diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2019-02-20 09:38:45 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2019-02-20 09:38:45 +0100 |
commit | 32767d139f28fd3c00d687c04ec406258f7341e7 (patch) | |
tree | b049aa5d798a9fa2555882c788592a0640928ba2 /pkgs/development/libraries/cairo | |
parent | 28d983fe25bcf853dfd38663f333d4c522f613cc (diff) | |
parent | e20188f181ca51882984daaee237a95f2fc5e7c9 (diff) |
Merge branch 'staging-next'
This round is without the systemd CVE, as we don't have binaries for that yet. BTW, I just ignore darwin binaries these days, as I'd have to wait for weeks for them.
Diffstat (limited to 'pkgs/development/libraries/cairo')
-rw-r--r-- | pkgs/development/libraries/cairo/default.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/pkgs/development/libraries/cairo/default.nix b/pkgs/development/libraries/cairo/default.nix index 5e099cc121a96..845b09053ad4e 100644 --- a/pkgs/development/libraries/cairo/default.nix +++ b/pkgs/development/libraries/cairo/default.nix @@ -1,4 +1,4 @@ -{ config, stdenv, fetchurl, pkgconfig, libiconv +{ config, stdenv, fetchurl, fetchpatch, pkgconfig, libiconv , libintl, expat, zlib, libpng, pixman, fontconfig, freetype, xorg , gobjectSupport ? true, glib , xcbSupport ? true # no longer experimental since 1.12 @@ -22,6 +22,19 @@ in stdenv.mkDerivation rec { sha256 = "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy"; }; + patches = [ + # Fixes CVE-2018-19876; see Nixpkgs issue #55384 + # CVE information: https://nvd.nist.gov/vuln/detail/CVE-2018-19876 + # Upstream PR: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 + # + # This patch is the merged commit from the above PR. + (fetchpatch { + name = "CVE-2018-19876.patch"; + url = "https://gitlab.freedesktop.org/cairo/cairo/commit/6edf572ebb27b00d3c371ba5ae267e39d27d5b6d.patch"; + sha256 = "112hgrrsmcwxh1r52brhi5lksq4pvrz4xhkzcf2iqp55jl2pb7n1"; + }) + ]; + outputs = [ "out" "dev" "devdoc" ]; outputBin = "dev"; # very small |