diff options
author | Justin Humm <justin.humm@posteo.de> | 2019-11-07 01:46:24 +0100 |
---|---|---|
committer | Justin Humm <justin.humm@posteo.de> | 2019-11-07 02:05:28 +0100 |
commit | 6310531fe2f75e535a8abc6e62adbd65bca5c904 (patch) | |
tree | 2842fbab8f050d257b9e666af782e29fa8984eb0 /pkgs/development/libraries/libexif/default.nix | |
parent | 997bd95b3be694042e9fe940ae8237603ceed441 (diff) |
libexif: fix CVE-2018-20030
Also: - Use GitHub as source for CVE-2017-7544.patch [0]. The resulting patch is identical, but comes in a different format. - Update the website, as http://libexif.sourceforge.net/ shows only a move notice. - Add erictapen as maintainer. [0] https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a
Diffstat (limited to 'pkgs/development/libraries/libexif/default.nix')
-rw-r--r-- | pkgs/development/libraries/libexif/default.nix | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/pkgs/development/libraries/libexif/default.nix b/pkgs/development/libraries/libexif/default.nix index 5a8f5126680e8..98556c474ef84 100644 --- a/pkgs/development/libraries/libexif/default.nix +++ b/pkgs/development/libraries/libexif/default.nix @@ -9,21 +9,30 @@ stdenv.mkDerivation rec { }; patches = [ - (fetchpatch { - name = "CVE-2017-7544.patch"; - url = https://sourceforge.net/p/libexif/bugs/_discuss/thread/fc394c4b/489a/attachment/xx.pat; - sha256 = "1qgk8hgnxr8d63jsc4vljxz9yg33mbml280dq4a6050rmk9wq4la"; - }) + (fetchpatch { + name = "CVE-2017-7544.patch"; + url = "https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a.patch"; + sha256 = "0xgx6ly2i4q05shb61mfx6njwf1yp347jkznm0ka4m85i41xm6sd"; + }) + (fetchpatch { + name = "CVE-2018-20030-1.patch"; + url = "https://github.com/libexif/libexif/commit/5d28011c40ec86cf52cffad541093d37c263898a.patch"; + sha256 = "1wv8s962wmbn2m2xypgirf12g6msrbplpsmd5bh86irfwhkcppj3"; + }) + # This is basically + # https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch, + # but without the addition to ./NEWS + ./CVE-2018-20030-2.patch ]; - patchFlags = "-p0"; buildInputs = [ gettext ]; meta = { - homepage = http://libexif.sourceforge.net/; + homepage = https://libexif.github.io/; description = "A library to read and manipulate EXIF data in digital photographs"; license = stdenv.lib.licenses.lgpl21; platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.erictapen ]; }; } |