summary refs log tree commit diff
path: root/pkgs/tools/graphics/graphviz/base.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/graphics/graphviz/base.nix')
-rw-r--r--pkgs/tools/graphics/graphviz/base.nix9
1 files changed, 8 insertions, 1 deletions
diff --git a/pkgs/tools/graphics/graphviz/base.nix b/pkgs/tools/graphics/graphviz/base.nix
index 000e2b28089..1a387042b2d 100644
--- a/pkgs/tools/graphics/graphviz/base.nix
+++ b/pkgs/tools/graphics/graphviz/base.nix
@@ -21,7 +21,14 @@ let
     buildCommand = "sed s/dot_root/agroot/g ${raw_patch} > $out";
   };
   # 2.42 has the patch included
-  patches = optional (lib.versionOlder version "2.42") patchToUse;
+  patches = optional (lib.versionOlder version "2.42") patchToUse
+  ++ optionals (lib.versionOlder version "2.46.0") [
+    (fetchpatch {
+      name = "CVE-2020-18032.patch";
+      url = "https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b.patch";
+      sha256 = "1nkw9ism8lkfvxsp5fh95i2l5s5cbjsidbb3g1kjfv10rxkyb41m";
+    })
+  ];
 in
 
 stdenv.mkDerivation {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-30 17:06:34 +0000