From 7c0db9fbb525356410e44df1359ebe3612cffa22 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Sun, 11 Apr 2021 11:06:26 +0200 Subject: [PATCH] mozjpeg: 3.3.1 -> 4.0.3 Fixes CVE-2018-14498. --- pkgs/applications/graphics/mozjpeg/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/graphics/mozjpeg/default.nix b/pkgs/applications/graphics/mozjpeg/default.nix index af6b812e1e5c..0c1933ad6129 100644 --- a/pkgs/applications/graphics/mozjpeg/default.nix +++ b/pkgs/applications/graphics/mozjpeg/default.nix @@ -1,18 +1,20 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, libpng, nasm }: +{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, libpng, zlib, nasm }: stdenv.mkDerivation rec { - version = "3.3.1"; + version = "4.0.3"; pname = "mozjpeg"; src = fetchFromGitHub { owner = "mozilla"; repo = "mozjpeg"; rev = "v${version}"; - sha256 = "1na68860asn8b82ny5ilwbhh4nyl9gvx2yxmm4wr2v1v95v51fky"; + sha256 = "1wb2ys0yjy6hgpb9qvzjxs7sb2zzs44p6xf7n026mx5nx85hjbyv"; }; - nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ libpng nasm ]; + cmakeFlags = [ "-DENABLE_STATIC=NO" "-DPNG_SUPPORTED=TRUE" ]; # See https://github.com/mozilla/mozjpeg/issues/351 + + nativeBuildInputs = [ cmake pkg-config ]; + buildInputs = [ libpng zlib nasm ]; meta = { description = "Mozilla JPEG Encoder Project";