diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2022-11-11 13:47:16 +0100 |
---|---|---|
committer | Robert Helgesson <robert@rycee.net> | 2022-11-11 14:19:52 +0100 |
commit | 8e840beaa2e8f0105a1423fa73c0df13565777f8 (patch) | |
tree | ac3604dbd42a8cac602b153425bd5ddda9b05864 /pkgs/tools/graphics/jhead | |
parent | fcde71fdb3fec4fad1d0d996d433cdbaad6d7528 (diff) | |
download | nixpkgs-8e840beaa2e8f0105a1423fa73c0df13565777f8.tar nixpkgs-8e840beaa2e8f0105a1423fa73c0df13565777f8.tar.gz nixpkgs-8e840beaa2e8f0105a1423fa73c0df13565777f8.tar.bz2 nixpkgs-8e840beaa2e8f0105a1423fa73c0df13565777f8.tar.lz nixpkgs-8e840beaa2e8f0105a1423fa73c0df13565777f8.tar.xz nixpkgs-8e840beaa2e8f0105a1423fa73c0df13565777f8.tar.zst nixpkgs-8e840beaa2e8f0105a1423fa73c0df13565777f8.zip |
jhead: patches for CVE-2022-41751
See https://nvd.nist.gov/vuln/detail/CVE-2022-41751 Also relevant: https://github.com/Matthias-Wandel/jhead/issues/60
Diffstat (limited to 'pkgs/tools/graphics/jhead')
-rw-r--r-- | pkgs/tools/graphics/jhead/default.nix | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/pkgs/tools/graphics/jhead/default.nix b/pkgs/tools/graphics/jhead/default.nix index 16e57252275..4fe1d30ed77 100644 --- a/pkgs/tools/graphics/jhead/default.nix +++ b/pkgs/tools/graphics/jhead/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, libjpeg }: +{ lib, stdenv, fetchFromGitHub, libjpeg, fetchpatch }: stdenv.mkDerivation rec { pname = "jhead"; @@ -11,6 +11,38 @@ stdenv.mkDerivation rec { sha256 = "0zgh36486cpcnf7xg6dwf7rhz2h4gpayqvdk8hmrx6y418b2pfyf"; }; + patches = [ + # Just a spelling/whitespace change, but makes it easier to apply the rest. + (fetchpatch { + url = "https://github.com/Matthias-Wandel/jhead/commit/8384c6fd2ebfb8eb8bd96616343e73af0e575131.patch"; + sha256 = "sha256-f3FOIqgFr5QPAsBjvUVAOf1CAqw8pNAVx+pZZuMjq3c="; + includes = [ "jhead.c" ]; + }) + (fetchpatch { + url = "https://github.com/Matthias-Wandel/jhead/commit/63aff8e9bd8c970fedf87f0ec3a1f3368bf2421e.patch"; + sha256 = "sha256-jyhGdWuwd/eP5uuS8uLYiTJZJdxxLYdsvl0jnQC+Y5c="; + includes = [ "jhead.c" ]; + }) + + # Fixes around CVE-2022-41751 + (fetchpatch { + url = "https://github.com/Matthias-Wandel/jhead/commit/6985da52c9ad4f5f6c247269cb5508fae34a971c.patch"; + sha256 = "sha256-8Uw0Udr9aZEMrD/0zS498MVw+rJqpFukvjb7FgzjgT4="; + }) + (fetchpatch { + url = "https://github.com/Matthias-Wandel/jhead/commit/3fe905cf674f8dbac8a89e58cee1b4850abf9530.patch"; + sha256 = "sha256-5995EV/pOktZc45c7fLl+oQqyutRDQJl3eNutR1JGJo="; + }) + (fetchpatch { + url = "https://github.com/joachim-reichel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062.patch"; + sha256 = "sha256-a3KogIV45cRNthJSPygIRw1m2KBJZJSIGSWfsr7FWs4="; + }) + (fetchpatch { + url = "https://github.com/joachim-reichel/jhead/commit/65de38cb68747c6f8397608b56b58ce15271a1fe.patch"; + sha256 = "sha256-xf0d2hxW4rVZwffrYJVVFQ3cDMOcPoGbCdrrQKxf16M="; + }) + ]; + buildInputs = [ libjpeg ]; makeFlags = [ "CPPFLAGS=" "CFLAGS=-O3" "LDFLAGS=" ]; |