diff options
author | Robert Scott <code@humanleg.org.uk> | 2023-05-31 22:11:15 +0100 |
---|---|---|
committer | Robert Scott <code@humanleg.org.uk> | 2023-05-31 22:12:42 +0100 |
commit | 0c813b23401e2472028e23e8c0111512e6396882 (patch) | |
tree | e87784aefe2d407c8c9d8796895552099026640e /pkgs/development/libraries/opencv | |
parent | 12e7ca90d8ffe8984cc03eaf2247737519595223 (diff) | |
download | nixpkgs-0c813b23401e2472028e23e8c0111512e6396882.tar nixpkgs-0c813b23401e2472028e23e8c0111512e6396882.tar.gz nixpkgs-0c813b23401e2472028e23e8c0111512e6396882.tar.bz2 nixpkgs-0c813b23401e2472028e23e8c0111512e6396882.tar.lz nixpkgs-0c813b23401e2472028e23e8c0111512e6396882.tar.xz nixpkgs-0c813b23401e2472028e23e8c0111512e6396882.tar.zst nixpkgs-0c813b23401e2472028e23e8c0111512e6396882.zip |
opencv: add patches for CVE-2023-2617 & CVE-2023-2618
Diffstat (limited to 'pkgs/development/libraries/opencv')
-rw-r--r-- | pkgs/development/libraries/opencv/4.x.nix | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 5f994884861..3f120e2558f 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -2,6 +2,7 @@ , stdenv , fetchurl , fetchFromGitHub +, fetchpatch , cmake , pkg-config , unzip @@ -275,6 +276,21 @@ stdenv.mkDerivation { # Ensures that we use the system OpenEXR rather than the vendored copy of the source included with OpenCV. patches = [ ./cmake-don-t-use-OpenCVFindOpenEXR.patch + ] ++ lib.optionals enableContrib [ + (fetchpatch { + name = "CVE-2023-2617.patch"; + url = "https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c.patch"; + stripLen = 2; + extraPrefix = [ "opencv_contrib/" ]; + sha256 = "sha256-drZ+DVn+Pk4zAZJ+LgX5u3Tz7MU0AEI/73EVvxDP3AU="; + }) + (fetchpatch { + name = "CVE-2023-2618.patch"; + url = "https://github.com/opencv/opencv_contrib/commit/ec406fa4748fb4b0630c1b986469e7918d5e8953.patch"; + stripLen = 2; + extraPrefix = [ "opencv_contrib/" ]; + sha256 = "sha256-cB5Tsh2fDOsc0BNtSzd6U/QoCjkd9yMW1QutUU69JJ0="; + }) ] ++ lib.optional enableCuda ./cuda_opt_flow.patch; # This prevents cmake from using libraries in impure paths (which |