Merge #72958: libexif: fix CVE-2018-20030

This commit is contained in:
Vladimír Čunát 2019-11-16 18:26:13 +01:00
commit 908f6240d8
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA

View File

@ -9,21 +9,32 @@ stdenv.mkDerivation rec {
}; };
patches = [ patches = [
(fetchpatch { (fetchpatch {
name = "CVE-2017-7544.patch"; name = "CVE-2017-7544.patch";
url = https://sourceforge.net/p/libexif/bugs/_discuss/thread/fc394c4b/489a/attachment/xx.pat; url = "https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a.patch";
sha256 = "1qgk8hgnxr8d63jsc4vljxz9yg33mbml280dq4a6050rmk9wq4la"; sha256 = "0xgx6ly2i4q05shb61mfx6njwf1yp347jkznm0ka4m85i41xm6sd";
}) })
(fetchpatch {
name = "CVE-2018-20030-1.patch";
url = "https://github.com/libexif/libexif/commit/5d28011c40ec86cf52cffad541093d37c263898a.patch";
sha256 = "1wv8s962wmbn2m2xypgirf12g6msrbplpsmd5bh86irfwhkcppj3";
})
(fetchpatch {
name = "CVE-2018-20030-2.patch";
url = "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch";
sha256 = "01aqvz63glwq6wg0wr7ykqqghb4abgq77ghvhizbzadg1k4h7drx";
excludes = [ "NEWS" ];
})
]; ];
patchFlags = "-p0";
buildInputs = [ gettext ]; buildInputs = [ gettext ];
meta = { meta = {
homepage = http://libexif.sourceforge.net/; homepage = https://libexif.github.io/;
description = "A library to read and manipulate EXIF data in digital photographs"; description = "A library to read and manipulate EXIF data in digital photographs";
license = stdenv.lib.licenses.lgpl21; license = stdenv.lib.licenses.lgpl21;
platforms = stdenv.lib.platforms.unix; platforms = stdenv.lib.platforms.unix;
maintainers = [ stdenv.lib.maintainers.erictapen ];
}; };
} }