diff options
Diffstat (limited to 'pkgs/development/libraries/libwebp/default.nix')
-rw-r--r-- | pkgs/development/libraries/libwebp/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libwebp/default.nix b/pkgs/development/libraries/libwebp/default.nix index 39a7ab3ba45..287c0b6b18b 100644 --- a/pkgs/development/libraries/libwebp/default.nix +++ b/pkgs/development/libraries/libwebp/default.nix @@ -36,6 +36,14 @@ stdenv.mkDerivation rec { hash = "sha256-Q94avvKjPdwdGt5ADo30cf2V4T7MCTubDHJxTtbG4xQ="; }; + patches = [ + # Commit 902bc919 from upstream, mangled slightly to apply onto 1.3.1. + # There is currently (2023-09-12) no confirmation that this is the fix for + # CVE-2023-4863, but it is linked to the right crbug, and matches the + # description of that (critical sev, exploited in the wild) CVE. + ./CVE-2023-4863.patch + ]; + configureFlags = [ (lib.enableFeature threadingSupport "threading") (lib.enableFeature openglSupport "gl") |