diff options
author | Emily <vcs@emily.moe> | 2024-10-03 14:24:35 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-10-03 14:24:35 +0100 |
commit | 36ac3afdab6742dfbb315eefda11154743c4cc0f (patch) | |
tree | af930bdb1c101414614316d26b5d386333f366e0 | |
parent | df27247e6f3e636c119e2610bf12d38b5e98cc79 (diff) | |
parent | f290b27df298947d8694e6161a79ae113df93bba (diff) |
[Backport release-24.05] jbigkit: add patch to fix security issue CVE-2017-9937 (#346161) release-24.05
-rw-r--r-- | pkgs/development/libraries/jbigkit/default.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/pkgs/development/libraries/jbigkit/default.nix b/pkgs/development/libraries/jbigkit/default.nix index 40a46041caa2c..a98db9f8b21e8 100644 --- a/pkgs/development/libraries/jbigkit/default.nix +++ b/pkgs/development/libraries/jbigkit/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { pname = "jbigkit"; @@ -9,6 +9,19 @@ stdenv.mkDerivation rec { sha256 = "0cnrcdr1dwp7h7m0a56qw09bv08krb37mpf7cml5sjdgpyv0cwfy"; }; + patches = [ + # Archlinux patch: this helps users to reduce denial-of-service risks, as in CVE-2017-9937 + (fetchpatch { + url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/0013-new-jbig.c-limit-s-maxmem-maximum-decoded-image-size.patch"; + hash = "sha256-Yq5qCTF7KZTrm4oeWbpctb+QLt3shJUGEReZvd0ey9k="; + }) + # Archlinux patch: fix heap overflow + (fetchpatch { + url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/0015-jbg_newlen-check-for-end-of-file-within-MARKER_NEWLE.patch"; + hash = "sha256-F3qA/btR9D9NfzrNY76X4Z6vG6NrisI36SjCDjS+F5s="; + }) + ]; + makeFlags = [ "CC=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc" "AR=${lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}ar" |