forked from mirrors/nixpkgs
poppler 0.61: patch against CVE-2018-13988 (#45916)
Out of bounds vulnerability in versions up to 0.62. Generally, we use a newer poppler version but some pkgs still depend on 0.61. Patch named in https://nvd.nist.gov/vuln/detail/CVE-2018-13988.
This commit is contained in:
parent
0fa04d646d
commit
542a86037d
|
@ -1,5 +1,5 @@
|
|||
{ stdenv, lib, fetchurl, cmake, ninja, pkgconfig, libiconv, libintl
|
||||
, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg
|
||||
, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg, fetchpatch
|
||||
, withData ? true, poppler_data
|
||||
, qt5Support ? false, qtbase ? null
|
||||
, introspectionSupport ? false, gobjectIntrospection ? null
|
||||
|
@ -21,6 +21,14 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2018-13988";
|
||||
url = "https://cgit.freedesktop.org/poppler/poppler/patch/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee";
|
||||
sha256 = "1l8713s57xc6g81bldw934rsfm140fqc7ggd50ha5mxdl1b3app2";
|
||||
})
|
||||
];
|
||||
|
||||
buildInputs = [ libiconv libintl ] ++ lib.optional withData poppler_data;
|
||||
|
||||
# TODO: reduce propagation to necessary libs
|
||||
|
|
Loading…
Reference in a new issue