Merge #175627: staging-next-21.11: iteration 16

author: Vladimír Čunát <v@cunat.cz> 2022-06-05 16:27:03 +0200
committer: Vladimír Čunát <v@cunat.cz> 2022-06-05 16:27:03 +0200
commit: 5986ddf62ab2f61490f6adddecd0c68e746cc93e (patch)
tree: 7b3d2530008d9c0ba7dcbb37aafef8370cd73593
parent: zoneminder: 1.36.10 -> 1.36.15 (diff)
parent: Merge release-21.11 into staging-next-21.11 (diff)
download: nixpkgs-5986ddf62ab2f61490f6adddecd0c68e746cc93e.tar.gz
3 files changed, 27 insertions, 2 deletions
diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix
index a718ed697ded..b2b86d966f06 100644
--- a/pkgs/development/interpreters/python/default.nix
+++ b/pkgs/development/interpreters/python/default.nix
@@ -123,10 +123,10 @@ with pkgs;
       sourceVersion = {
         major = "3";
         minor = "9";
-        patch = "12";
+        patch = "13";
         suffix = "";
       };
-      sha256 = "sha256-LNlLIGcOQVnG2atX+R2/JVuX2MGhRR0cNfTsGWit+XE=";
+      sha256 = "sha256-ElsMWY8eFdKqZUBug/eS330XHN84wWgDsUmZQxajCA8=";
     };
     python310 = {
       sourceVersion = {
diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix
index c772dbddf6d7..de827a0f2c0e 100644
--- a/pkgs/development/libraries/libtiff/default.nix
+++ b/pkgs/development/libraries/libtiff/default.nix
@@ -80,6 +80,16 @@ stdenv.mkDerivation rec {
       url = "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85.patch";
       sha256 = "0i61kkjaixdn2p933lpma9s6i0772vhxjxxcwyqagw96lmszrcm7";
     })
+    (fetchpatch {
+      name = "CVE-2022-1354.patch";
+      url = "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798.patch";
+      sha256 = "0171c662xiv3295x4wsq6qq0v90js51j54vsl7wm043kjkrp1fsb";
+    })
+    (fetchpatch {
+      name = "CVE-2022-1355.patch";
+      url = "https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2.patch";
+      sha256 = "1y75c72s41pl39d5zr5pmkiyfrancllv8fbl10zvc67pg3qjq4v8";
+    })
   ];
 
   outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ];
diff --git a/pkgs/misc/cups/default.nix b/pkgs/misc/cups/default.nix
index 1d467f0a5347..405c29cd9e2a 100644
--- a/pkgs/misc/cups/default.nix
+++ b/pkgs/misc/cups/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchurl
+, fetchpatch
 , pkg-config
 , removeReferencesTo
 , zlib
@@ -40,6 +41,20 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "lib" "dev" "man" ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-26691.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444.patch";
+      sha256 = "sha256-IKOtV7bCS6PstwK6YqnYRYTeH562jWwkley86p+6Of8=";
+      excludes = [ "CHANGES.md" ];
+    })
+    (fetchpatch {
+      name = "CVE-2022-26691-fix-comment.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1.patch";
+      sha256 = "sha256-dVopmr34c9N5H2ZZz52rXVnHQBuDTNo8M40x9455+jQ=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace cups/testfile.c \
       --replace 'cupsFileFind("cat", "/bin' 'cupsFileFind("cat", "${coreutils}/bin'
author	Vladimír Čunát <v@cunat.cz>	2022-06-05 16:27:03 +0200
committer	Vladimír Čunát <v@cunat.cz>	2022-06-05 16:27:03 +0200
commit	5986ddf62ab2f61490f6adddecd0c68e746cc93e (patch)
tree	7b3d2530008d9c0ba7dcbb37aafef8370cd73593
parent	zoneminder: 1.36.10 -> 1.36.15 (diff)
parent	Merge release-21.11 into staging-next-21.11 (diff)
download	nixpkgs-5986ddf62ab2f61490f6adddecd0c68e746cc93e.tar.gz