summary refs log tree commit diff
path: root/pkgs/development/libraries/poppler
diff options
context:
space:
mode:
authorChristian Kauhaus <kc@flyingcircus.io>2018-09-02 06:42:34 +0200
committerxeji <36407913+xeji@users.noreply.github.com>2018-09-02 06:42:34 +0200
commit542a86037d57e4657919fb5130c7bf819d91d2c3 (patch)
tree3738523e6d9ea480fb36d80a4ebabbbbe293d7cd /pkgs/development/libraries/poppler
parent0fa04d646d65152d70e32f75d5f2a9518dce176e (diff)
downloadnixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar
nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.gz
nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.bz2
nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.lz
nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.xz
nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.tar.zst
nixpkgs-542a86037d57e4657919fb5130c7bf819d91d2c3.zip
poppler 0.61: patch against CVE-2018-13988 (#45916)
Out of bounds vulnerability in versions up to 0.62.

Generally, we use a newer poppler version but some pkgs still depend on
0.61. Patch named in https://nvd.nist.gov/vuln/detail/CVE-2018-13988.
Diffstat (limited to 'pkgs/development/libraries/poppler')
-rw-r--r--pkgs/development/libraries/poppler/0.61.nix10
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/development/libraries/poppler/0.61.nix b/pkgs/development/libraries/poppler/0.61.nix
index 4456cd7ff28..1e86b19ad5a 100644
--- a/pkgs/development/libraries/poppler/0.61.nix
+++ b/pkgs/development/libraries/poppler/0.61.nix
@@ -1,5 +1,5 @@
 { stdenv, lib, fetchurl, cmake, ninja, pkgconfig, libiconv, libintl
-, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg
+, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg, fetchpatch
 , withData ? true, poppler_data
 , qt5Support ? false, qtbase ? null
 , introspectionSupport ? false, gobjectIntrospection ? null
@@ -21,6 +21,14 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "dev" ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-13988";
+      url = "https://cgit.freedesktop.org/poppler/poppler/patch/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee";
+      sha256 = "1l8713s57xc6g81bldw934rsfm140fqc7ggd50ha5mxdl1b3app2";
+    })
+  ];
+
   buildInputs = [ libiconv libintl ] ++ lib.optional withData poppler_data;
 
   # TODO: reduce propagation to necessary libs
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-06 11:31:23 +0000