emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#27524: closed ([PATCH] gnu: poppler: Fix CVE-2017-


From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#27524: closed ([PATCH] gnu: poppler: Fix CVE-2017-{9775, 9776}.)
Date: Thu, 29 Jun 2017 20:53:02 +0000

Your message dated Thu, 29 Jun 2017 16:51:49 -0400
with message-id <address@hidden>
and subject line Re: [bug#27524] [PATCH] gnu: poppler: Fix CVE-2017-{9775,9776}.
has caused the debbugs.gnu.org bug report #27524,
regarding [PATCH] gnu: poppler: Fix CVE-2017-{9775,9776}.
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
27524: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27524
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: [PATCH] gnu: poppler: Fix CVE-2017-{9775,9776}. Date: Thu, 29 Jun 2017 03:21:31 -0400
* gnu/packages/pdf.scm (poppler)[replacement]: New field.
(poppler-0.56.0): New variable.
(poppler-qt4, poppler-qt5): Use 'package/inherit'.
---
 gnu/packages/pdf.scm | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 5ccaa38ee..dce02a7b5 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -76,6 +76,7 @@
 (define-public poppler
   (package
    (name "poppler")
+   (replacement poppler-0.56.0)
    (version "0.52.0")
    (source (origin
             (method url-fetch)
@@ -129,15 +130,27 @@
    (license license:gpl2+)
    (home-page "https://poppler.freedesktop.org/";)))
 
-(define-public poppler-qt4
+(define poppler-0.56.0
   (package (inherit poppler)
+  (version "0.56.0")
+  (source
+    (origin
+      (method url-fetch)
+      (uri (string-append "https://poppler.freedesktop.org/poppler-";
+                          version ".tar.xz"))
+      (sha256
+       (base32
+        "0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6"))))))
+
+(define-public poppler-qt4
+  (package/inherit poppler
    (name "poppler-qt4")
    (inputs `(("qt-4" ,qt-4)
              ,@(package-inputs poppler)))
    (synopsis "Qt4 frontend for the Poppler PDF rendering library")))
 
 (define-public poppler-qt5
-  (package (inherit poppler)
+  (package/inherit poppler
    (name "poppler-qt5")
    (inputs `(("qtbase" ,qtbase)
              ,@(package-inputs poppler)))
-- 
2.13.2




--- End Message ---
--- Begin Message --- Subject: Re: [bug#27524] [PATCH] gnu: poppler: Fix CVE-2017-{9775,9776}. Date: Thu, 29 Jun 2017 16:51:49 -0400 User-agent: Mutt/1.8.3 (2017-05-23)
On Thu, Jun 29, 2017 at 06:13:03PM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
> 
> > * gnu/packages/pdf.scm (poppler)[replacement]: New field.
> > (poppler-0.56.0): New variable.
> > (poppler-qt4, poppler-qt5): Use 'package/inherit'.
> 
> LGTM!  I assume 0.52.0 and 0.56.0 are ABI-compatible.

Yes, they are ABI-compatible as far as I can tell. I tried
cherry-picking the upstream patches but they don't apply cleanly to
poppler 0.52.0, which I why I decided to use the updated poppler as the
replacement.

Thanks for the review!

Pushed as 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf.

Attachment: signature.asc
Description: PGP signature


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]