From fb8eaec87399d33028585ea75c4a5677d3b1d044 Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Thu, 12 Sep 2019 23:40:16 +0300 Subject: xpdf: 4.00 -> 4.02 --- pkgs/applications/misc/xpdf/default.nix | 50 ++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 17 deletions(-) (limited to 'pkgs/applications') diff --git a/pkgs/applications/misc/xpdf/default.nix b/pkgs/applications/misc/xpdf/default.nix index d524482dee7..6e3ca1aa3cc 100644 --- a/pkgs/applications/misc/xpdf/default.nix +++ b/pkgs/applications/misc/xpdf/default.nix @@ -1,20 +1,22 @@ -{ enableGUI ? true, enablePDFtoPPM ? true, useT1Lib ? false -, stdenv, fetchurl, zlib, libpng, freetype ? null, t1lib ? null -, cmake, qtbase ? null, qtsvg ? null, wrapQtAppsHook +{ enableGUI ? true +, enablePDFtoPPM ? true +, enablePrinting ? true +, stdenv, fetchzip, cmake, makeDesktopItem +, zlib, libpng, cups ? null, freetype ? null +, qtbase ? null, qtsvg ? null, wrapQtAppsHook }: assert enableGUI -> qtbase != null && qtsvg != null && freetype != null; assert enablePDFtoPPM -> freetype != null; -assert useT1Lib -> t1lib != null; +assert enablePrinting -> cups != null; -assert !useT1Lib; # t1lib has multiple unpatched security vulnerabilities +stdenv.mkDerivation rec { + pname = "xpdf"; + version = "4.02"; -stdenv.mkDerivation { - name = "xpdf-4.00"; - - src = fetchurl { - url = http://www.xpdfreader.com/dl/xpdf-4.00.tar.gz; - sha256 = "1mhn89738vjva14xr5gblc2zrdgzmpqbbjdflqdmpqv647294ggz"; + src = fetchzip { + url = "https://xpdfreader-dl.s3.amazonaws.com/${pname}-${version}.tar.gz"; + sha256 = "0dzwq6fnk013wa4l5mjpvm4mms2mh5hbrxv4rhk2ab5ljbzz7b2w"; }; # Fix "No known features for CXX compiler", see @@ -26,20 +28,33 @@ stdenv.mkDerivation { [ cmake ] ++ stdenv.lib.optional enableGUI wrapQtAppsHook; - cmakeFlags = ["-DSYSTEM_XPDFRC=/etc/xpdfrc" "-DA4_PAPER=ON"]; + cmakeFlags = ["-DSYSTEM_XPDFRC=/etc/xpdfrc" "-DA4_PAPER=ON" "-DOPI_SUPPORT=ON"] + ++ stdenv.lib.optional (!enablePrinting) "-DXPDFWIDGET_PRINTING=OFF"; buildInputs = [ zlib libpng ] ++ stdenv.lib.optional enableGUI qtbase ++ - stdenv.lib.optional useT1Lib t1lib ++ + stdenv.lib.optional enablePrinting cups ++ stdenv.lib.optional enablePDFtoPPM freetype; - # Debian uses '-fpermissive' to bypass some errors on char* constantness. - CXXFLAGS = "-O2 -fpermissive"; - hardeningDisable = [ "format" ]; + desktopItem = makeDesktopItem { + name = "xpdf"; + desktopName = "Xpdf"; + comment = "Views Adobe PDF files"; + icon = "xpdf"; + exec = "xpdf %f"; + categories = "Office;"; + terminal = "false"; + }; + + postInstall = '' + install -Dm644 ${desktopItem}/share/applications/xpdf.desktop $out/share/applications/xpdf.desktop + install -Dm644 $src/xpdf-qt/xpdf-icon.svg $out/share/pixmaps/xpdf.svg + ''; + meta = with stdenv.lib; { - homepage = https://www.xpdfreader.com; + homepage = "https://www.xpdfreader.com"; description = "Viewer for Portable Document Format (PDF) files"; longDescription = '' XPDF includes multiple tools for viewing and processing PDF files. @@ -56,5 +71,6 @@ stdenv.mkDerivation { ''; license = with licenses; [ gpl2 gpl3 ]; platforms = platforms.unix; + maintainers = with maintainers; [ sikmir ]; }; } -- cgit 1.4.1 From 747086b484b89d85553cc4743d29f5feee9bb0a9 Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Tue, 12 Nov 2019 21:44:35 +0300 Subject: xpdf: add knownVulnerabilities --- pkgs/applications/misc/xpdf/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'pkgs/applications') diff --git a/pkgs/applications/misc/xpdf/default.nix b/pkgs/applications/misc/xpdf/default.nix index 6e3ca1aa3cc..f5ec9b71503 100644 --- a/pkgs/applications/misc/xpdf/default.nix +++ b/pkgs/applications/misc/xpdf/default.nix @@ -72,5 +72,12 @@ stdenv.mkDerivation rec { license = with licenses; [ gpl2 gpl3 ]; platforms = platforms.unix; maintainers = with maintainers; [ sikmir ]; + knownVulnerabilities = [ + "CVE-2018-7453: loop in PDF objects" + "CVE-2018-16369: loop in PDF objects" + "CVE-2019-9587: loop in PDF objects" + "CVE-2019-9588: loop in PDF objects" + "CVE-2019-16088: loop in PDF objects" + ]; }; } -- cgit 1.4.1