diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-12-11 09:52:20 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-12-11 09:52:20 +0100 |
| commit | a2799407e8ab387912ffaaae34d988d2973c7188 (patch) | |
| tree | 8644e09a3cfb1e5b823b88cd6d001aeda7f0ba2f | |
| parent | e9c12f6936b877eb707203f12170bac85255db50 (diff) | |
| parent | aa9fbd036f1da94b13c3fbaf822dd3915b4213cb (diff) | |
| download | nixpkgs-a2799407e8ab387912ffaaae34d988d2973c7188.tar nixpkgs-a2799407e8ab387912ffaaae34d988d2973c7188.tar.gz nixpkgs-a2799407e8ab387912ffaaae34d988d2973c7188.tar.bz2 nixpkgs-a2799407e8ab387912ffaaae34d988d2973c7188.tar.lz nixpkgs-a2799407e8ab387912ffaaae34d988d2973c7188.tar.xz nixpkgs-a2799407e8ab387912ffaaae34d988d2973c7188.tar.zst nixpkgs-a2799407e8ab387912ffaaae34d988d2973c7188.zip | |
Merge: openexr: upstream security patch
| -rw-r--r-- | pkgs/development/libraries/openexr/default.nix | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix index 27a9860c868..d2d8b686f35 100644 --- a/pkgs/development/libraries/openexr/default.nix +++ b/pkgs/development/libraries/openexr/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, zlib, ilmbase }: +{ lib, stdenv, fetchurl, fetchpatch, autoconf, automake, libtool, pkgconfig, zlib, ilmbase }: stdenv.mkDerivation rec { name = "openexr-${lib.getVersion ilmbase}"; @@ -8,6 +8,18 @@ stdenv.mkDerivation rec { sha256 = "0ca2j526n4wlamrxb85y2jrgcv0gf21b3a19rr0gh4rjqkv1581n"; }; + patches = [ + ./bootstrap.patch + (fetchpatch { + # https://github.com/openexr/openexr/issues/232 + # https://github.com/openexr/openexr/issues/238 + name = "CVE-2017-12596.patch"; + url = "https://github.com/openexr/openexr/commit/f09f5f26c1924.patch"; + sha256 = "1d014da7c8cgbak5rgr4mq6wzm7kwznb921pr7nlb52vlfvqp4rs"; + stripLen = 1; + }) + ]; + outputs = [ "bin" "dev" "out" "doc" ]; preConfigure = '' @@ -20,8 +32,6 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - patches = [ ./bootstrap.patch ]; - meta = with stdenv.lib; { homepage = http://www.openexr.com/; license = licenses.bsd3; |