diff options
| author | Graham Christensen <graham@grahamc.com> | 2016-10-19 22:06:50 -0400 |
|---|---|---|
| committer | Graham Christensen <graham@grahamc.com> | 2016-10-19 22:06:50 -0400 |
| commit | d3bda9b6f19d183ee3d69c6f2a635af945f74c17 (patch) | |
| tree | 2cb86a7dcd8e59c78b9b32d4bd1a02de8f5f0c47 /pkgs/development/libraries/libtiff/default.nix | |
| parent | 09e4b78b48fa9b5da00f44d2c01f0f9f16c3d406 (diff) | |
| download | nixpkgs-d3bda9b6f19d183ee3d69c6f2a635af945f74c17.tar nixpkgs-d3bda9b6f19d183ee3d69c6f2a635af945f74c17.tar.gz nixpkgs-d3bda9b6f19d183ee3d69c6f2a635af945f74c17.tar.bz2 nixpkgs-d3bda9b6f19d183ee3d69c6f2a635af945f74c17.tar.lz nixpkgs-d3bda9b6f19d183ee3d69c6f2a635af945f74c17.tar.xz nixpkgs-d3bda9b6f19d183ee3d69c6f2a635af945f74c17.tar.zst nixpkgs-d3bda9b6f19d183ee3d69c6f2a635af945f74c17.zip | |
libtiff: patch for many CVEs
Diffstat (limited to 'pkgs/development/libraries/libtiff/default.nix')
| -rw-r--r-- | pkgs/development/libraries/libtiff/default.nix | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index bb6907c7b04..b632b910f01 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, zlib, libjpeg, xz }: +{ stdenv, fetchurl, fetchpatch, pkgconfig, zlib, libjpeg, xz }: let version = "4.0.6"; @@ -19,6 +19,38 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + patches = [ + (fetchpatch { + url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/01-CVE-2015-8665_and_CVE-2015-8683.patch"; + sha256 = "1c4zmvxj124873al8fvkiv8zq7wx5mv2vd4f1y9w8liv92cm7hkc"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/02-fix_potential_out-of-bound_writes_in_decode_functions.patch"; + sha256 = "0rsc7zh7cdhgcmx2vbjfaqrb0g93a3924ngqkrzb14w5j2fqfbxv"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/03-fix_potential_out-of-bound_write_in_NeXTDecode.patch"; + sha256 = "1s01xhp4sl04yhqhqwp50gh43ykcqk230mmbv62vhy2jh7v0ky3a"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/04-CVE-2016-5314_CVE-2016-5316_CVE-2016-5320_CVE-2016-5875.patch"; + sha256 = "0by35qxpzv9ib3mnh980gd30jf3qmsfp2kl730rq4pq66wpzg9m8"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/05-CVE-2016-6223.patch"; + sha256 = "0rh8ia0wsf5yskzwdjrlbiilc9m0lq0igs42k6922pl3sa1lxzv1"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/06-CVE-2016-5321.patch"; + sha256 = "0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/07-CVE-2016-5323.patch"; + sha256 = "1j6w8g6qizkx5h4aq95kxzx6bgkn4jhc8l22swwhvlkichsh4910"; + }) + + ]; + doCheck = true; meta = with stdenv.lib; { |