--- Begin Message ---
Subject: |
[PATCH] gnu: poppler: Fix CVE-2017-{9775,9776}. |
Date: |
Thu, 29 Jun 2017 03:21:31 -0400 |
* gnu/packages/pdf.scm (poppler)[replacement]: New field.
(poppler-0.56.0): New variable.
(poppler-qt4, poppler-qt5): Use 'package/inherit'.
---
gnu/packages/pdf.scm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 5ccaa38ee..dce02a7b5 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -76,6 +76,7 @@
(define-public poppler
(package
(name "poppler")
+ (replacement poppler-0.56.0)
(version "0.52.0")
(source (origin
(method url-fetch)
@@ -129,15 +130,27 @@
(license license:gpl2+)
(home-page "https://poppler.freedesktop.org/")))
-(define-public poppler-qt4
+(define poppler-0.56.0
(package (inherit poppler)
+ (version "0.56.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://poppler.freedesktop.org/poppler-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6"))))))
+
+(define-public poppler-qt4
+ (package/inherit poppler
(name "poppler-qt4")
(inputs `(("qt-4" ,qt-4)
,@(package-inputs poppler)))
(synopsis "Qt4 frontend for the Poppler PDF rendering library")))
(define-public poppler-qt5
- (package (inherit poppler)
+ (package/inherit poppler
(name "poppler-qt5")
(inputs `(("qtbase" ,qtbase)
,@(package-inputs poppler)))
--
2.13.2
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#27524] [PATCH] gnu: poppler: Fix CVE-2017-{9775,9776}. |
Date: |
Thu, 29 Jun 2017 16:51:49 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Thu, Jun 29, 2017 at 06:13:03PM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
>
> > * gnu/packages/pdf.scm (poppler)[replacement]: New field.
> > (poppler-0.56.0): New variable.
> > (poppler-qt4, poppler-qt5): Use 'package/inherit'.
>
> LGTM! I assume 0.52.0 and 0.56.0 are ABI-compatible.
Yes, they are ABI-compatible as far as I can tell. I tried
cherry-picking the upstream patches but they don't apply cleanly to
poppler 0.52.0, which I why I decided to use the updated poppler as the
replacement.
Thanks for the review!
Pushed as 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf.
signature.asc
Description: PGP signature
--- End Message ---