fontforge: add patch for CVE-2024-25081 & CVE-2024-25082

This commit is contained in:
Robert Scott 2024-02-27 22:02:44 +00:00
parent 5d1b96ebf2
commit 3438e132dd

View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, lib
{ stdenv, fetchFromGitHub, lib, fetchpatch
, cmake, uthash, pkg-config
, python, freetype, zlib, glib, giflib, libpng, libjpeg, libtiff, libxml2, cairo, pango
, readline, woff2, zeromq
@ -23,6 +23,14 @@ stdenv.mkDerivation rec {
sha256 = "sha256-/RYhvL+Z4n4hJ8dmm+jbA1Ful23ni2DbCRZC5A3+pP0=";
};
patches = [
(fetchpatch {
name = "CVE-2024-25081.CVE-2024-25082.patch";
url = "https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429.patch";
hash = "sha256-aRnir09FSQMT50keoB7z6AyhWAVBxjSQsTRvBzeBuHU=";
})
];
# use $SOURCE_DATE_EPOCH instead of non-deterministic timestamps
postPatch = ''
find . -type f -name '*.c' -exec sed -r -i 's#\btime\(&(.+)\)#if (getenv("SOURCE_DATE_EPOCH")) \1=atol(getenv("SOURCE_DATE_EPOCH")); else &#g' {} \;