gnu: ghostscript: Fix CVE-2023-36664.

* gnu/packages/ghostscript.scm (ghostscript/fixed): New variable. (ghostscript)[replacement]: Assign it to new field. * gnu/packages/patches/ghostscript-CVE-2023-36664.patch, gnu/packages/patches/ghostscript-CVE-2023-36664-fixup.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them.
2025-10-02 02:15:12 +00:00 · 2023-07-09 02:00:01 +02:00 · 2023-07-09 02:00:01 +02:00 · 67fb8efdf7
commit 67fb8efdf7
parent b29bd4d35e
4 changed files with 207 additions and 0 deletions
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@ -145,6 +145,7 @@ printing, and psresize, for adjusting page sizes.")
  (package
    (name "ghostscript")
    (version "9.56.1")
+    (replacement ghostscript/fixed)
    (source
     (origin
       (method url-fetch)
@ -266,6 +267,12 @@ output file formats and printers.")
    (home-page "https://www.ghostscript.com/")
    (license license:agpl3+)))

+(define ghostscript/fixed
+  (package-with-patches
+   ghostscript
+   (search-patches "ghostscript-CVE-2023-36664.patch"
+                   "ghostscript-CVE-2023-36664-fixup.patch")))
+
 (define-public ghostscript/x
  (package/inherit ghostscript
    (name (string-append (package-name ghostscript) "-with-x"))