summaryrefslogtreecommitdiff
path: root/pkgs/applications/graphics/graphicsmagick/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/applications/graphics/graphicsmagick/default.nix')
-rw-r--r--pkgs/applications/graphics/graphicsmagick/default.nix22
1 files changed, 18 insertions, 4 deletions
diff --git a/pkgs/applications/graphics/graphicsmagick/default.nix b/pkgs/applications/graphics/graphicsmagick/default.nix
index 70d8feaa2753..2e573e09b31a 100644
--- a/pkgs/applications/graphics/graphicsmagick/default.nix
+++ b/pkgs/applications/graphics/graphicsmagick/default.nix
@@ -1,6 +1,6 @@
-{stdenv, fetchurl, bzip2, freetype, graphviz, ghostscript
-, libjpeg, libpng, libtiff, libxml2, zlib, libtool, xz
-, libX11, libwebp, quantumdepth ? 8}:
+{ stdenv, fetchurl, fetchpatch, bzip2, freetype, graphviz, ghostscript
+, libjpeg, libpng, libtiff, libxml2, zlib, libtool, xz, libX11
+, libwebp, quantumdepth ? 8 }:
let version = "1.3.25"; in
@@ -12,7 +12,21 @@ stdenv.mkDerivation {
sha256 = "17xcc7pfcmiwpfr1g8ys5a7bdnvqzka53vg3kkzhwwz0s99gljyn";
};
- patches = [ ./disable-popen.patch ];
+ patches = [
+ ./disable-popen.patch
+ (fetchpatch {
+ url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7996_CVE-2016-7997.patch";
+ sha256 = "0xsby2z8n7cnnln7szjznq7iaabq323wymvdjra59yb41aix74r2";
+ })
+ (fetchpatch {
+ url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part1.patch";
+ sha256 = "02s0x9bkbnm5wrd0d2x9ld4d9z5xqpfk310lyylyr5zlnhqxmwgn";
+ })
+ (fetchpatch {
+ url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part2.patch";
+ sha256 = "1h4xv3i1aq5avsd584rwa5sa7ca8f7w9ggmh7j2llqq5kymwsv5f";
+ })
+ ];
configureFlags = [
"--enable-shared"
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 04:51:44 +0000