pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #130290 from LeSuisse/fig2dev-CVE-2021-3561

fig2dev: apply patch for CVE-2021-3561

authored by Sandro and committed by GitHub e9ffb646 0a143359

+10
unified split
+10
pkgs/applications/graphics/fig2dev/default.nix
··· 1 1 { lib 2 2 , stdenv 3 3 , fetchurl 4 + , fetchpatch 4 5 , ghostscript 5 6 , libpng 6 7 , makeWrapper ··· 19 20 url = "mirror://sourceforge/mcj/fig2dev-${version}.tar.xz"; 20 21 sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3"; 21 22 }; 23 + 24 + patches = [ 25 + (fetchpatch { 26 + name = "CVE-2021-3561.patch"; 27 + # Using Debian patch since it is not possible to download it directly from Sourceforge 28 + url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch"; 29 + sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs"; 30 + }) 31 + ]; 22 32 23 33 nativeBuildInputs = [ makeWrapper ]; 24 34 buildInputs = [ libpng ];