diff options
author | Christian Kauhaus <kc@flyingcircus.io> | 2018-09-02 06:42:34 +0200 |
---|---|---|
committer | xeji <36407913+xeji@users.noreply.github.com> | 2018-09-02 06:42:34 +0200 |
commit | 542a86037d57e4657919fb5130c7bf819d91d2c3 (patch) | |
tree | 3738523e6d9ea480fb36d80a4ebabbbbe293d7cd /pkgs/development/libraries/poppler | |
parent | 0fa04d646d65152d70e32f75d5f2a9518dce176e (diff) | |
download | nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.gz nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.bz2 nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.lz nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.xz nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.zst nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.zip |
poppler 0.61: patch against CVE-2018-13988 (#45916)
Out of bounds vulnerability in versions up to 0.62. Generally, we use a newer poppler version but some pkgs still depend on 0.61. Patch named in https://nvd.nist.gov/vuln/detail/CVE-2018-13988.
Diffstat (limited to 'pkgs/development/libraries/poppler')
-rw-r--r-- | pkgs/development/libraries/poppler/0.61.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/development/libraries/poppler/0.61.nix b/pkgs/development/libraries/poppler/0.61.nix index 4456cd7ff28..1e86b19ad5a 100644 --- a/pkgs/development/libraries/poppler/0.61.nix +++ b/pkgs/development/libraries/poppler/0.61.nix @@ -1,5 +1,5 @@ { stdenv, lib, fetchurl, cmake, ninja, pkgconfig, libiconv, libintl -, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg +, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg, fetchpatch , withData ? true, poppler_data , qt5Support ? false, qtbase ? null , introspectionSupport ? false, gobjectIntrospection ? null @@ -21,6 +21,14 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; + patches = [ + (fetchpatch { + name = "CVE-2018-13988"; + url = "https://cgit.freedesktop.org/poppler/poppler/patch/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee"; + sha256 = "1l8713s57xc6g81bldw934rsfm140fqc7ggd50ha5mxdl1b3app2"; + }) + ]; + buildInputs = [ libiconv libintl ] ++ lib.optional withData poppler_data; # TODO: reduce propagation to necessary libs |