diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-12-09 18:44:02 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-12-09 19:08:07 +0100 |
| commit | 332a800de3f203d509349847dde540d171f163de (patch) | |
| tree | 4fd18ac30a8088e5f52bb3bcc96866df2c3f2113 /pkgs/development/libraries/exiv2/default.nix | |
| parent | c7bf1b8a0eda3c3d8b47449a9c97be50f4e328aa (diff) | |
| download | nixpkgs-332a800de3f203d509349847dde540d171f163de.tar nixpkgs-332a800de3f203d509349847dde540d171f163de.tar.gz nixpkgs-332a800de3f203d509349847dde540d171f163de.tar.bz2 nixpkgs-332a800de3f203d509349847dde540d171f163de.tar.lz nixpkgs-332a800de3f203d509349847dde540d171f163de.tar.xz nixpkgs-332a800de3f203d509349847dde540d171f163de.tar.zst nixpkgs-332a800de3f203d509349847dde540d171f163de.zip | |
exiv2: a batch of security fixes
/cc #32459. I can't see any other CVE patches that are either backported upstream to the 0.26 branch or applied in some distro.
Diffstat (limited to 'pkgs/development/libraries/exiv2/default.nix')
| -rw-r--r-- | pkgs/development/libraries/exiv2/default.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix index a1a07b43197..7f5f1903517 100644 --- a/pkgs/development/libraries/exiv2/default.nix +++ b/pkgs/development/libraries/exiv2/default.nix @@ -7,6 +7,24 @@ stdenv.mkDerivation rec { url = "http://www.exiv2.org/builds/${name}-trunk.tar.gz"; sha256 = "1yza317qxd8yshvqnay164imm0ks7cvij8y8j86p1gqi1153qpn7"; }; + + patches = [ + (fetchurl rec { + name = "CVE-2017-9239.patch"; + url = let patchname = "0006-1296-Fix-submitted.patch"; + in "https://src.fedoraproject.org/lookaside/pkgs/exiv2/${patchname}" + + "/sha512/${sha512}/${patchname}"; + sha512 = "3f9242dbd4bfa9dcdf8c9820243b13dc14990373a800c4ebb6cf7eac5653cfef" + + "e6f2c47a94fbee4ed24f0d8c2842729d721f6100a2b215e0f663c89bfefe9e32"; + }) + (fetchpatch { + # many CVEs - see https://github.com/Exiv2/exiv2/pull/120 + url = "https://patch-diff.githubusercontent.com/raw/Exiv2/exiv2/pull/120.patch"; + sha256 = "1szl22xmh12hibzaqf2zi8zl377x841m52x4jm5lziw6j8g81sj8"; + excludes = [ "test/bugfixes-test.sh" ]; + }) + ]; + postPatch = "patchShebangs ./src/svn_version.sh"; outputs = [ "out" "dev" ]; |