Merge staging into staging-next

author: Frederik Rietdijk <fridh@fridh.nl> 2019-11-03 14:01:48 +0100
committer: Frederik Rietdijk <fridh@fridh.nl> 2019-11-03 14:01:48 +0100
commit: 57a079ab30fbd95bb65900740b258c0a600f8912 (patch)
tree: 3b1486684a22cff0003bd6edaf9ecff42413634f /pkgs/development/libraries
parent: 6ae60c48b09da20c73788df436a4aaaef49b51ae (diff)
parent: 9d59d57d4504655a2b71a5fcf769978492525a43 (diff)
download: nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar
nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.gz
nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.bz2
nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.lz
nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.xz
nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.zst
nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.zip
22 files changed, 123 insertions, 43 deletions
diff --git a/pkgs/development/libraries/at-spi2-atk/default.nix b/pkgs/development/libraries/at-spi2-atk/default.nix
index 4af9c9ce32b..f63a341e26e 100644
--- a/pkgs/development/libraries/at-spi2-atk/default.nix
+++ b/pkgs/development/libraries/at-spi2-atk/default.nix
@@ -16,11 +16,11 @@
 
 stdenv.mkDerivation rec {
   pname = "at-spi2-atk";
-  version = "2.34.0";
+  version = "2.34.1";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "00250s72ii8w6lb6ww61v49y9k4cswfj0hhawqlram7bl6b7x6is";
+    sha256 = "05ncp7s5nddjinffs26mcvpbd63vk1m3cv5y530p3plgfhqgjvbp";
   };
 
   nativeBuildInputs = [ meson ninja pkgconfig ];
diff --git a/pkgs/development/libraries/check/default.nix b/pkgs/development/libraries/check/default.nix
index 08610d1e9af..6a94d9a71ce 100644
--- a/pkgs/development/libraries/check/default.nix
+++ b/pkgs/development/libraries/check/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   pname = "check";
-  version = "0.12.0";
+  version = "0.13.0";
 
   src = fetchurl {
     url = "https://github.com/libcheck/check/releases/download/${version}/check-${version}.tar.gz";
-    sha256 = "0d22h8xshmbpl9hba9ch3xj8vb9ybm5akpsbbh7yj07fic4h2hj6";
+    sha256 = "02crar51gniijrrl9p8f9maibnwc33n76kw5cqr7xk3s8hqnncy4";
   };
 
   # Test can randomly fail: http://hydra.nixos.org/build/7243912
diff --git a/pkgs/development/libraries/fdk-aac/default.nix b/pkgs/development/libraries/fdk-aac/default.nix
index 70269002e2f..16560f19c86 100644
--- a/pkgs/development/libraries/fdk-aac/default.nix
+++ b/pkgs/development/libraries/fdk-aac/default.nix
@@ -5,11 +5,11 @@
 with stdenv.lib;
 stdenv.mkDerivation rec {
   pname = "fdk-aac";
-  version = "2.0.0";
+  version = "2.0.1";
 
   src = fetchurl {
     url = "mirror://sourceforge/opencore-amr/fdk-aac/${pname}-${version}.tar.gz";
-    sha256 = "0v6rbyw9f9lpfvcg3v1qyapga5hqfnb3wp3x5yaxpwcgjw7ydmpp";
+    sha256 = "0wgjjc0dfkm2w966lc9c8ir8f671vl1ppch3mya3h58jjjm360c4";
   };
 
   configureFlags = [ ]
diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index 68bc169bb89..494d0a61f06 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -48,11 +48,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "glib";
-  version = "2.62.1";
+  version = "2.62.2";
 
   src = fetchurl {
     url = "mirror://gnome/sources/glib/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "1pzrw2x9r0kyghrvwdbx3nqn2wcrrxy962f5gbdacwh83m705n9x";
+    sha256 = "1wdkvqq6fkk99smmnjg7d999v4qhbgs7halwfcwz0vgp2fj29239";
   };
 
   patches = optionals stdenv.isDarwin [
diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix
index af225cc50f2..9c9f19b124d 100644
--- a/pkgs/development/libraries/gnu-efi/default.nix
+++ b/pkgs/development/libraries/gnu-efi/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "gnu-efi";
-  version = "3.0.9";
+  version = "3.0.11";
 
   src = fetchurl {
     url = "mirror://sourceforge/gnu-efi/${pname}-${version}.tar.bz2";
-    sha256 = "1w3p4aqlc5j93q44la7dc8cr3hky20zvsd0h0k2lyzhwmrzfl5b7";
+    sha256 = "1ffnc4xbzfggs37ymrgfx76j56kk2644c081ivhr2bjkla9ag3gj";
   };
 
   buildInputs = [ pciutils ];
diff --git a/pkgs/development/libraries/gtest/default.nix b/pkgs/development/libraries/gtest/default.nix
index 5fecd45b7da..4326be59724 100644
--- a/pkgs/development/libraries/gtest/default.nix
+++ b/pkgs/development/libraries/gtest/default.nix
@@ -3,7 +3,7 @@
 
 stdenv.mkDerivation rec {
   pname = "gtest";
-  version = "1.8.1";
+  version = "1.10.0";
 
   outputs = [ "out" "dev" ];
 
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
     owner = "google";
     repo = "googletest";
     rev = "release-${version}";
-    sha256 = "0270msj6n7mggh4xqqjp54kswbl7mkcc8px1p5dqdpmw5ngh9fzk";
+    sha256 = "1zbmab9295scgg4z2vclgfgjchfjailjnvzc6f5x9jvlsdi3dpwz";
   };
 
   patches = [
diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix
index 361ac4f27aa..42f68eea83f 100644
--- a/pkgs/development/libraries/harfbuzz/default.nix
+++ b/pkgs/development/libraries/harfbuzz/default.nix
@@ -8,7 +8,7 @@
 }:
 
 let
-  version = "2.6.2";
+  version = "2.6.4";
   inherit (stdenv.lib) optional optionals optionalString;
 in
 
@@ -17,7 +17,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.xz";
-    sha256 = "097ncrkaawdzpgwlrpp4kwciq4z5pqz2n4f3yra5vc7jyxr6lk1v";
+    sha256 = "04iwq13w6zkdhljmsxrzgg4fyh04qnwfn57rgrl9kmijc7cvh4wl";
   };
 
   postPatch = ''
diff --git a/pkgs/development/libraries/ilmbase/default.nix b/pkgs/development/libraries/ilmbase/default.nix
index 5cc0f7c1f46..82d5583c55f 100644
--- a/pkgs/development/libraries/ilmbase/default.nix
+++ b/pkgs/development/libraries/ilmbase/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, buildPackages, automake, autoconf, libtool, which }:
+{ stdenv, fetchurl, buildPackages, automake, autoconf, libtool, which,
+  fetchpatch }:
 
 stdenv.mkDerivation rec {
   pname = "ilmbase";
@@ -21,7 +22,17 @@ stdenv.mkDerivation rec {
 
   NIX_CFLAGS_LINK = [ "-pthread" ];
 
-  patches = [ ./bootstrap.patch ./cross.patch ];
+  patches = [
+    ./bootstrap.patch
+    ./cross.patch
+    (fetchpatch {
+      name = "CVE-2018-18443.patch";
+      url = "https://github.com/kdt3rd/openexr/commit/5fa930b82cff2db386c64ca512af19e60c14d32a.patch";
+      sha256 = "1j6xd0qkx99acc1szycxaj0wwp01yac67jz48hwc4fwwpz8blx4s";
+      stripLen = 1;
+      excludes = [ "CHANGES.md" ];
+    })
+  ];
 
   # fails 1 out of 1 tests with
   # "lt-ImathTest: testBoxAlgo.cpp:892: void {anonymous}::boxMatrixTransform(): Assertion `b21 == b2' failed"
diff --git a/pkgs/development/libraries/jbig2dec/default.nix b/pkgs/development/libraries/jbig2dec/default.nix
index 31c9c89d96f..35fbdfe488a 100644
--- a/pkgs/development/libraries/jbig2dec/default.nix
+++ b/pkgs/development/libraries/jbig2dec/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, python, autoconf }:
 
 stdenv.mkDerivation rec {
-  name = "jbig2dec-0.16";
+  name = "jbig2dec-0.17";
 
   src = fetchurl {
-    url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/${name}.tar.gz";
-    sha256 = "00h61y7bh3z6mqfzxyb318gyh0f8jwarg4hvlrm83rqps8avzxm4";
+    url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs950/${name}.tar.gz";
+    sha256 = "0wpvslmwazia3z8gyk343kbq6yj47pxr4x5yjvx332v309qssazp";
   };
 
   postPatch = ''
diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix
index 050cba5460d..903a1a26eb7 100644
--- a/pkgs/development/libraries/libical/default.nix
+++ b/pkgs/development/libraries/libical/default.nix
@@ -15,7 +15,7 @@
 
 stdenv.mkDerivation rec {
   pname = "libical";
-  version = "3.0.5";
+  version = "3.0.6";
 
   outputs = [ "out" "dev" ]; # "devdoc" ];
 
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
     owner = "libical";
     repo = "libical";
     rev = "v${version}";
-    sha256 = "03kjc4s1svmzkmzkr0irgczq37aslhj4bxnvjqav0jwa2zrynhra";
+    sha256 = "181lf07fj36fp0rbcjjmb53yzdvv9i4qxpnbpax8hayjhha8pjh3";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix
index 044ef2dd6a7..2085d27a1ee 100644
--- a/pkgs/development/libraries/libinput/default.nix
+++ b/pkgs/development/libraries/libinput/default.nix
@@ -27,11 +27,11 @@ in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   pname = "libinput";
-  version = "1.14.1";
+  version = "1.14.3";
 
   src = fetchurl {
     url = "https://www.freedesktop.org/software/libinput/${pname}-${version}.tar.xz";
-    sha256 = "0w7fas37mp2k06f12i3lnj717lw73asziknj6z51kh1m50ja6cz3";
+    sha256 = "1dy58j8dvr7ri34bx0lppmh5638m956azgwk501w373hi42kmsqg";
   };
 
   outputs = [ "bin" "out" "dev" ];
diff --git a/pkgs/development/libraries/libmicrohttpd/default.nix b/pkgs/development/libraries/libmicrohttpd/default.nix
index 866edcc437c..c8340626935 100644
--- a/pkgs/development/libraries/libmicrohttpd/default.nix
+++ b/pkgs/development/libraries/libmicrohttpd/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "libmicrohttpd";
-  version = "0.9.67";
+  version = "0.9.68";
 
   src = fetchurl {
     url = "mirror://gnu/libmicrohttpd/${pname}-${version}.tar.gz";
-    sha256 = "1584lv2miq7sp7yjd58lcbddh3yh5p8f9gbygn1d96fh4ckqa7vy";
+    sha256 = "0q8bc4hrxn6llml7w2vam6n833x8injs39wgdkhwkawr50m6wwf5";
   };
 
   outputs = [ "out" "dev" "devdoc" "info" ];
diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix
index e54098b4459..e9a67c5d059 100644
--- a/pkgs/development/libraries/librsvg/default.nix
+++ b/pkgs/development/libraries/librsvg/default.nix
@@ -4,14 +4,14 @@
 
 let
   pname = "librsvg";
-  version = "2.46.1";
+  version = "2.46.3";
 in
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
-    sha256 = "0hvnqrgfi8c2xh94gxs6xwwg1m2z3l0lblqs2anlx8k3g9ag589d";
+    sha256 = "1s3a96i7f4pynjwxxvhysp4b6r7kyi8nasdxfyi62hc7gm34d3kn";
   };
 
   outputs = [ "out" "dev" "installedTests" ];
diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix
index f9b49a46ebf..3c4f90edecc 100644
--- a/pkgs/development/libraries/libuv/default.nix
+++ b/pkgs/development/libraries/libuv/default.nix
@@ -1,14 +1,14 @@
 { stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, pkgconfig, ApplicationServices, CoreServices }:
 
 stdenv.mkDerivation rec {
-  version = "1.32.0";
+  version = "1.33.1";
   pname = "libuv";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "1ifazxr5ssw2ay6j66acaxgfwq0x8130fvsyjs1wxvf2r9g4ds9w";
+    sha256 = "13w60g9pc6998v8plslwpwn7f1hx3c1y4zhgmw025nyd504h5lak";
   };
 
   postPatch = let
diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix
index 04954f3e1f5..7ed50f61224 100644
--- a/pkgs/development/libraries/libxml2/default.nix
+++ b/pkgs/development/libraries/libxml2/default.nix
@@ -1,15 +1,12 @@
 { stdenv, lib, fetchurl
-, zlib, xz, python2, ncurses, findXMLCatalogs
+, zlib, xz, python, ncurses, findXMLCatalogs
 , pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
 , icuSupport ? false, icu ? null
 , enableShared ? stdenv.hostPlatform.libc != "msvcrt"
 , enableStatic ? !enableShared,
 }:
 
-let
-  python = python2;
-
-in stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   pname = "libxml2";
   version = "2.9.9";
 
@@ -17,6 +14,20 @@ in stdenv.mkDerivation rec {
     url = "http://xmlsoft.org/sources/${pname}-${version}.tar.gz";
     sha256 = "0wd881jzvqayx0ihzba29jl80k06xj9ywp16kxacdqs3064p1ywl";
   };
+  patches = [
+    # Upstream bugs:
+    #   https://bugzilla.gnome.org/show_bug.cgi?id=789714
+    #   https://gitlab.gnome.org/GNOME/libxml2/issues/64
+    # Patch from https://bugzilla.opensuse.org/show_bug.cgi?id=1065270 ,
+    # but only the UTF-8 part.
+    # Can also be mitigated by fixing malformed XML inputs, such as in
+    # https://gitlab.gnome.org/GNOME/gnumeric/merge_requests/3 .
+    # Other discussion:
+    #   https://github.com/itstool/itstool/issues/22
+    #   https://github.com/NixOS/nixpkgs/pull/63174
+    #   https://github.com/NixOS/nixpkgs/pull/72342
+    ./utf8-xmlErrorFuncHandler.patch
+  ];
 
   outputs = [ "bin" "dev" "out" "man" "doc" ]
     ++ lib.optional pythonSupport "py"
diff --git a/pkgs/development/libraries/libxml2/utf8-xmlErrorFuncHandler.patch b/pkgs/development/libraries/libxml2/utf8-xmlErrorFuncHandler.patch
new file mode 100644
index 00000000000..9f4c99b0934
--- /dev/null
+++ b/pkgs/development/libraries/libxml2/utf8-xmlErrorFuncHandler.patch
@@ -0,0 +1,30 @@
+Index: libxml2-2.9.5/python/libxml.c
+===================================================================
+--- libxml2-2.9.5.orig/python/libxml.c
++++ libxml2-2.9.5/python/libxml.c
+@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+     PyObject *message;
+     PyObject *result;
+     char str[1000];
++    unsigned char *ptr = (unsigned char *)str;
+ 
+ #ifdef DEBUG_ERROR
+     printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
+@@ -1636,10 +1637,16 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+ 	    str[999] = 0;
+         va_end(ap);
+ 
++#if PY_MAJOR_VERSION >= 3
++        /* Ensure the error string doesn't start at UTF8 continuation. */
++        while (*ptr && (*ptr & 0xc0) == 0x80)
++            ptr++;
++#endif
++
+         list = PyTuple_New(2);
+         PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
+         Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
+-        message = libxml_charPtrConstWrap(str);
++        message = libxml_charPtrConstWrap(ptr);
+         PyTuple_SetItem(list, 1, message);
+         result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
+         Py_XDECREF(list);
diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix
index 1a3efee176a..ed77a1873a8 100644
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@@ -1,9 +1,9 @@
-{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs, python2, libgcrypt
+{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs, python, libgcrypt
 , cryptoSupport ? false
 , pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
 }:
 
-assert pythonSupport -> python2 != null;
+assert pythonSupport -> python != null;
 assert pythonSupport -> libxml2.pythonSupport;
 
 with stdenv.lib;
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
   outputs = [ "bin" "dev" "out" "man" "doc" ] ++ stdenv.lib.optional pythonSupport "py";
 
   buildInputs = [ libxml2.dev ]
-    ++ stdenv.lib.optionals pythonSupport [ libxml2.py python2 ]
+    ++ stdenv.lib.optionals pythonSupport [ libxml2.py python ]
     ++ stdenv.lib.optionals cryptoSupport [ libgcrypt ];
 
   propagatedBuildInputs = [ findXMLCatalogs ];
@@ -48,7 +48,7 @@ stdenv.mkDerivation rec {
     "--without-debug"
     "--without-mem-debug"
     "--without-debugger"
-  ] ++ optional pythonSupport "--with-python=${python2}"
+  ] ++ optional pythonSupport "--with-python=${python}"
     ++ optional (!cryptoSupport) "--without-crypto";
 
   postFixup = ''
@@ -58,7 +58,7 @@ stdenv.mkDerivation rec {
   '' + optionalString pythonSupport ''
     mkdir -p $py/nix-support
     echo ${libxml2.py} >> $py/nix-support/propagated-build-inputs
-    moveToOutput lib/python2.7 "$py"
+    moveToOutput ${python.libPrefix} "$py"
   '';
 
   passthru = {
diff --git a/pkgs/development/libraries/nspr/default.nix b/pkgs/development/libraries/nspr/default.nix
index f5e4843a826..23587cbef6b 100644
--- a/pkgs/development/libraries/nspr/default.nix
+++ b/pkgs/development/libraries/nspr/default.nix
@@ -2,7 +2,7 @@
 , CoreServices ? null
 , buildPackages }:
 
-let version = "4.22"; in
+let version = "4.23"; in
 
 stdenv.mkDerivation {
   pname = "nspr";
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "mirror://mozilla/nspr/releases/v${version}/src/nspr-${version}.tar.gz";
-    sha256 = "0c6ljv3bdqhc169srbpjy0cs52xk715p04zy08rcjvl54k6bdr69";
+    sha256 = "193p6i2r6wvpb4i04a9pxbqkxcn8rbcmwl81m4yp5xgs6w8857ab";
   };
 
   patches = [
diff --git a/pkgs/development/libraries/openal-soft/default.nix b/pkgs/development/libraries/openal-soft/default.nix
index 89ac85b752b..76f2861428d 100644
--- a/pkgs/development/libraries/openal-soft/default.nix
+++ b/pkgs/development/libraries/openal-soft/default.nix
@@ -20,6 +20,14 @@ stdenv.mkDerivation rec {
     sha256 = "0b0g0q1c36nfb289xcaaj3cmyfpiswvvgky3qyalsf9n4dj7vnzi";
   };
 
+  # this will make it find its own data files (e.g. HRTF profiles)
+  # without any other configuration
+  patches = [ ./search-out.patch ];
+  postPatch = ''
+    substituteInPlace Alc/helpers.c \
+      --replace "@OUT@" $out
+  '';
+
   nativeBuildInputs = [ cmake ];
 
   buildInputs = []
diff --git a/pkgs/development/libraries/openal-soft/search-out.patch b/pkgs/development/libraries/openal-soft/search-out.patch
new file mode 100644
index 00000000000..0f9c2abad3c
--- /dev/null
+++ b/pkgs/development/libraries/openal-soft/search-out.patch
@@ -0,0 +1,12 @@
+diff -Nuar a/Alc/helpers.c b/Alc/helpers.c
+--- a/Alc/helpers.c	1970-01-01 00:00:01.000000000 +0000
++++ b/Alc/helpers.c	1970-01-01 00:00:02.000000000 +0000
+@@ -951,6 +951,8 @@
+             }
+         }
+ 
++        DirectorySearch("@OUT@/share", ext, &results);
++
+         alstr_reset(&path);
+     }
+ 
diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix
index 9eef138c532..7bd3985c12b 100644
--- a/pkgs/development/libraries/openexr/default.nix
+++ b/pkgs/development/libraries/openexr/default.nix
@@ -1,4 +1,5 @@
-{ lib, stdenv, buildPackages, fetchurl, autoconf, automake, libtool, pkgconfig, zlib, ilmbase, }:
+{ lib, stdenv, buildPackages, fetchurl, autoconf, automake, libtool, pkgconfig,
+  zlib, ilmbase, fetchpatch }:
 
 let
   # Doesn't really do anything when not crosscompiling
@@ -16,6 +17,12 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./bootstrap.patch
+    (fetchpatch {
+      name = "CVE-2018-18444.patch";
+      url = "https://github.com/openexr/openexr/commit/1b0f1e5d7dcf2e9d6cbb4e005e803808b010b1e0.patch";
+      sha256 = "0f5m4wdwqqg8wfg7azzsz5yfpdrvws314rd4sqfc74j1g6wrcnqj";
+      stripLen = 1;
+    })
   ];
 
   outputs = [ "bin" "dev" "out" "doc" ];
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix
index 9fdf53a1372..05813bf29dc 100644
--- a/pkgs/development/libraries/polkit/default.nix
+++ b/pkgs/development/libraries/polkit/default.nix
@@ -28,8 +28,9 @@ stdenv.mkDerivation rec {
 
   patches = [
     # Don't use etc/dbus-1/system.d
+    # Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11
     (fetchpatch {
-      url = "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11.patch";
+      url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5dd4e22efd05d55833c4634b56e473812b5acbf2.patch";
       sha256 = "17lv7xj5ksa27iv4zpm4zwd4iy8zbwjj4ximslfq3sasiz9kxhlp";
     })
   ] ++ stdenv.lib.optionals stdenv.hostPlatform.isMusl [
author	Frederik Rietdijk <fridh@fridh.nl>	2019-11-03 14:01:48 +0100
committer	Frederik Rietdijk <fridh@fridh.nl>	2019-11-03 14:01:48 +0100
commit	57a079ab30fbd95bb65900740b258c0a600f8912 (patch)
tree	3b1486684a22cff0003bd6edaf9ecff42413634f /pkgs/development/libraries
parent	6ae60c48b09da20c73788df436a4aaaef49b51ae (diff)
parent	9d59d57d4504655a2b71a5fcf769978492525a43 (diff)
download	nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.gz nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.bz2 nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.lz nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.xz nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.tar.zst nixpkgs-57a079ab30fbd95bb65900740b258c0a600f8912.zip