diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/ghostscript.scm | 9 | ||||
-rw-r--r-- | gnu/packages/patches/ghostscript-no-header-id.patch | 57 |
3 files changed, 65 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 0fe6cdc391..8cbded44ee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -619,6 +619,7 @@ dist_patch_DATA = \ %D%/packages/patches/gettext-gnulib-multi-core.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ + %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index b9ba1c081a..af565f3e3a 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -143,7 +143,8 @@ printing, and psresize, for adjusting page sizes.") (base32 "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) (patches (search-patches "ghostscript-runpath.patch" - "ghostscript-CVE-2017-8291.patch")) + "ghostscript-CVE-2017-8291.patch" + "ghostscript-no-header-id.patch")) (modules '((guix build utils))) (snippet ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so @@ -155,7 +156,11 @@ printing, and psresize, for adjusting page sizes.") "tiff" "zlib")) ;; Get rid of timestamps (remove /CreationDate and /ModDate). (substitute* "devices/vector/gdevpdf.c" - ((", but we do the same") "*/ if (0) /*")))))) + ((", but we do the same") + (string-append "*/ " + "if (!getenv(\"GS_GENERATE_UUIDS\") || " + "(strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"0\") != 0 && " + "strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"no\") != 0)) /*"))))))) (build-system gnu-build-system) (outputs '("out" "doc")) ;19 MiB of HTML/PS doc + examples (arguments diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch new file mode 100644 index 0000000000..19b71aadb5 --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-id.patch @@ -0,0 +1,57 @@ +This patch makes the "/ID" field optional. + +If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will +not write out the "/ID" field (if that's permissible). + +Upstream does not want to do this. + +See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 +diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:30:28.960479189 +0200 ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:34:34.306524488 +0200 +@@ -1580,8 +1580,11 @@ + * +1 for the linearisation dict and +1 for the primary hint stream. + */ + linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file); +- gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n \n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, 0); ++ gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R", ++ linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n \n", 0); + fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file); + + /* Write document catalog (Part 4) */ +@@ -2102,8 +2105,11 @@ + * in the missing values. + */ + code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET); +- gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref); ++ gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R", ++ linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", mainxref); + fwrite(LDict, strlen(LDict), 1, linear_params->sfile); + + code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET); +@@ -2674,10 +2680,12 @@ + stream_puts(s, "trailer\n"); + pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n", + pdev->next_id, Catalog_id, Info_id); +- stream_puts(s, "/ID ["); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- stream_puts(s, "]\n"); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) { /* ID is mandatory when encrypting */ ++ stream_puts(s, "/ID ["); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ stream_puts(s, "]\n"); ++ } + if (pdev->OwnerPassword.size > 0) { + pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id); + } +Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig. |