Merge older staging-23.11 into staging-next-23.11

author: Vladimír Čunát <v@cunat.cz> 2024-03-07 07:50:25 +0100
committer: Vladimír Čunát <v@cunat.cz> 2024-03-07 07:50:25 +0100
commit: 022b4f2503a2f59c4852fa6fb2c1db9f51c29c04 (patch)
tree: fff6c21cb27c07d49a2075078638cbb71ec8a683 /pkgs/tools/misc
parent: 5881a442e79913b648f6ba7cce199c1c21429ffb (diff)
parent: 1a5318e45ffb6ec05ff8e786f775daaa1bf17672 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/misc/fontforge/default.nix b/pkgs/tools/misc/fontforge/default.nix
index c6e939d5b505f..d7a083baaf77c 100644
--- a/pkgs/tools/misc/fontforge/default.nix
+++ b/pkgs/tools/misc/fontforge/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, lib
+{ stdenv, fetchFromGitHub, lib, fetchpatch
 , cmake, uthash, pkg-config
 , python, freetype, zlib, glib, giflib, libpng, libjpeg, libtiff, libxml2, cairo, pango
 , readline, woff2, zeromq
@@ -23,6 +23,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-/RYhvL+Z4n4hJ8dmm+jbA1Ful23ni2DbCRZC5A3+pP0=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-25081.CVE-2024-25082.patch";
+      url = "https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429.patch";
+      hash = "sha256-aRnir09FSQMT50keoB7z6AyhWAVBxjSQsTRvBzeBuHU=";
+    })
+  ];
+
   # use $SOURCE_DATE_EPOCH instead of non-deterministic timestamps
   postPatch = ''
     find . -type f -name '*.c' -exec sed -r -i 's#\btime\(&(.+)\)#if (getenv("SOURCE_DATE_EPOCH")) \1=atol(getenv("SOURCE_DATE_EPOCH")); else &#g' {} \;
author	Vladimír Čunát <v@cunat.cz>	2024-03-07 07:50:25 +0100
committer	Vladimír Čunát <v@cunat.cz>	2024-03-07 07:50:25 +0100
commit	022b4f2503a2f59c4852fa6fb2c1db9f51c29c04 (patch)
tree	fff6c21cb27c07d49a2075078638cbb71ec8a683 /pkgs/tools/misc
parent	5881a442e79913b648f6ba7cce199c1c21429ffb (diff)
parent	1a5318e45ffb6ec05ff8e786f775daaa1bf17672 (diff)