libraw: add patch for CVE-2023-1729

2023-08-12 15:34:46 +01:00 · 2023-08-12 15:34:46 +01:00 · f40c84b149
parent 9f039b93af
commit f40c84b149
1 changed files with 16 additions and 1 deletions
--- a/pkgs/development/libraries/libraw/default.nix
+++ b/pkgs/development/libraries/libraw/default.nix
@ -1,4 +1,11 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, lcms2, pkg-config }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, autoreconfHook
+, lcms2
+, pkg-config
+}:

 stdenv.mkDerivation rec {
  pname = "libraw";
@ -11,6 +18,14 @@ stdenv.mkDerivation rec {
    sha256 = "sha256-K9mULf6V/TCl5Vu4iuIdSGF9HzQlgNQLRFHIpNbmAlY";
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-1729.patch";
+      url = "https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch";
+      hash = "sha256-OAyqphxvtSM15NI77HwtGTmTmP9YNu3xhZ6D1CceJ7I=";
+    })
+  ];
+
  outputs = [ "out" "lib" "dev" "doc" ];

  propagatedBuildInputs = [ lcms2 ];