commit a92a94f5675ddd856eb54bf0d6498766e45d4195 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

optipng: 0.7.7 -> 0.7.8

Fixes CVE-2023-43907.

Changelog:
```
* Upgraded libpng to version 1.6.40.
* Upgraded zlib to version 1.3-optipng.
* Upgraded cexcept to version 2.0.2-optipng.
!! Fixed a global-buffer-overflow vulnerability in the GIF reader.
[Reported by Zeng Yunxiang; fixed by Thomas Hurst]
! Fixed a stack-print-after-scope defect in the error handler.
! Fixed an assertion failure in the image reduction module.
! Fixed the command-line wildargs expansion in the Windows port.
* Raised the minimum required libpng version from 1.2.9 to 1.6.35.
* Raised the minimum required zlib version from 1.2.1 to 1.2.8.
* Refactored the structured exception handling.
```

https://optipng.sourceforge.net/history.txt

Thomas Gerbet 2 years ago a92a94f5 ddb2b536

+7 -3

1 changed file

expand all

unified split

pkgs

tools

graphics

optipng

default.nix

+7 -3

pkgs/tools/graphics/optipng/default.nix

··· 6 6 7 7 stdenv.mkDerivation rec { 8 8 pname = "optipng"; 9 - version = "0.7.7"; 9 + version = "0.7.8"; 10 10 11 11 src = fetchurl { 12 12 url = "mirror://sourceforge/optipng/optipng-${version}.tar.gz"; 13 - sha256 = "0lj4clb851fzpaq446wgj0sfy922zs5l5misbpwv6w7qrqrz4cjg"; 13 + hash = "sha256-JaO9aEgfIVAsyqD0wT+E3PayAzjkxOjFHyzvvYUTOYw="; 14 14 }; 15 15 16 16 buildInputs = [ libpng ]; 17 17 18 - LDFLAGS = lib.optional static "-static"; 19 18 # Workaround for crash in cexcept.h. See 20 19 # https://github.com/NixOS/nixpkgs/issues/28106 21 20 preConfigure = '' 22 21 export LD=$CC 23 22 ''; 23 + 24 + # OptiPNG does not like --static, --build or --host 25 + dontDisableStatic = true; 26 + dontAddStaticConfigureFlags = true; 27 + configurePlatforms = [ ]; 24 28 25 29 configureFlags = [ 26 30 "--with-system-zlib"