commit b4c296ee0962c18c3bea80958476e3020147d077 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge #20206: libtiff: patch for some more CVEs

Vladimír Čunát 9 years ago b4c296ee f77801d8

+22 -8

1 changed file

expand all

unified split

pkgs

development

libraries

libtiff

default.nix

+22 -8

pkgs/development/libraries/libtiff/default.nix

··· 2 3 let 4 version = "4.0.6"; 5 in 6 stdenv.mkDerivation rec { 7 name = "libtiff-${version}"; ··· 19 20 enableParallelBuilding = true; 21 22 - patches = [ 23 (fetchpatch { 24 - url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/01-CVE-2015-8665_and_CVE-2015-8683.patch"; 25 sha256 = "1c4zmvxj124873al8fvkiv8zq7wx5mv2vd4f1y9w8liv92cm7hkc"; 26 }) 27 (fetchpatch { 28 - url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/02-fix_potential_out-of-bound_writes_in_decode_functions.patch"; 29 sha256 = "0rsc7zh7cdhgcmx2vbjfaqrb0g93a3924ngqkrzb14w5j2fqfbxv"; 30 }) 31 (fetchpatch { 32 - url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/03-fix_potential_out-of-bound_write_in_NeXTDecode.patch"; 33 sha256 = "1s01xhp4sl04yhqhqwp50gh43ykcqk230mmbv62vhy2jh7v0ky3a"; 34 }) 35 (fetchpatch { 36 - url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/04-CVE-2016-5314_CVE-2016-5316_CVE-2016-5320_CVE-2016-5875.patch"; 37 sha256 = "0by35qxpzv9ib3mnh980gd30jf3qmsfp2kl730rq4pq66wpzg9m8"; 38 }) 39 (fetchpatch { 40 - url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/05-CVE-2016-6223.patch"; 41 sha256 = "0rh8ia0wsf5yskzwdjrlbiilc9m0lq0igs42k6922pl3sa1lxzv1"; 42 }) 43 (fetchpatch { 44 - url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/06-CVE-2016-5321.patch"; 45 sha256 = "0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0"; 46 }) 47 (fetchpatch { 48 - url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/07-CVE-2016-5323.patch"; 49 sha256 = "1j6w8g6qizkx5h4aq95kxzx6bgkn4jhc8l22swwhvlkichsh4910"; 50 }) 51 52 ]; 53

··· 2 3 let 4 version = "4.0.6"; 5 + debversion = "3"; 6 in 7 stdenv.mkDerivation rec { 8 name = "libtiff-${version}"; ··· 20 21 enableParallelBuilding = true; 22 23 + patches = let p = "https://sources.debian.net/data/main/t/tiff/${version}-${debversion}/debian/patches"; in [ 24 (fetchpatch { 25 + url = "${p}/01-CVE-2015-8665_and_CVE-2015-8683.patch"; 26 sha256 = "1c4zmvxj124873al8fvkiv8zq7wx5mv2vd4f1y9w8liv92cm7hkc"; 27 }) 28 (fetchpatch { 29 + url = "${p}/02-fix_potential_out-of-bound_writes_in_decode_functions.patch"; 30 sha256 = "0rsc7zh7cdhgcmx2vbjfaqrb0g93a3924ngqkrzb14w5j2fqfbxv"; 31 }) 32 (fetchpatch { 33 + url = "${p}/03-fix_potential_out-of-bound_write_in_NeXTDecode.patch"; 34 sha256 = "1s01xhp4sl04yhqhqwp50gh43ykcqk230mmbv62vhy2jh7v0ky3a"; 35 }) 36 (fetchpatch { 37 + url = "${p}/04-CVE-2016-5314_CVE-2016-5316_CVE-2016-5320_CVE-2016-5875.patch"; 38 sha256 = "0by35qxpzv9ib3mnh980gd30jf3qmsfp2kl730rq4pq66wpzg9m8"; 39 }) 40 (fetchpatch { 41 + url = "${p}/05-CVE-2016-6223.patch"; 42 sha256 = "0rh8ia0wsf5yskzwdjrlbiilc9m0lq0igs42k6922pl3sa1lxzv1"; 43 }) 44 (fetchpatch { 45 + url = "${p}/06-CVE-2016-5321.patch"; 46 sha256 = "0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0"; 47 }) 48 (fetchpatch { 49 + url = "${p}/07-CVE-2016-5323.patch"; 50 sha256 = "1j6w8g6qizkx5h4aq95kxzx6bgkn4jhc8l22swwhvlkichsh4910"; 51 }) 52 + (fetchurl { 53 + url = "${p}/08-CVE-2016-3623_CVE-2016-3624.patch"; 54 + sha256 = "1xnvwjvgyxi387h1sdiyp4360a3176jmipb7ghm8vwiz7cisdn9z"; 55 + }) 56 + (fetchurl { 57 + url = "${p}/09-CVE-2016-5652.patch"; 58 + sha256 = "1yqfq32gzh21ab2jfqkq13gaz0nin0492l06adzsyhr5brvdhnx8"; 59 + }) 60 + (fetchurl { 61 + url = "${p}/10-CVE-2016-3658.patch"; 62 + sha256 = "01kb8rfk30fgjf1hy0m088yhjfld1yyh4bk3gkg8jx3dl9bd076d"; 63 + }) 64 + 65 66 ]; 67