From 021bf6af182099dbb0178e19a2f461aeb0eef686 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 13 Nov 2018 10:33:27 -0500
Subject: gnu: Poppler: Fix CVE-2018-19149.

* gnu/packages/patches/poppler-CVE-2018-19149.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler)[replacement]: New field.
(poppler/fixed): New variable.
(poppler-qt4, poppler-qt5): Use package/inherit.
---
 gnu/packages/pdf.scm | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'gnu/packages/pdf.scm')

diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index dc966b64d8..9ffc5cb9bb 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -82,6 +82,7 @@
 (define-public poppler
   (package
    (name "poppler")
+   (replacement poppler/fixed)
    (version "0.63.0")
    (source (origin
             (method url-fetch)
@@ -127,6 +128,14 @@
    (license license:gpl2+)
    (home-page "https://poppler.freedesktop.org/")))
 
+(define poppler/fixed
+  (package
+    (inherit poppler)
+    (source (origin
+              (inherit (package-source poppler))
+              (patches (append (origin-patches (package-source poppler))
+                               (search-patches "poppler-CVE-2018-19149.patch")))))))
+
 (define-public poppler-data
   (package
     (name "poppler-data")
@@ -158,14 +167,14 @@ When present, Poppler is able to correctly render CJK and Cyrillic text.")
                    license:gpl2))))
 
 (define-public poppler-qt4
-  (package (inherit poppler)
+  (package/inherit poppler
    (name "poppler-qt4")
    (inputs `(("qt-4" ,qt-4)
              ,@(package-inputs poppler)))
    (synopsis "Qt4 frontend for the Poppler PDF rendering library")))
 
 (define-public poppler-qt5
-  (package (inherit poppler)
+  (package/inherit poppler
    (name "poppler-qt5")
    (inputs `(("qtbase" ,qtbase)
              ,@(package-inputs poppler)))
-- 
cgit v1.2.3