pyrox.dev
fig2dev: 3.2.8a -> 3.2.8b
This appears to fix a serie of buffer overflow.
https://sourceforge.net/p/mcj/fig2dev/ci/8f11139e53174e90e5132cc7633327ae92b65322/
+2
-12
pkgs/applications/graphics/fig2dev/default.nix
+2
-12
pkgs/applications/graphics/fig2dev/default.nix
···
1
{ lib
2
, stdenv
3
, fetchurl
4
-
, fetchpatch
5
, ghostscript
6
, libpng
7
, makeWrapper
···
14
15
stdenv.mkDerivation rec {
16
pname = "fig2dev";
17
-
version = "3.2.8a";
18
19
src = fetchurl {
20
url = "mirror://sourceforge/mcj/fig2dev-${version}.tar.xz";
21
-
sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3";
22
};
23
-
24
-
patches = [
25
-
(fetchpatch {
26
-
name = "CVE-2021-3561.patch";
27
-
# Using Debian patch since it is not possible to download it directly from Sourceforge
28
-
url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch";
29
-
sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs";
30
-
})
31
-
];
32
33
nativeBuildInputs = [ makeWrapper ];
34
buildInputs = [ libpng ];
···
1
{ lib
2
, stdenv
3
, fetchurl
4
, ghostscript
5
, libpng
6
, makeWrapper
···
13
14
stdenv.mkDerivation rec {
15
pname = "fig2dev";
16
+
version = "3.2.8b";
17
18
src = fetchurl {
19
url = "mirror://sourceforge/mcj/fig2dev-${version}.tar.xz";
20
+
sha256 = "1jv8rg71dsy00lpg434r5zqs5qrg8mxqvv2gpcjjvmzsm551d2j1";
21
};
22
23
nativeBuildInputs = [ makeWrapper ];
24
buildInputs = [ libpng ];