diff --git a/pkgs/development/libraries/openexr/3.nix b/pkgs/development/libraries/openexr/3.nix index 24af4e429a0..3cfe173875c 100644 --- a/pkgs/development/libraries/openexr/3.nix +++ b/pkgs/development/libraries/openexr/3.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , zlib , cmake , imath @@ -19,9 +20,26 @@ stdenv.mkDerivation rec { sha256 = "sha256-Bi6yTcZBWTsWWMm3A7FVYblvSXKLSkHmhGvpNYGiOzE="; }; + patches = [ + (fetchpatch { + name = "CVE-2021-45942.patch"; + url = "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e.patch"; + sha256 = "1qa8662ga5i0lyfi9mkj9s9bygdg7h1i6ahki28c664kxrlsakch"; + }) + ]; + + # tests are determined to use /var/tmp on unix + postPatch = '' + cat <(find . -name tmpDir.h) <(echo src/test/OpenEXRCoreTest/main.cpp) | while read -r f ; do + substituteInPlace $f --replace '/var/tmp' "$TMPDIR" + done + ''; + nativeBuildInputs = [ cmake ]; propagatedBuildInputs = [ imath zlib ]; + doCheck = true; + meta = with lib; { description = "A high dynamic-range (HDR) image file format"; homepage = "https://www.openexr.com/"; diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix index d60b7b7fc43..31ca4855275 100644 --- a/pkgs/development/libraries/openexr/default.nix +++ b/pkgs/development/libraries/openexr/default.nix @@ -26,6 +26,13 @@ stdenv.mkDerivation rec { url = "https://github.com/AcademySoftwareFoundation/openexr/commit/2f19a01923885fda75ec9d19332de080ec7102bd.patch"; sha256 = "1yxmrdzq1x1911wdzwnzr29jmg2r4wd4yx3vhjn0y5dpny0ri5y5"; }) + (fetchpatch { + name = "CVE-2021-45942.patch"; + url = "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e.patch"; + stripLen = 4; + extraPrefix = "OpenEXR/IlmImf/"; + sha256 = "1wa2jn6sa0n3phaqvklnlbgk1bz60y756ad4jk4d757pzpnannsy"; + }) ]; nativeBuildInputs = [ cmake ];