From aa9fbd036f1da94b13c3fbaf822dd3915b4213cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 10 Dec 2017 10:57:29 +0100 Subject: [PATCH] openexr: upstream security patch /cc #32459. --- pkgs/development/libraries/openexr/default.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix index 27a9860c8683..d2d8b686f35c 100644 --- a/pkgs/development/libraries/openexr/default.nix +++ b/pkgs/development/libraries/openexr/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, zlib, ilmbase }: +{ lib, stdenv, fetchurl, fetchpatch, autoconf, automake, libtool, pkgconfig, zlib, ilmbase }: stdenv.mkDerivation rec { name = "openexr-${lib.getVersion ilmbase}"; @@ -8,6 +8,18 @@ stdenv.mkDerivation rec { sha256 = "0ca2j526n4wlamrxb85y2jrgcv0gf21b3a19rr0gh4rjqkv1581n"; }; + patches = [ + ./bootstrap.patch + (fetchpatch { + # https://github.com/openexr/openexr/issues/232 + # https://github.com/openexr/openexr/issues/238 + name = "CVE-2017-12596.patch"; + url = "https://github.com/openexr/openexr/commit/f09f5f26c1924.patch"; + sha256 = "1d014da7c8cgbak5rgr4mq6wzm7kwznb921pr7nlb52vlfvqp4rs"; + stripLen = 1; + }) + ]; + outputs = [ "bin" "dev" "out" "doc" ]; preConfigure = '' @@ -20,8 +32,6 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - patches = [ ./bootstrap.patch ]; - meta = with stdenv.lib; { homepage = http://www.openexr.com/; license = licenses.bsd3;