Commit e89babc6 authored by Thomas Gerbet's avatar Thomas Gerbet
Browse files

poppler: apply patch for CVE-2024-6239 

I preferred to pull the patch instead of bumping to the latest version.
It seems to requires multiple compatibility patches (not released yet) to make
`inkscape` happy.
parent 11d1d2e4

pkgs/development/libraries/poppler/default.nix

+10 −0
Original line number Diff line number Diff line
@@ -2,6 +2,7 @@ 
, stdenv

, fetchurl

, fetchFromGitLab

, fetchpatch

, cairo

, cmake

, boost
@@ -55,6 +56,15 @@ stdenv.mkDerivation (finalAttrs: rec { 
    hash = "sha256-GRh6P90F8z59YExHmcGD3lygEYZAyIs3DdzzE2NDIi4=";

  };



  patches = [

    (fetchpatch {

      # https://access.redhat.com/security/cve/CVE-2024-6239

      name = "CVE-2024-6239.patch";

      url = "https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4.patch";

      hash = "sha256-I78wJ4l1DSh+x/e00ZL8uvrGdBH+ufp+EDm0A1XWyCU=";

    })

  ];



  nativeBuildInputs = [

    cmake

    ninja