pyrox.dev
jhead: patches for CVE-2022-41751
See https://nvd.nist.gov/vuln/detail/CVE-2022-41751
Also relevant: https://github.com/Matthias-Wandel/jhead/issues/60
authored by Maximilian Bosch and committed by Robert Helgesson 8e840bea fcde71fd
+33
-1
pkgs/tools/graphics/jhead/default.nix
+33
-1
pkgs/tools/graphics/jhead/default.nix
···
1
+
{ lib, stdenv, fetchFromGitHub, libjpeg, fetchpatch }:
2
3
stdenv.mkDerivation rec {
4
pname = "jhead";
···
10
rev = version;
11
sha256 = "0zgh36486cpcnf7xg6dwf7rhz2h4gpayqvdk8hmrx6y418b2pfyf";
12
};
13
+
14
+
patches = [
15
+
# Just a spelling/whitespace change, but makes it easier to apply the rest.
16
+
(fetchpatch {
17
+
url = "https://github.com/Matthias-Wandel/jhead/commit/8384c6fd2ebfb8eb8bd96616343e73af0e575131.patch";
18
+
sha256 = "sha256-f3FOIqgFr5QPAsBjvUVAOf1CAqw8pNAVx+pZZuMjq3c=";
19
+
includes = [ "jhead.c" ];
20
+
})
21
+
(fetchpatch {
22
+
url = "https://github.com/Matthias-Wandel/jhead/commit/63aff8e9bd8c970fedf87f0ec3a1f3368bf2421e.patch";
23
+
sha256 = "sha256-jyhGdWuwd/eP5uuS8uLYiTJZJdxxLYdsvl0jnQC+Y5c=";
24
+
includes = [ "jhead.c" ];
25
+
})
26
+
27
+
# Fixes around CVE-2022-41751
28
+
(fetchpatch {
29
+
url = "https://github.com/Matthias-Wandel/jhead/commit/6985da52c9ad4f5f6c247269cb5508fae34a971c.patch";
30
+
sha256 = "sha256-8Uw0Udr9aZEMrD/0zS498MVw+rJqpFukvjb7FgzjgT4=";
31
+
})
32
+
(fetchpatch {
33
+
url = "https://github.com/Matthias-Wandel/jhead/commit/3fe905cf674f8dbac8a89e58cee1b4850abf9530.patch";
34
+
sha256 = "sha256-5995EV/pOktZc45c7fLl+oQqyutRDQJl3eNutR1JGJo=";
35
+
})
36
+
(fetchpatch {
37
+
url = "https://github.com/joachim-reichel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062.patch";
38
+
sha256 = "sha256-a3KogIV45cRNthJSPygIRw1m2KBJZJSIGSWfsr7FWs4=";
39
+
})
40
+
(fetchpatch {
41
+
url = "https://github.com/joachim-reichel/jhead/commit/65de38cb68747c6f8397608b56b58ce15271a1fe.patch";
42
+
sha256 = "sha256-xf0d2hxW4rVZwffrYJVVFQ3cDMOcPoGbCdrrQKxf16M=";
43
+
})
44
+
];
45
46
buildInputs = [ libjpeg ];
47