summary refs log tree commit diff
path: root/pkgs/development/libraries/exiv2
diff options
context:
space:
mode:
authorVladimír Čunát <vcunat@gmail.com>2015-02-05 12:16:25 +0100
committerVladimír Čunát <vcunat@gmail.com>2015-02-07 06:48:21 +0100
commitda3105d5385d6feb2b655c6d1ecbbbbc26a544c9 (patch)
tree8a82171fd0b8a1327e97459c82b5da4d125e76d4 /pkgs/development/libraries/exiv2
parent529e2b281a9bcc707b27f911bc1490bebebe4f53 (diff)
exiv2: fix CVE-2014-9449 by upstream patch
It's just a crash fix, not a "real" vulnerability.
Diffstat (limited to 'pkgs/development/libraries/exiv2')
-rw-r--r--pkgs/development/libraries/exiv2/default.nix14
1 files changed, 10 insertions, 4 deletions
diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix
index 22b6cf242c80d..0702d24a80b8f 100644
--- a/pkgs/development/libraries/exiv2/default.nix
+++ b/pkgs/development/libraries/exiv2/default.nix
@@ -1,15 +1,21 @@
-{stdenv, fetchurl, zlib, expat}:
+{stdenv, fetchurl, fetchpatch, zlib, expat}:
 
 stdenv.mkDerivation rec {
   name = "exiv2-0.24";
-  
+
   src = fetchurl {
     url = "http://www.exiv2.org/${name}.tar.gz";
     sha256 = "13pgvz14kyapxl89pxjaq3274k56d5lzfckpg1g9z7gvqzk4797l";
   };
-  
+
+  patches = [(fetchpatch {
+    name = "CVE-2014-9449.diff";
+    url = "http://dev.exiv2.org/projects/exiv2/repository/revisions/3264/diff?format=diff&rev_to=3263";
+    sha256 = "02w0fksl966d4v6bkg6rq3wmvv8xjpvfp47qr0nv1xq0bphxqzag";
+  })];
+
   propagatedBuildInputs = [zlib expat];
-  
+
 # configure script finds zlib&expat but it thinks that they're in /usr
   configureFlags = "--with-zlib=${zlib} --with-expat=${expat}";