Merge pull request #130293 from NixOS/backport-130290-to-release-21.05

[Backport release-21.05] fig2dev: apply patch for CVE-2021-3561
2021-07-17 13:47:03 +01:00 · 2021-07-17 13:47:03 +01:00 · 460f322171
parent c6adf089e0 04644c993d
commit 460f322171
1 changed files with 10 additions and 0 deletions
--- a/pkgs/applications/graphics/fig2dev/default.nix
+++ b/pkgs/applications/graphics/fig2dev/default.nix
@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, fetchpatch
 , ghostscript
 , libpng
 , makeWrapper
@ -20,6 +21,15 @@ stdenv.mkDerivation rec {
    sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3";
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-3561.patch";
+      # Using Debian patch since it is not possible to download it directly from Sourceforge
+      url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch";
+      sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs";
+    })
+  ];
+
  nativeBuildInputs = [ makeWrapper ];
  buildInputs = [ libpng ];