From 4771ccd896e8355a025900d75a9c4b104d6439e1 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Thu, 13 Oct 2016 23:53:43 +0200 Subject: [PATCH] graphicsmagick: apply patches to fix security issues Fixes CVE-2016-7996, CVE-2016-7996, CVE-2016-7800. cc #19481 --- .../graphics/graphicsmagick/default.nix | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/graphics/graphicsmagick/default.nix b/pkgs/applications/graphics/graphicsmagick/default.nix index 70d8feaa2753..2e573e09b31a 100644 --- a/pkgs/applications/graphics/graphicsmagick/default.nix +++ b/pkgs/applications/graphics/graphicsmagick/default.nix @@ -1,6 +1,6 @@ -{stdenv, fetchurl, bzip2, freetype, graphviz, ghostscript -, libjpeg, libpng, libtiff, libxml2, zlib, libtool, xz -, libX11, libwebp, quantumdepth ? 8}: +{ stdenv, fetchurl, fetchpatch, bzip2, freetype, graphviz, ghostscript +, libjpeg, libpng, libtiff, libxml2, zlib, libtool, xz, libX11 +, libwebp, quantumdepth ? 8 }: let version = "1.3.25"; in @@ -12,7 +12,21 @@ stdenv.mkDerivation { sha256 = "17xcc7pfcmiwpfr1g8ys5a7bdnvqzka53vg3kkzhwwz0s99gljyn"; }; - patches = [ ./disable-popen.patch ]; + patches = [ + ./disable-popen.patch + (fetchpatch { + url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7996_CVE-2016-7997.patch"; + sha256 = "0xsby2z8n7cnnln7szjznq7iaabq323wymvdjra59yb41aix74r2"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part1.patch"; + sha256 = "02s0x9bkbnm5wrd0d2x9ld4d9z5xqpfk310lyylyr5zlnhqxmwgn"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part2.patch"; + sha256 = "1h4xv3i1aq5avsd584rwa5sa7ca8f7w9ggmh7j2llqq5kymwsv5f"; + }) + ]; configureFlags = [ "--enable-shared"