aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/pdf.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-07-09 02:11:33 -0400
committerLeo Famulari <leo@famulari.name>2017-07-09 02:25:27 -0400
commitb3cc304b3050e89858c88947fbd7d76c108b5d67 (patch)
treec9db6f5f4e8ebb42c13424677fe4ff762af2da14 /gnu/packages/pdf.scm
parent447f75825fbe473f0684d4664dde01d9d3a02d75 (diff)
downloadguix-b3cc304b3050e89858c88947fbd7d76c108b5d67.tar
guix-b3cc304b3050e89858c88947fbd7d76c108b5d67.tar.gz
gnu: poppler: Use an ABI-compatible replacement to fix CVE-2017-9776.
This is a followup to commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf. See <https://bugs.gnu.org/27621> for more information. Poppler 0.56.0's ABI is not compatible with Poppler 0.52.0, so it's not possible to graft the newer version in place of the older one. This change leaves CVE-2017-9775 unfixed for now. * gnu/packages/patches/poppler-CVE-2017-9776.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (poppler-0.56.0): Replace with ... (poppler/fixed): ... new variable. (poppler)[replacement]: Replaced with poppler/fixed.
Diffstat (limited to 'gnu/packages/pdf.scm')
-rw-r--r--gnu/packages/pdf.scm13
1 files changed, 4 insertions, 9 deletions
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index dce02a7b57..ffd7634eab 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -76,7 +76,7 @@
(define-public poppler
(package
(name "poppler")
- (replacement poppler-0.56.0)
+ (replacement poppler/fixed)
(version "0.52.0")
(source (origin
(method url-fetch)
@@ -130,17 +130,12 @@
(license license:gpl2+)
(home-page "https://poppler.freedesktop.org/")))
-(define poppler-0.56.0
+(define poppler/fixed
(package (inherit poppler)
- (version "0.56.0")
(source
(origin
- (method url-fetch)
- (uri (string-append "https://poppler.freedesktop.org/poppler-"
- version ".tar.xz"))
- (sha256
- (base32
- "0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6"))))))
+ (inherit (package-source poppler))
+ (patches (search-patches "poppler-CVE-2017-9776.patch"))))))
(define-public poppler-qt4
(package/inherit poppler