From e89babc6c260405e53c7b66543fcccecb91cea14 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 29 Jun 2024 01:17:50 +0200
Subject: poppler: apply patch for CVE-2024-6239

I preferred to pull the patch instead of bumping to the latest version.
It seems to requires multiple compatibility patches (not released yet) to make
`inkscape` happy.
---
 pkgs/development/libraries/poppler/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/development/libraries/poppler/default.nix b/pkgs/development/libraries/poppler/default.nix
index 17ab3f100b81a..8eeb31e96c483 100644
--- a/pkgs/development/libraries/poppler/default.nix
+++ b/pkgs/development/libraries/poppler/default.nix
@@ -2,6 +2,7 @@
 , stdenv
 , fetchurl
 , fetchFromGitLab
+, fetchpatch
 , cairo
 , cmake
 , boost
@@ -55,6 +56,15 @@ stdenv.mkDerivation (finalAttrs: rec {
     hash = "sha256-GRh6P90F8z59YExHmcGD3lygEYZAyIs3DdzzE2NDIi4=";
   };
 
+  patches = [
+    (fetchpatch {
+      # https://access.redhat.com/security/cve/CVE-2024-6239
+      name = "CVE-2024-6239.patch";
+      url = "https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4.patch";
+      hash = "sha256-I78wJ4l1DSh+x/e00ZL8uvrGdBH+ufp+EDm0A1XWyCU=";
+    })
+  ];
+
   nativeBuildInputs = [
     cmake
     ninja
-- 
cgit 1.4.1