diff options
author | Vladimír Čunát <v@cunat.cz> | 2024-03-07 07:50:25 +0100 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2024-03-07 07:50:25 +0100 |
commit | 022b4f2503a2f59c4852fa6fb2c1db9f51c29c04 (patch) | |
tree | fff6c21cb27c07d49a2075078638cbb71ec8a683 | |
parent | 5881a442e79913b648f6ba7cce199c1c21429ffb (diff) | |
parent | 1a5318e45ffb6ec05ff8e786f775daaa1bf17672 (diff) |
Merge older staging-23.11 into staging-next-23.11
-rw-r--r-- | pkgs/applications/graphics/ImageMagick/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/misc/fontforge/default.nix | 10 |
2 files changed, 11 insertions, 3 deletions
diff --git a/pkgs/applications/graphics/ImageMagick/default.nix b/pkgs/applications/graphics/ImageMagick/default.nix index 261df37e9aa9d..8fe391173d660 100644 --- a/pkgs/applications/graphics/ImageMagick/default.nix +++ b/pkgs/applications/graphics/ImageMagick/default.nix @@ -49,13 +49,13 @@ in stdenv.mkDerivation (finalAttrs: { pname = "imagemagick"; - version = "7.1.1-28"; + version = "7.1.1-29"; src = fetchFromGitHub { owner = "ImageMagick"; repo = "ImageMagick"; rev = finalAttrs.version; - hash = "sha256-WT058DZzMrNKn9E56dH476iCgeOi7QQ3jNBxKAqT6h4="; + hash = "sha256-W9WbHzmTa0dA9+mOxXu88qmN1mO9ORaH0Nj6r2s1Q+E="; }; outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big diff --git a/pkgs/tools/misc/fontforge/default.nix b/pkgs/tools/misc/fontforge/default.nix index c6e939d5b505f..d7a083baaf77c 100644 --- a/pkgs/tools/misc/fontforge/default.nix +++ b/pkgs/tools/misc/fontforge/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, lib +{ stdenv, fetchFromGitHub, lib, fetchpatch , cmake, uthash, pkg-config , python, freetype, zlib, glib, giflib, libpng, libjpeg, libtiff, libxml2, cairo, pango , readline, woff2, zeromq @@ -23,6 +23,14 @@ stdenv.mkDerivation rec { sha256 = "sha256-/RYhvL+Z4n4hJ8dmm+jbA1Ful23ni2DbCRZC5A3+pP0="; }; + patches = [ + (fetchpatch { + name = "CVE-2024-25081.CVE-2024-25082.patch"; + url = "https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429.patch"; + hash = "sha256-aRnir09FSQMT50keoB7z6AyhWAVBxjSQsTRvBzeBuHU="; + }) + ]; + # use $SOURCE_DATE_EPOCH instead of non-deterministic timestamps postPatch = '' find . -type f -name '*.c' -exec sed -r -i 's#\btime\(&(.+)\)#if (getenv("SOURCE_DATE_EPOCH")) \1=atol(getenv("SOURCE_DATE_EPOCH")); else &#g' {} \; |