diff --git a/pkgs/desktops/gnome-3/core/libcroco/default.nix b/pkgs/desktops/gnome-3/core/libcroco/default.nix index 4141afeb821d..744ec3c2fe62 100644 --- a/pkgs/desktops/gnome-3/core/libcroco/default.nix +++ b/pkgs/desktops/gnome-3/core/libcroco/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, libxml2, glib }: +{ stdenv, fetchurl, pkgconfig, libxml2, glib, fetchpatch }: stdenv.mkDerivation rec { name = "libcroco-0.6.12"; @@ -8,6 +8,19 @@ stdenv.mkDerivation rec { sha256 = "0q7qhi7z64i26zabg9dbs5706fa8pmzp1qhpa052id4zdiabbi6x"; }; + patches = [ + (fetchpatch { + name = "CVE-2017-7960.patch"; + url = "https://git.gnome.org/browse/libcroco/patch/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394"; + sha256 = "1xjwdqijxf4b7mhdp3kkgnb6c14y0bn3b3gg79kyrm82x696d94l"; + }) + (fetchpatch { + name = "CVE-2017-7961.patch"; + url = "https://git.gnome.org/browse/libcroco/patch/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7"; + sha256 = "0zakd72ynzjgzskwyvqglqiznsb93j1bkvc1lgyrzgv9rwrbwv9s"; + }) + ]; + outputs = [ "out" "dev" ]; outputBin = "dev";