsewhere. Kept it in a parenthesis
at the end of description.
* nix has the description "The Nix Deployment System". Since that
doesn't really say much what it is/does (especially after removing
the package name!), I changed that to "Powerful package manager that
makes package management reliable and reproducible" (borrowed from
nixos.org).
* Tons of "GNU Foo, Foo is a [the important bits]" descriptions
is changed to just [the important bits]. If the package name doesn't
contain GNU I don't think it's needed to say it in the description
either.
|
| |
|
|
|
|
|
|
|
| |
The newer version breaks printing to non-Postscript printers (e.g. HP
Deskjets). This is because the gstoraster and gstopxl filters were
removed. They are now in a package named "cups-filters" that we don't
have yet.
|
| |
|
|\ |
|
| | |
|