From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([209.51.188.92]:49084)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1goYUW-0006SD-B1
	for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:13 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1goYUT-0002tN-9T
	for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:12 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:51548)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1goYUM-0002r8-Pq
	for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:04 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1goYUM-00024H-HH
	for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:02 -0500
Subject: [bug#34198] [PATCH 1/2] gnu: poppler-qt4: Enable qt4 frontend.
Resent-Message-ID: <handler.34198.B34198.15487879077927@debbugs.gnu.org>
References: <20190125164347.17780-1-dannym@scratchpost.org>
	<20190125164802.17853-1-dannym@scratchpost.org>
From: Ricardo Wurmus <rekado@elephly.net>
In-reply-to: <20190125164802.17853-1-dannym@scratchpost.org>
Date: Tue, 29 Jan 2019 18:05:22 +0100
Message-ID: <877eenpf71.fsf@elephly.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: 34198@debbugs.gnu.org


Danny Milosavljevic <dannym@scratchpost.org> writes:

> * gnu/packages/pdf.scm (poppler-qt4)[version]: Downgrade to 0.61.1.
> [source]: Apply CVE patch.
> ---
>  gnu/packages/pdf.scm | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
> index 96c0f9e3a..956e25c6d 100644
> --- a/gnu/packages/pdf.scm
> +++ b/gnu/packages/pdf.scm
> @@ -174,6 +174,16 @@ When present, Poppler is able to correctly render CJ=
K and Cyrillic text.")
>  (define-public poppler-qt4
>    (package/inherit poppler
>     (name "poppler-qt4")
> +   (version "0.61.1")
> +   (source (origin
> +            (method url-fetch)
> +            (uri (string-append "https://poppler.freedesktop.org/poppler=
-"
> +                                version ".tar.xz"))
> +            (sha256
> +             (base32
> +              "1afdrxxkaivvviazxkg5blsf2x24sjkfj92ib0d3q5pm8dihjrhj"))
> +            (patches
> +             (append (search-patches "poppler-CVE-2018-19149.patch")))))
>     (inputs `(("qt-4" ,qt-4)
>               ,@(package-inputs poppler)))
>     (synopsis "Qt4 frontend for the Poppler PDF rendering library")))

Could the previous higher version of the package not be built?
Otherwise we=E2=80=99d have to deal with the downgrade somehow to make sure=
 that
installed packages get downgraded to this version as well.

--=20
Ricardo