Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xpdf: 4.00 -> 4.02 #68616

Merged
merged 2 commits into from Nov 22, 2019
Merged

xpdf: 4.00 -> 4.02 #68616

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fb8eaec
xpdf: 4.00 -> 4.02
sikmir Sep 12, 2019
747086b
xpdf: add knownVulnerabilities
sikmir Nov 12, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
57 changes: 40 additions & 17 deletions pkgs/applications/misc/xpdf/default.nix
View file
Open in desktop
@@ -1,20 +1,22 @@
{ enableGUI ? true, enablePDFtoPPM ? true, useT1Lib ? false
, stdenv, fetchurl, zlib, libpng, freetype ? null, t1lib ? null
, cmake, qtbase ? null, qtsvg ? null, wrapQtAppsHook
{ enableGUI ? true
, enablePDFtoPPM ? true
, enablePrinting ? true
, stdenv, fetchzip, cmake, makeDesktopItem
, zlib, libpng, cups ? null, freetype ? null
, qtbase ? null, qtsvg ? null, wrapQtAppsHook
}:

assert enableGUI -> qtbase != null && qtsvg != null && freetype != null;
assert enablePDFtoPPM -> freetype != null;
assert useT1Lib -> t1lib != null;
assert enablePrinting -> cups != null;

assert !useT1Lib; # t1lib has multiple unpatched security vulnerabilities
stdenv.mkDerivation rec {
pname = "xpdf";
version = "4.02";

stdenv.mkDerivation {
name = "xpdf-4.00";

src = fetchurl {
url = http://www.xpdfreader.com/dl/xpdf-4.00.tar.gz;
sha256 = "1mhn89738vjva14xr5gblc2zrdgzmpqbbjdflqdmpqv647294ggz";
src = fetchzip {
url = "https://xpdfreader-dl.s3.amazonaws.com/${pname}-${version}.tar.gz";
sha256 = "0dzwq6fnk013wa4l5mjpvm4mms2mh5hbrxv4rhk2ab5ljbzz7b2w";
};

# Fix "No known features for CXX compiler", see
Expand All @@ -26,20 +28,33 @@ stdenv.mkDerivation {
[ cmake ]
++ stdenv.lib.optional enableGUI wrapQtAppsHook;

cmakeFlags = ["-DSYSTEM_XPDFRC=/etc/xpdfrc" "-DA4_PAPER=ON"];
cmakeFlags = ["-DSYSTEM_XPDFRC=/etc/xpdfrc" "-DA4_PAPER=ON" "-DOPI_SUPPORT=ON"]
++ stdenv.lib.optional (!enablePrinting) "-DXPDFWIDGET_PRINTING=OFF";

buildInputs = [ zlib libpng ] ++
stdenv.lib.optional enableGUI qtbase ++
stdenv.lib.optional useT1Lib t1lib ++
stdenv.lib.optional enablePrinting cups ++
stdenv.lib.optional enablePDFtoPPM freetype;

# Debian uses '-fpermissive' to bypass some errors on char* constantness.
CXXFLAGS = "-O2 -fpermissive";

hardeningDisable = [ "format" ];

desktopItem = makeDesktopItem {
name = "xpdf";
desktopName = "Xpdf";
comment = "Views Adobe PDF files";
icon = "xpdf";
exec = "xpdf %f";
categories = "Office;";
terminal = "false";
};

postInstall = ''
install -Dm644 ${desktopItem}/share/applications/xpdf.desktop $out/share/applications/xpdf.desktop
install -Dm644 $src/xpdf-qt/xpdf-icon.svg $out/share/pixmaps/xpdf.svg
'';

meta = with stdenv.lib; {
homepage = https://www.xpdfreader.com;
homepage = "https://www.xpdfreader.com";
description = "Viewer for Portable Document Format (PDF) files";
longDescription = ''
XPDF includes multiple tools for viewing and processing PDF files.
Expand All @@ -56,5 +71,13 @@ stdenv.mkDerivation {
'';
license = with licenses; [ gpl2 gpl3 ];
platforms = platforms.unix;
maintainers = with maintainers; [ sikmir ];
knownVulnerabilities = [
worldofpeace marked this conversation as resolved.
Show resolved Hide resolved
"CVE-2018-7453: loop in PDF objects"
"CVE-2018-16369: loop in PDF objects"
"CVE-2019-9587: loop in PDF objects"
"CVE-2019-9588: loop in PDF objects"
"CVE-2019-16088: loop in PDF objects"
];
};
}