diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-10-13 23:53:43 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-10-14 00:02:30 +0200 |
commit | 4771ccd896e8355a025900d75a9c4b104d6439e1 (patch) | |
tree | f2dcda15412f86986a89e02616560fc240fd2695 /pkgs/applications/graphics/graphicsmagick | |
parent | c766c7f095ee24fa45f9e8e3449e3a7a3e4fdcbf (diff) |
graphicsmagick: apply patches to fix security issues
Fixes CVE-2016-7996, CVE-2016-7996, CVE-2016-7800. cc #19481
Diffstat (limited to 'pkgs/applications/graphics/graphicsmagick')
-rw-r--r-- | pkgs/applications/graphics/graphicsmagick/default.nix | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/pkgs/applications/graphics/graphicsmagick/default.nix b/pkgs/applications/graphics/graphicsmagick/default.nix index 70d8feaa2753e..2e573e09b31af 100644 --- a/pkgs/applications/graphics/graphicsmagick/default.nix +++ b/pkgs/applications/graphics/graphicsmagick/default.nix @@ -1,6 +1,6 @@ -{stdenv, fetchurl, bzip2, freetype, graphviz, ghostscript -, libjpeg, libpng, libtiff, libxml2, zlib, libtool, xz -, libX11, libwebp, quantumdepth ? 8}: +{ stdenv, fetchurl, fetchpatch, bzip2, freetype, graphviz, ghostscript +, libjpeg, libpng, libtiff, libxml2, zlib, libtool, xz, libX11 +, libwebp, quantumdepth ? 8 }: let version = "1.3.25"; in @@ -12,7 +12,21 @@ stdenv.mkDerivation { sha256 = "17xcc7pfcmiwpfr1g8ys5a7bdnvqzka53vg3kkzhwwz0s99gljyn"; }; - patches = [ ./disable-popen.patch ]; + patches = [ + ./disable-popen.patch + (fetchpatch { + url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7996_CVE-2016-7997.patch"; + sha256 = "0xsby2z8n7cnnln7szjznq7iaabq323wymvdjra59yb41aix74r2"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part1.patch"; + sha256 = "02s0x9bkbnm5wrd0d2x9ld4d9z5xqpfk310lyylyr5zlnhqxmwgn"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part2.patch"; + sha256 = "1h4xv3i1aq5avsd584rwa5sa7ca8f7w9ggmh7j2llqq5kymwsv5f"; + }) + ]; configureFlags = [ "--enable-shared" |