Merge #55894: cairo: apply patch for CVE-2018-19876
(cherry picked from commit bad2db31b7
)
Forward-picked from staging to staging-next;
it's a trivial patch and we now rebuild anyway due to unzip.
This commit is contained in:
parent
f7f1a2f54e
commit
21531d353b
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, pkgconfig, libiconv
|
||||
{ stdenv, fetchurl, fetchpatch, pkgconfig, libiconv
|
||||
, libintl, expat, zlib, libpng, pixman, fontconfig, freetype, xorg
|
||||
, gobjectSupport ? true, glib
|
||||
, xcbSupport ? true # no longer experimental since 1.12
|
||||
@ -20,6 +20,19 @@ in stdenv.mkDerivation rec {
|
||||
sha256 = "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Fixes CVE-2018-19876; see Nixpkgs issue #55384
|
||||
# CVE information: https://nvd.nist.gov/vuln/detail/CVE-2018-19876
|
||||
# Upstream PR: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
|
||||
#
|
||||
# This patch is the merged commit from the above PR.
|
||||
(fetchpatch {
|
||||
name = "CVE-2018-19876.patch";
|
||||
url = "https://gitlab.freedesktop.org/cairo/cairo/commit/6edf572ebb27b00d3c371ba5ae267e39d27d5b6d.patch";
|
||||
sha256 = "112hgrrsmcwxh1r52brhi5lksq4pvrz4xhkzcf2iqp55jl2pb7n1";
|
||||
})
|
||||
];
|
||||
|
||||
outputs = [ "out" "dev" "devdoc" ];
|
||||
outputBin = "dev"; # very small
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user