Merge pull request #130290 from LeSuisse/fig2dev-CVE-2021-3561

fig2dev: apply patch for CVE-2021-3561
2021-07-15 19:24:13 +02:00 · 2021-07-15 19:24:13 +02:00 · e9ffb646fb
commit e9ffb646fb
parent 0a14335919 57aff6b0ae
1 changed files with 10 additions and 0 deletions
--- a/pkgs/applications/graphics/fig2dev/default.nix
+++ b/pkgs/applications/graphics/fig2dev/default.nix
@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, fetchpatch
 , ghostscript
 , libpng
 , makeWrapper
@ -20,6 +21,15 @@ stdenv.mkDerivation rec {
    sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3";
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-3561.patch";
+      # Using Debian patch since it is not possible to download it directly from Sourceforge
+      url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch";
+      sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs";
+    })
+  ];
+
  nativeBuildInputs = [ makeWrapper ];
  buildInputs = [ libpng ];