From 07b2b092be1f3ccadc4553cfbb296139c3591574 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 14 Jul 2021 10:08:43 +0200 Subject: [PATCH] libsForQt5.kimageformats: fix CVE-2021-36083 Co-authored-by: Sandro (cherry picked from commit 3d260a2d0edffce5095a5f813e9227c4864e9715) --- .../libraries/kde-frameworks/kimageformats.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/kde-frameworks/kimageformats.nix b/pkgs/development/libraries/kde-frameworks/kimageformats.nix index 3d9c5851f24..f78d8168b45 100644 --- a/pkgs/development/libraries/kde-frameworks/kimageformats.nix +++ b/pkgs/development/libraries/kde-frameworks/kimageformats.nix @@ -1,5 +1,5 @@ { - mkDerivation, lib, + mkDerivation, lib, fetchpatch, extra-cmake-modules, ilmbase, karchive, openexr, qtbase }: @@ -8,8 +8,21 @@ let inherit (lib) getDev; in mkDerivation { name = "kimageformats"; + + patches = [ + (fetchpatch { # included in kimageformats >= 5.82 + name = "CVE-2021-36083.patch"; + url = "https://invent.kde.org/frameworks/kimageformats/-/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f.diff"; + sha256 = "16axaljgaar0j5796x1mjps93y92393x8zywh3nzw7rm9w2qxzml"; + }) + ]; + nativeBuildInputs = [ extra-cmake-modules ]; buildInputs = [ karchive openexr qtbase ]; outputs = [ "out" ]; # plugins only CXXFLAGS = "-I${getDev ilmbase}/include/OpenEXR"; + + meta = with lib; { + broken = versionOlder qtbase.version "5.14"; + }; }