about summary refs log tree commit diff
path: root/pkgs/misc/cups
diff options
context:
space:
mode:
authorMartin Weinelt <mweinelt@users.noreply.github.com>2022-05-28 12:47:43 +0200
committerGitHub <noreply@github.com>2022-05-28 12:47:43 +0200
commit68b24492ec6ff7784bafa1b7b99422f07a1c6973 (patch)
treee51ccd9980ed31a51289db441f2daffd8f3e153f /pkgs/misc/cups
parentd5926bccbe946c85c74ac787b0a9ff7bbb132a77 (diff)
parentc590c23f495a04ede004b9f0cfbc48a07765afce (diff)
Merge pull request #174898 from LeSuisse/cups-2.4.2
Diffstat (limited to 'pkgs/misc/cups')
-rw-r--r--pkgs/misc/cups/default.nix20
1 files changed, 17 insertions, 3 deletions
diff --git a/pkgs/misc/cups/default.nix b/pkgs/misc/cups/default.nix
index af43c55072c33..c30833937be87 100644
--- a/pkgs/misc/cups/default.nix
+++ b/pkgs/misc/cups/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchurl
+, fetchpatch
 , pkg-config
 , removeReferencesTo
 , zlib
@@ -26,19 +27,32 @@ stdenv.mkDerivation rec {
   pname = "cups";
 
   # After 2.2.6, CUPS requires headers only available in macOS 10.12+
-  version = if stdenv.isDarwin then "2.2.6" else "2.4.1";
+  version = if stdenv.isDarwin then "2.2.6" else "2.4.2";
 
   src = fetchurl (if stdenv.isDarwin then {
     url = "https://github.com/apple/cups/releases/download/v${version}/cups-${version}-source.tar.gz";
     sha256 = "16qn41b84xz6khrr2pa2wdwlqxr29rrrkjfi618gbgdkq9w5ff20";
   } else {
     url = "https://github.com/OpenPrinting/cups/releases/download/v${version}/cups-${version}-source.tar.gz";
-    sha256 = "sha256-xzOfdfjU8t7FDGczQaRfwGtohbttQ2bWv1mk5sEK4Xg=";
+    sha256 = "sha256-8DzLQLCH0eMJQKQOAUHcu6Jj85l0wg658lIQZsnGyQg=";
   });
 
   outputs = [ "out" "lib" "dev" "man" ];
 
-  patches = lib.optional (version == "2.2.6") ./0001-TargetConditionals.patch;
+  patches = lib.optionals (version == "2.2.6") [
+    ./0001-TargetConditionals.patch
+    (fetchpatch {
+      name = "CVE-2022-26691.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444.patch";
+      sha256 = "sha256-IKOtV7bCS6PstwK6YqnYRYTeH562jWwkley86p+6Of8=";
+      excludes = [ "CHANGES.md" ];
+    })
+    (fetchpatch {
+      name = "CVE-2022-26691-fix-comment.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1.patch";
+      sha256 = "sha256-dVopmr34c9N5H2ZZz52rXVnHQBuDTNo8M40x9455+jQ=";
+    })
+  ];
 
   postPatch = ''
     substituteInPlace cups/testfile.c \