diff options
author | Robert Scott <code@humanleg.org.uk> | 2019-11-13 15:54:41 +0000 |
---|---|---|
committer | Renaud <c0bw3b@users.noreply.github.com> | 2019-11-13 16:54:41 +0100 |
commit | a08e88c7e51bad9c6e74bc1efb0bc8b3baebdf64 (patch) | |
tree | 5e81087d5d4261ebdc4381d384795aed8e3a00a4 /pkgs/development/libraries/opencv | |
parent | ca6b6595392bab9e9b8b19c644167e637f4721e6 (diff) |
opencv4: add patches for CVE-2019-14491, CVE-2019-14492, CVE-2019-14493 & CVE-2019-15939
(#73073)
Diffstat (limited to 'pkgs/development/libraries/opencv')
-rw-r--r-- | pkgs/development/libraries/opencv/4.x.nix | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 8addc150555d0..51f84faa7d006 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -1,5 +1,5 @@ { lib, stdenv -, fetchurl, fetchFromGitHub +, fetchurl, fetchFromGitHub, fetchpatch , cmake, pkgconfig, unzip, zlib, pcre, hdf5 , glog, boost, google-gflags, protobuf , config @@ -160,6 +160,24 @@ stdenv.mkDerivation rec { cp --no-preserve=mode -r "${contribSrc}/modules" "$NIX_BUILD_TOP/source/opencv_contrib" ''; + patches = [ + (fetchpatch { + name = "CVE-2019-14491.CVE-2019-14492.patch"; + url = "https://github.com/opencv/opencv/pull/15150/commits/321c74ccd6077bdea1d47450ca4fe955cb5b6330.patch"; + sha256 = "03nxq24wsyszpl24i9fz3k06np75g9p4pqgnn1iw0nqdn7qds8pm"; + }) + (fetchpatch { + name = "CVE-2019-14493.patch"; + url = "https://github.com/opencv/opencv/pull/15145/commits/5691d998ead1d9b0542bcfced36c2dceb3a59023.patch"; + sha256 = "14qva9f5z10apz5q0skdyiclr9sgkhab4fzksy1w3b6j6hg4wm7m"; + }) + (fetchpatch { + name = "CVE-2019-15939.patch"; + url = "https://github.com/opencv/opencv/pull/15382/commits/5a497077f109d543ab86dfdf8add1c76c0e47d29.patch"; + sha256 = "18wqsss5zz3f6i1ih8gd17h2zrrqpgfd7jmc45v70gk30nmhcj5b"; + }) + ]; + # This prevents cmake from using libraries in impure paths (which # causes build failure on non NixOS) # Also, work around https://github.com/NixOS/nixpkgs/issues/26304 with |