Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 8b92a4e60045
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: f737652f02f0
Choose a head ref
  • 1 commit
  • 2 files changed
  • 1 contributor

Commits on Sep 3, 2018

  1. poppler: apply a security patch 

    As backported in Ubuntu.  On unstable the issue is solved by #45916.
I couldn't find their source repo working with current data,
even that salsa.debian.org, so I copied the patch from their tarball.
    @vcunat
    vcunat committed Sep 3, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    RobinMalfait Robin Malfait
    GPG key ID: 92F53D68B9041AFE
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f737652 View commit details
Showing with 23 additions and 0 deletions.
  1. +19 −0 pkgs/development/libraries/poppler/cve-2018-13988.patch
  2. +4 −0 pkgs/development/libraries/poppler/default.nix
19 changes: 19 additions & 0 deletions pkgs/development/libraries/poppler/cve-2018-13988.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
Taken from https://packages.ubuntu.com/source/xenial/poppler
diff --git a/poppler/Parser.cc b/poppler/Parser.cc
index a021994..a1e4d4a 100644
--- a/poppler/Parser.cc
+++ b/poppler/Parser.cc
@@ -145,7 +145,12 @@ Object *Parser::getObj(Object *obj, GBool simpleOnly,
num = buf1.getInt();
shift();
if (buf1.isInt() && buf2.isCmd("R")) {
- obj->initRef(num, buf1.getInt());
+ const int gen = buf1.getInt();
+
+ if (unlikely(num <= 0 || gen < 0)) {
+ return new Object();
+ }
+ obj->initRef(num, gen);
shift();
shift();
} else {
4 changes: 4 additions & 0 deletions pkgs/development/libraries/poppler/default.nix
View file
Original file line number Diff line number Diff line change
@@ -21,6 +21,10 @@ stdenv.mkDerivation rec {
inherit sha256;
};

patches = [
./cve-2018-13988.patch
];

outputs = [ "out" "dev" ];

buildInputs = [ libiconv ] ++ libintlOrEmpty ++ lib.optional withData poppler_data;