Merge pull request #47229 from symphorien/CVE-2018-10196
graphviz: fix CVE-2018-10196
This commit is contained in:
		
						commit
						0e0dd9478d
					
				| @ -2,12 +2,26 @@ | |||||||
| 
 | 
 | ||||||
| { stdenv, fetchFromGitLab, autoreconfHook, pkgconfig, cairo, expat, flex | { stdenv, fetchFromGitLab, autoreconfHook, pkgconfig, cairo, expat, flex | ||||||
| , fontconfig, gd, gettext, gts, libdevil, libjpeg, libpng, libtool, pango | , fontconfig, gd, gettext, gts, libdevil, libjpeg, libpng, libtool, pango | ||||||
| , yacc, xorg ? null, ApplicationServices ? null }: | , yacc, fetchpatch, xorg ? null, ApplicationServices ? null }: | ||||||
| 
 | 
 | ||||||
| assert stdenv.isDarwin -> ApplicationServices != null; | assert stdenv.isDarwin -> ApplicationServices != null; | ||||||
| 
 | 
 | ||||||
| let | let | ||||||
|   inherit (stdenv.lib) optionals optionalString; |   inherit (stdenv.lib) optionals optionalString; | ||||||
|  |   raw_patch = | ||||||
|  |     # https://gitlab.com/graphviz/graphviz/issues/1367 CVE-2018-10196 | ||||||
|  |     fetchpatch { | ||||||
|  |       name = "CVE-2018-10196.patch"; | ||||||
|  |       url = https://gitlab.com/graphviz/graphviz/uploads/30f8f0b00e357c112ac35fb20241604a/p.diff; | ||||||
|  |       sha256 = "074qx6ch9blrnlilmz7p96fkiz2va84x2fbqdza5k4808rngirc7"; | ||||||
|  |       excludes = ["tests/*"]; # we don't run them and they don't apply | ||||||
|  |     }; | ||||||
|  |   # the patch needs a small adaption for older versions | ||||||
|  |   patch = if stdenv.lib.versionAtLeast version "2.37" then raw_patch else | ||||||
|  |   stdenv.mkDerivation { | ||||||
|  |     inherit (raw_patch) name; | ||||||
|  |     buildCommand = "sed s/dot_root/agroot/g ${raw_patch} > $out"; | ||||||
|  |   }; | ||||||
| in | in | ||||||
| 
 | 
 | ||||||
| stdenv.mkDerivation rec { | stdenv.mkDerivation rec { | ||||||
| @ -37,6 +51,10 @@ stdenv.mkDerivation rec { | |||||||
|     "--with-ltdl-include=${libtool}/include" |     "--with-ltdl-include=${libtool}/include" | ||||||
|   ] ++ stdenv.lib.optional (xorg == null) [ "--without-x" ]; |   ] ++ stdenv.lib.optional (xorg == null) [ "--without-x" ]; | ||||||
| 
 | 
 | ||||||
|  |   patches = [ | ||||||
|  |     patch | ||||||
|  |   ]; | ||||||
|  | 
 | ||||||
|   postPatch = '' |   postPatch = '' | ||||||
|     for f in $(find . -name Makefile.in); do |     for f in $(find . -name Makefile.in); do | ||||||
|       substituteInPlace $f --replace "-lstdc++" "-lc++" |       substituteInPlace $f --replace "-lstdc++" "-lc++" | ||||||
|  | |||||||
| @ -3090,9 +3090,9 @@ in | |||||||
|    * that do want 2.32 but not 2.0 or 2.36. Please give a day's notice for |    * that do want 2.32 but not 2.0 or 2.36. Please give a day's notice for | ||||||
|    * objections before removal. The feature is libgraph. |    * objections before removal. The feature is libgraph. | ||||||
|    */ |    */ | ||||||
|   graphviz_2_32 = lib.overrideDerivation (callPackage ../tools/graphics/graphviz/2.32.nix { |   graphviz_2_32 = (callPackage ../tools/graphics/graphviz/2.32.nix { | ||||||
|     inherit (darwin.apple_sdk.frameworks) ApplicationServices; |     inherit (darwin.apple_sdk.frameworks) ApplicationServices; | ||||||
|   }) (x: { configureFlags = x.configureFlags ++ ["--with-cgraph=no"];}); |   }).overrideAttrs(x: { configureFlags = x.configureFlags ++ ["--with-cgraph=no"];}); | ||||||
| 
 | 
 | ||||||
|   grin = callPackage ../tools/text/grin { }; |   grin = callPackage ../tools/text/grin { }; | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Michael Raskin
						Michael Raskin