graphviz: patch CVE-2020-18032

2021-05-28 10:59:08 +02:00 · 2021-05-28 10:59:08 +02:00 · b4e8099795
parent 5658fadedb
commit b4e8099795
1 changed files with 8 additions and 1 deletions
--- a/pkgs/tools/graphics/graphviz/base.nix
+++ b/pkgs/tools/graphics/graphviz/base.nix
@ -21,7 +21,14 @@ let
    buildCommand = "sed s/dot_root/agroot/g ${raw_patch} > $out";
  };
  # 2.42 has the patch included
-  patches = optional (lib.versionOlder version "2.42") patchToUse;
+  patches = optional (lib.versionOlder version "2.42") patchToUse
+  ++ optionals (lib.versionOlder version "2.46.0") [
+    (fetchpatch {
+      name = "CVE-2020-18032.patch";
+      url = "https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b.patch";
+      sha256 = "1nkw9ism8lkfvxsp5fh95i2l5s5cbjsidbb3g1kjfv10rxkyb41m";
+    })
+  ];
 in

 stdenv.mkDerivation {