diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2024-06-29 01:17:50 +0200 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2024-06-29 01:17:50 +0200 |
commit | e89babc6c260405e53c7b66543fcccecb91cea14 (patch) | |
tree | b28014e82dc2591d675bd0bd03991cebc3de34d2 /pkgs/development/libraries | |
parent | 11d1d2e458ae294190ce6f14e4a92d6f4730b3c2 (diff) |
poppler: apply patch for CVE-2024-6239
I preferred to pull the patch instead of bumping to the latest version. It seems to requires multiple compatibility patches (not released yet) to make `inkscape` happy.
Diffstat (limited to 'pkgs/development/libraries')
-rw-r--r-- | pkgs/development/libraries/poppler/default.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkgs/development/libraries/poppler/default.nix b/pkgs/development/libraries/poppler/default.nix index 17ab3f100b81a..8eeb31e96c483 100644 --- a/pkgs/development/libraries/poppler/default.nix +++ b/pkgs/development/libraries/poppler/default.nix @@ -2,6 +2,7 @@ , stdenv , fetchurl , fetchFromGitLab +, fetchpatch , cairo , cmake , boost @@ -55,6 +56,15 @@ stdenv.mkDerivation (finalAttrs: rec { hash = "sha256-GRh6P90F8z59YExHmcGD3lygEYZAyIs3DdzzE2NDIi4="; }; + patches = [ + (fetchpatch { + # https://access.redhat.com/security/cve/CVE-2024-6239 + name = "CVE-2024-6239.patch"; + url = "https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4.patch"; + hash = "sha256-I78wJ4l1DSh+x/e00ZL8uvrGdBH+ufp+EDm0A1XWyCU="; + }) + ]; + nativeBuildInputs = [ cmake ninja |