Merge NixOS#83013: exiv2: patch CVE-2019-20421

stigok · Mar 29, 2020 · 6d28c18 · 6d28c18
2 parents 804477b + 0ebeec9
commit 6d28c18
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix
@@ -1,5 +1,6 @@
 { stdenv
 , fetchFromGitHub
+, fetchpatch
 , zlib
 , expat
 , cmake
@@ -23,6 +24,16 @@ stdenv.mkDerivation rec {
     sha256 = "0n8il52yzbmvbkryrl8waz7hd9a2fdkw8zsrmhyh63jlvmmc31gf";
   };
 
+  patches = [
+    # included in next release
+    (fetchpatch {
+      name = "cve-2019-20421.patch";
+      url = "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8.patch";
+      sha256 = "16r19qb9l5j43ixm5jqid9sdv5brlkk1wq0w79rm5agxq4kblfyc";
+      excludes = [ "tests/bugfixes/github/test_issue_1011.py" "test/data/Jp2Image_readMetadata_loop.poc" ];
+    })
+  ];
+
   cmakeFlags = [
     "-DEXIV2_BUILD_PO=ON"
     "-DEXIV2_BUILD_DOC=ON"