From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([209.51.188.92]:49084) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1goYUW-0006SD-B1 for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1goYUT-0002tN-9T for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:12 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:51548) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1goYUM-0002r8-Pq for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:04 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1goYUM-00024H-HH for guix-patches@gnu.org; Tue, 29 Jan 2019 13:52:02 -0500 Subject: [bug#34198] [PATCH 1/2] gnu: poppler-qt4: Enable qt4 frontend. Resent-Message-ID: References: <20190125164347.17780-1-dannym@scratchpost.org> <20190125164802.17853-1-dannym@scratchpost.org> From: Ricardo Wurmus In-reply-to: <20190125164802.17853-1-dannym@scratchpost.org> Date: Tue, 29 Jan 2019 18:05:22 +0100 Message-ID: <877eenpf71.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Danny Milosavljevic Cc: 34198@debbugs.gnu.org Danny Milosavljevic writes: > * gnu/packages/pdf.scm (poppler-qt4)[version]: Downgrade to 0.61.1. > [source]: Apply CVE patch. > --- > gnu/packages/pdf.scm | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm > index 96c0f9e3a..956e25c6d 100644 > --- a/gnu/packages/pdf.scm > +++ b/gnu/packages/pdf.scm > @@ -174,6 +174,16 @@ When present, Poppler is able to correctly render CJ= K and Cyrillic text.") > (define-public poppler-qt4 > (package/inherit poppler > (name "poppler-qt4") > + (version "0.61.1") > + (source (origin > + (method url-fetch) > + (uri (string-append "https://poppler.freedesktop.org/poppler= -" > + version ".tar.xz")) > + (sha256 > + (base32 > + "1afdrxxkaivvviazxkg5blsf2x24sjkfj92ib0d3q5pm8dihjrhj")) > + (patches > + (append (search-patches "poppler-CVE-2018-19149.patch"))))) > (inputs `(("qt-4" ,qt-4) > ,@(package-inputs poppler))) > (synopsis "Qt4 frontend for the Poppler PDF rendering library"))) Could the previous higher version of the package not be built? Otherwise we=E2=80=99d have to deal with the downgrade somehow to make sure= that installed packages get downgraded to this version as well. --=20 Ricardo