HCoop / jackhill / guix / guix.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 447f758) | patch
gnu: poppler: Use an ABI-compatible replacement to fix CVE-2017-9776.
authorLeo Famulari <leo@famulari.name>
Sun, 9 Jul 2017 06:11:33 +0000 (02:11 -0400)
committerLeo Famulari <leo@famulari.name>
Sun, 9 Jul 2017 06:25:27 +0000 (02:25 -0400)
commitb3cc304b3050e89858c88947fbd7d76c108b5d67
treec9db6f5f4e8ebb42c13424677fe4ff762af2da14tree | snapshot (tar.gz zip)
parent447f75825fbe473f0684d4664dde01d9d3a02d75commit | diff
gnu: poppler: Use an ABI-compatible replacement to fix CVE-2017-9776.

This is a followup to commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf.
See <https://bugs.gnu.org/27621> for more information.

Poppler 0.56.0's ABI is not compatible with Poppler 0.52.0, so it's not
possible to graft the newer version in place of the older one.

This change leaves CVE-2017-9775 unfixed for now.

* gnu/packages/patches/poppler-CVE-2017-9776.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler-0.56.0): Replace with ...
(poppler/fixed): ... new variable.
(poppler)[replacement]: Replaced with poppler/fixed.
gnu/local.mk diff | blob | blame | history
gnu/packages/patches/poppler-CVE-2017-9776.patch [new file with mode: 0644] blob
gnu/packages/pdf.scm diff | blob | blame | history
jackhill's copy of GNU Guix: https://guix.gnu.org/