poppler: apply patch for CVE-2024-6239

I preferred to pull the patch instead of bumping to the latest version. It seems to requires multiple compatibility patches (not released yet) to make `inkscape` happy.
2025-02-27 14:34:33 +00:00 · 2024-06-29 01:17:50 +02:00 · 2024-06-29 01:17:50 +02:00 · e89babc6c2
commit e89babc6c2
parent 11d1d2e458
1 changed files with 10 additions and 0 deletions
--- a/pkgs/development/libraries/poppler/default.nix
+++ b/pkgs/development/libraries/poppler/default.nix
@ -2,6 +2,7 @@
 , stdenv
 , fetchurl
 , fetchFromGitLab
+, fetchpatch
 , cairo
 , cmake
 , boost
@ -55,6 +56,15 @@ stdenv.mkDerivation (finalAttrs: rec {
    hash = "sha256-GRh6P90F8z59YExHmcGD3lygEYZAyIs3DdzzE2NDIi4=";
  };

+  patches = [
+    (fetchpatch {
+      # https://access.redhat.com/security/cve/CVE-2024-6239
+      name = "CVE-2024-6239.patch";
+      url = "https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4.patch";
+      hash = "sha256-I78wJ4l1DSh+x/e00ZL8uvrGdBH+ufp+EDm0A1XWyCU=";
+    })
+  ];
+
  nativeBuildInputs = [
    cmake
    ninja