JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #47229 from symphorien/CVE-2018-10196

Browse Source 
graphviz: fix CVE-2018-10196
This commit is contained in:
Michael Raskin 2019-01-21 11:21:58 +00:00 committed by GitHub
commit 0e0dd9478d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkgs/tools/graphics/graphviz/base.nix
View File

@ -2,12 +2,26 @@
{ stdenv, fetchFromGitLab, autoreconfHook, pkgconfig, cairo, expat, flex { stdenv, fetchFromGitLab, autoreconfHook, pkgconfig, cairo, expat, flex
, fontconfig, gd, gettext, gts, libdevil, libjpeg, libpng, libtool, pango , fontconfig, gd, gettext, gts, libdevil, libjpeg, libpng, libtool, pango
, yacc, xorg ? null, ApplicationServices ? null }: , yacc, fetchpatch, xorg ? null, ApplicationServices ? null }:
assert stdenv.isDarwin -> ApplicationServices != null; assert stdenv.isDarwin -> ApplicationServices != null;
let let
inherit (stdenv.lib) optionals optionalString; inherit (stdenv.lib) optionals optionalString;
raw_patch =
# https://gitlab.com/graphviz/graphviz/issues/1367 CVE-2018-10196
fetchpatch {
name = "CVE-2018-10196.patch";
url = https://gitlab.com/graphviz/graphviz/uploads/30f8f0b00e357c112ac35fb20241604a/p.diff;
sha256 = "074qx6ch9blrnlilmz7p96fkiz2va84x2fbqdza5k4808rngirc7";
excludes = ["tests/*"]; # we don't run them and they don't apply
};
# the patch needs a small adaption for older versions
patch = if stdenv.lib.versionAtLeast version "2.37" then raw_patch else
stdenv.mkDerivation {
inherit (raw_patch) name;
buildCommand = "sed s/dot_root/agroot/g ${raw_patch} > $out";
};
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -37,6 +51,10 @@ stdenv.mkDerivation rec {
"--with-ltdl-include=${libtool}/include" "--with-ltdl-include=${libtool}/include"
] ++ stdenv.lib.optional (xorg == null) [ "--without-x" ]; ] ++ stdenv.lib.optional (xorg == null) [ "--without-x" ];
patches = [
patch
];
postPatch = '' postPatch = ''
for f in $(find . -name Makefile.in); do for f in $(find . -name Makefile.in); do
substituteInPlace $f --replace "-lstdc++" "-lc++" substituteInPlace $f --replace "-lstdc++" "-lc++"

4
pkgs/top-level/all-packages.nix
View File

@ -3090,9 +3090,9 @@ in
* that do want 2.32 but not 2.0 or 2.36. Please give a day's notice for * that do want 2.32 but not 2.0 or 2.36. Please give a day's notice for
* objections before removal. The feature is libgraph. * objections before removal. The feature is libgraph.
*/ */
graphviz_2_32 = lib.overrideDerivation (callPackage ../tools/graphics/graphviz/2.32.nix { graphviz_2_32 = (callPackage ../tools/graphics/graphviz/2.32.nix {
inherit (darwin.apple_sdk.frameworks) ApplicationServices; inherit (darwin.apple_sdk.frameworks) ApplicationServices;
}) (x: { configureFlags = x.configureFlags ++ ["--with-cgraph=no"];}); }).overrideAttrs(x: { configureFlags = x.configureFlags ++ ["--with-cgraph=no"];});
grin = callPackage ../tools/text/grin { }; grin = callPackage ../tools/text/grin { };