poppler 0.61: patch against CVE-2018-13988 (#45916)

Out of bounds vulnerability in versions up to 0.62.

Generally, we use a newer poppler version but some pkgs still depend on
0.61. Patch named in https://nvd.nist.gov/vuln/detail/CVE-2018-13988.
This commit is contained in:
Christian Kauhaus 2018-09-02 06:42:34 +02:00 committed by xeji
parent 0fa04d646d
commit 542a86037d

View file

@ -1,5 +1,5 @@
{ stdenv, lib, fetchurl, cmake, ninja, pkgconfig, libiconv, libintl
, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg
, zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg, fetchpatch
, withData ? true, poppler_data
, qt5Support ? false, qtbase ? null
, introspectionSupport ? false, gobjectIntrospection ? null
@ -21,6 +21,14 @@ stdenv.mkDerivation rec {
outputs = [ "out" "dev" ];
patches = [
(fetchpatch {
name = "CVE-2018-13988";
url = "https://cgit.freedesktop.org/poppler/poppler/patch/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee";
sha256 = "1l8713s57xc6g81bldw934rsfm140fqc7ggd50ha5mxdl1b3app2";
})
];
buildInputs = [ libiconv libintl ] ++ lib.optional withData poppler_data;
# TODO: reduce propagation to necessary libs