pyrox.dev
Merge #235271: opencv: patch CVE-2023-2617 & CVE-2023-2618
...into staging
+16
pkgs/development/libraries/opencv/4.x.nix
+16
pkgs/development/libraries/opencv/4.x.nix
···
2
2
, stdenv
3
3
, fetchurl
4
4
, fetchFromGitHub
5
+
, fetchpatch
5
6
, cmake
6
7
, pkg-config
7
8
, unzip
···
275
276
# Ensures that we use the system OpenEXR rather than the vendored copy of the source included with OpenCV.
276
277
patches = [
277
278
./cmake-don-t-use-OpenCVFindOpenEXR.patch
279
+
] ++ lib.optionals enableContrib [
280
+
(fetchpatch {
281
+
name = "CVE-2023-2617.patch";
282
+
url = "https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c.patch";
283
+
stripLen = 2;
284
+
extraPrefix = [ "opencv_contrib/" ];
285
+
sha256 = "sha256-drZ+DVn+Pk4zAZJ+LgX5u3Tz7MU0AEI/73EVvxDP3AU=";
286
+
})
287
+
(fetchpatch {
288
+
name = "CVE-2023-2618.patch";
289
+
url = "https://github.com/opencv/opencv_contrib/commit/ec406fa4748fb4b0630c1b986469e7918d5e8953.patch";
290
+
stripLen = 2;
291
+
extraPrefix = [ "opencv_contrib/" ];
292
+
sha256 = "sha256-cB5Tsh2fDOsc0BNtSzd6U/QoCjkd9yMW1QutUU69JJ0=";
293
+
})
278
294
] ++ lib.optional enableCuda ./cuda_opt_flow.patch;
279
295
280
296
# This prevents cmake from using libraries in impure paths (which