pyrox.dev
libtiff: patch CVE-2024-13978 and CVE-2025-9165 (#436742)
+15
pkgs/by-name/li/libtiff/package.nix
+15
pkgs/by-name/li/libtiff/package.nix
···
60
60
# libc++abi 11 has an `#include <version>`, this picks up files name
61
61
# `version` in the project's include paths
62
62
./rename-version.patch
63
+
(fetchpatch {
64
+
name = "CVE-2024-13978_1.patch";
65
+
url = "https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1.patch";
66
+
hash = "sha256-cpsQyIvyP6LkGeQTlLX73iNd1AcPkvZ6Xqfns7G3JBc=";
67
+
})
68
+
(fetchpatch {
69
+
name = "CVE-2024-13978_2.patch";
70
+
url = "https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4.patch";
71
+
hash = "sha256-cZlLTeB7/nvylf5SLzKF7g91aBERhZxpV5fmWEJVrX4=";
72
+
})
73
+
(fetchpatch {
74
+
name = "CVE-2025-9165.patch";
75
+
url = "https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0.patch";
76
+
hash = "sha256-DIsk8trbHMMTrj6jP5Ae8ciRjHV4CPHdWCN+VbeFnFo=";
77
+
})
63
78
];
64
79
65
80
postPatch = ''