From 57aff6b0ae29df302511c60d979dfe8349bd8a92 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Thu, 15 Jul 2021 18:51:53 +0200 Subject: [PATCH] fig2dev: apply patch for CVE-2021-3561 --- pkgs/applications/graphics/fig2dev/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/applications/graphics/fig2dev/default.nix b/pkgs/applications/graphics/fig2dev/default.nix index c7484f4cbfe7..31d14185dcd9 100644 --- a/pkgs/applications/graphics/fig2dev/default.nix +++ b/pkgs/applications/graphics/fig2dev/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchurl +, fetchpatch , ghostscript , libpng , makeWrapper @@ -20,6 +21,15 @@ stdenv.mkDerivation rec { sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3"; }; + patches = [ + (fetchpatch { + name = "CVE-2021-3561.patch"; + # Using Debian patch since it is not possible to download it directly from Sourceforge + url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch"; + sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs"; + }) + ]; + nativeBuildInputs = [ makeWrapper ]; buildInputs = [ libpng ];