summary refs log tree commit diff
diff options
context:
space:
mode:
authorpeter woodman <peter@shortbus.org>2023-01-13 07:09:05 -0500
committerpeter woodman <peter@shortbus.org>2023-01-18 13:07:44 -0500
commit92535dbc02b3ab4c04cf3e36c36aec92bb04aa37 (patch)
tree72023d6183ac2ec1af07ee831644629777030f4c
parentea98d035977c05da0da980cf1598c9fa644842ee (diff)
downloadnixpkgs-92535dbc02b3ab4c04cf3e36c36aec92bb04aa37.tar
nixpkgs-92535dbc02b3ab4c04cf3e36c36aec92bb04aa37.tar.gz
nixpkgs-92535dbc02b3ab4c04cf3e36c36aec92bb04aa37.tar.bz2
nixpkgs-92535dbc02b3ab4c04cf3e36c36aec92bb04aa37.tar.lz
nixpkgs-92535dbc02b3ab4c04cf3e36c36aec92bb04aa37.tar.xz
nixpkgs-92535dbc02b3ab4c04cf3e36c36aec92bb04aa37.tar.zst
nixpkgs-92535dbc02b3ab4c04cf3e36c36aec92bb04aa37.zip
giflib: patch to fix CVE-2022-28506
using the same mitigation the fedora project is using
Diffstat
-rw-r--r--pkgs/development/libraries/giflib/default.nix8
1 files changed, 7 insertions, 1 deletions
diff --git a/pkgs/development/libraries/giflib/default.nix b/pkgs/development/libraries/giflib/default.nix
index 795aeb88440..5202dc0edab 100644
--- a/pkgs/development/libraries/giflib/default.nix
+++ b/pkgs/development/libraries/giflib/default.nix
@@ -8,7 +8,13 @@ stdenv.mkDerivation rec {
     sha256 = "1gbrg03z1b6rlrvjyc6d41bc8j1bsr7rm8206gb1apscyii5bnii";
   };
 
-  patches = lib.optional stdenv.hostPlatform.isDarwin
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-28506.patch";
+      url = "https://src.fedoraproject.org/rpms/giflib/raw/2e9917bf13df114354163f0c0211eccc00943596/f/CVE-2022-28506.patch";
+      sha256 = "sha256-TBemEXkuox8FdS9RvjnWcTWPaHRo4crcwSR9czrUwBY=";
+    })
+  ] ++ lib.optional stdenv.hostPlatform.isDarwin
     (fetchpatch {
       # https://sourceforge.net/p/giflib/bugs/133/
       name = "darwin-soname.patch";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-17 20:05:54 +0000