Merge pull request #174901 from LeSuisse/cups-CVE-2022-26691-21.11

author: Martin Weinelt <mweinelt@users.noreply.github.com> 2022-05-28 12:23:15 +0200
committer: GitHub <noreply@github.com> 2022-05-28 12:23:15 +0200
commit: 69970cc8e299d467fc9589f94480a34b6c2ef676 (patch)
tree: 510a8bedc3f3c608241acdaf439d5ab8586e5328
parent: Merge staging-next-21.11 into staging-21.11 (diff)
parent: cups: fixes CVE-2022-26691 (diff)
download: nixpkgs-69970cc8e299d467fc9589f94480a34b6c2ef676.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/pkgs/misc/cups/default.nix b/pkgs/misc/cups/default.nix
index 1d467f0a5347..405c29cd9e2a 100644
--- a/pkgs/misc/cups/default.nix
+++ b/pkgs/misc/cups/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchurl
+, fetchpatch
 , pkg-config
 , removeReferencesTo
 , zlib
@@ -40,6 +41,20 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "lib" "dev" "man" ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-26691.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444.patch";
+      sha256 = "sha256-IKOtV7bCS6PstwK6YqnYRYTeH562jWwkley86p+6Of8=";
+      excludes = [ "CHANGES.md" ];
+    })
+    (fetchpatch {
+      name = "CVE-2022-26691-fix-comment.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1.patch";
+      sha256 = "sha256-dVopmr34c9N5H2ZZz52rXVnHQBuDTNo8M40x9455+jQ=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace cups/testfile.c \
       --replace 'cupsFileFind("cat", "/bin' 'cupsFileFind("cat", "${coreutils}/bin'
author	Martin Weinelt <mweinelt@users.noreply.github.com>	2022-05-28 12:23:15 +0200
committer	GitHub <noreply@github.com>	2022-05-28 12:23:15 +0200
commit	69970cc8e299d467fc9589f94480a34b6c2ef676 (patch)
tree	510a8bedc3f3c608241acdaf439d5ab8586e5328
parent	Merge staging-next-21.11 into staging-21.11 (diff)
parent	cups: fixes CVE-2022-26691 (diff)
download	nixpkgs-69970cc8e299d467fc9589f94480a34b6c2ef676.tar.gz