diff options
| author | Thomas Gerbet <thomas@gerbet.me> | 2021-07-15 18:51:53 +0200 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2021-07-15 17:28:12 +0000 |
| commit | 04644c993de859e0ef5766253d5cbd79a6d509f7 (patch) | |
| tree | f54931d532e3223351c3ee99df3646d0cec5588f | |
| parent | Merge pull request #130245 from neonfuz/backport-129870-to-release-21.05 (diff) | |
| download | nixpkgs-04644c993de859e0ef5766253d5cbd79a6d509f7.tar.gz | |
fig2dev: apply patch for CVE-2021-3561
(cherry picked from commit 57aff6b0ae29df302511c60d979dfe8349bd8a92)
| -rw-r--r-- | pkgs/applications/graphics/fig2dev/default.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkgs/applications/graphics/fig2dev/default.nix b/pkgs/applications/graphics/fig2dev/default.nix index c7484f4cbfe7..31d14185dcd9 100644 --- a/pkgs/applications/graphics/fig2dev/default.nix +++ b/pkgs/applications/graphics/fig2dev/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchurl +, fetchpatch , ghostscript , libpng , makeWrapper @@ -20,6 +21,15 @@ stdenv.mkDerivation rec { sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3"; }; + patches = [ + (fetchpatch { + name = "CVE-2021-3561.patch"; + # Using Debian patch since it is not possible to download it directly from Sourceforge + url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch"; + sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs"; + }) + ]; + nativeBuildInputs = [ makeWrapper ]; buildInputs = [ libpng ]; |