From 3fa2864aac8f48c9f4f7bfc5ae353594fad36b24 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 12 Oct 2019 18:34:13 +0100 Subject: [PATCH] poppler: add patch for CVE-2019-9959 --- pkgs/development/libraries/poppler/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/poppler/default.nix b/pkgs/development/libraries/poppler/default.nix index 28408cb91f88..523e372996bc 100644 --- a/pkgs/development/libraries/poppler/default.nix +++ b/pkgs/development/libraries/poppler/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, cmake, ninja, pkgconfig, libiconv, libintl +{ stdenv, lib, fetchurl, fetchpatch, cmake, ninja, pkgconfig, libiconv, libintl , zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg , withData ? true, poppler_data , qt5Support ? false, qtbase ? null @@ -21,6 +21,14 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; + patches = [ + (fetchpatch { + name = "CVE-2019-9959.patch"; + url = "https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557.patch"; + sha256 = "17a3qs74fnnrhjys23f4aw5y7yfsk5d507jcj4hh1bndqv6dpwg1"; + }) + ]; + buildInputs = [ libiconv libintl ] ++ lib.optional withData poppler_data; # TODO: reduce propagation to necessary libs