diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2019-02-19 11:02:38 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2019-02-19 11:02:38 +0100 |
commit | 98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4 (patch) | |
tree | 9db838eb570f63600d5cd716ee453944189c81e8 /pkgs/development/libraries/libpng | |
parent | 23191f045ddb7224fb2acd6f6d835a1c4d367980 (diff) | |
download | nixpkgs-98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4.tar nixpkgs-98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4.tar.gz nixpkgs-98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4.tar.bz2 nixpkgs-98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4.tar.lz nixpkgs-98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4.tar.xz nixpkgs-98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4.tar.zst nixpkgs-98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4.zip |
libpng: apply patches from Debian
- first unbreaks ARM builds - second fixes a low-severity CVE These only get applied on aarch64 *for now*, to iterate staging faster.
Diffstat (limited to 'pkgs/development/libraries/libpng')
-rw-r--r-- | pkgs/development/libraries/libpng/default.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix index 9fc7d771202..206472187b0 100644 --- a/pkgs/development/libraries/libpng/default.nix +++ b/pkgs/development/libraries/libpng/default.nix @@ -18,6 +18,17 @@ in stdenv.mkDerivation rec { url = "mirror://sourceforge/libpng/libpng-${version}.tar.xz"; sha256 = "06d35a3xz2a0kph82r56hqm1fn8fbwrqs07xzmr93dx63x695szc"; }; + patches = if !stdenv.hostPlatform.isAarch64 then null # temporarily avoid rebuild + else [ + (fetchurl { # https://github.com/glennrp/libpng/issues/266 + url = "https://salsa.debian.org/debian/libpng1.6/raw/0e1348f3d/debian/patches/272.patch"; + sha256 = "1d36khgryq2p27bdx10xrr4kcjr7cdfdj2zhdcjzznpnpns97s6n"; + }) + (fetchurl { # https://github.com/glennrp/libpng/issues/275 + url = "https://salsa.debian.org/debian/libpng1.6/raw/853d1977/debian/patches/CVE-2019-7317.patch"; + sha256 = "0c8qc176mqh08kcxlnx40rzdggchihkrlzqw6qg6lf0c9ygkf55k"; + }) + ]; postPatch = whenPatched "gunzip < ${patch_src} | patch -Np1"; outputs = [ "out" "dev" "man" ]; |