Merge #153413: openexr*: patch CVE-2021-45942, add test

... into staging

pkgs/development/libraries/openexr/3.nix

@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , zlib
 , cmake
 , imath
@@ -19,9 +20,26 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-Bi6yTcZBWTsWWMm3A7FVYblvSXKLSkHmhGvpNYGiOzE=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-45942.patch";
+      url = "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e.patch";
+      sha256 = "1qa8662ga5i0lyfi9mkj9s9bygdg7h1i6ahki28c664kxrlsakch";
+    })
+  ];
+
+  # tests are determined to use /var/tmp on unix
+  postPatch = ''
+    cat <(find . -name tmpDir.h) <(echo src/test/OpenEXRCoreTest/main.cpp) | while read -r f ; do
+      substituteInPlace $f --replace '/var/tmp' "$TMPDIR"
+    done
+  '';
+
   nativeBuildInputs = [ cmake ];
   propagatedBuildInputs = [ imath zlib ];
 
+  doCheck = true;
+
   meta = with lib; {
     description = "A high dynamic-range (HDR) image file format";
     homepage = "https://www.openexr.com/";

pkgs/development/libraries/openexr/default.nix

@@ -26,6 +26,13 @@ stdenv.mkDerivation rec {
       url = "https://github.com/AcademySoftwareFoundation/openexr/commit/2f19a01923885fda75ec9d19332de080ec7102bd.patch";
       sha256 = "1yxmrdzq1x1911wdzwnzr29jmg2r4wd4yx3vhjn0y5dpny0ri5y5";
     })
+    (fetchpatch {
+      name = "CVE-2021-45942.patch";
+      url = "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e.patch";
+      stripLen = 4;
+      extraPrefix = "OpenEXR/IlmImf/";
+      sha256 = "1wa2jn6sa0n3phaqvklnlbgk1bz60y756ad4jk4d757pzpnannsy";
+    })
   ];
 
   nativeBuildInputs = [ cmake ];