exiv2: fix CVE-2014-9449 by upstream patch

It's just a crash fix, not a "real" vulnerability.
2015-02-05 12:16:25 +01:00 · 2015-02-05 12:16:25 +01:00 · da3105d538
commit da3105d538
parent 529e2b281a
1 changed files with 10 additions and 4 deletions
--- a/pkgs/development/libraries/exiv2/default.nix
+++ b/pkgs/development/libraries/exiv2/default.nix
@ -1,4 +1,4 @@
-{stdenv, fetchurl, zlib, expat}:
+{stdenv, fetchurl, fetchpatch, zlib, expat}:

 stdenv.mkDerivation rec {
  name = "exiv2-0.24";
@ -8,6 +8,12 @@ stdenv.mkDerivation rec {
    sha256 = "13pgvz14kyapxl89pxjaq3274k56d5lzfckpg1g9z7gvqzk4797l";
  };

+  patches = [(fetchpatch {
+    name = "CVE-2014-9449.diff";
+    url = "http://dev.exiv2.org/projects/exiv2/repository/revisions/3264/diff?format=diff&rev_to=3263";
+    sha256 = "02w0fksl966d4v6bkg6rq3wmvv8xjpvfp47qr0nv1xq0bphxqzag";
+  })];
+
  propagatedBuildInputs = [zlib expat];

 # configure script finds zlib&expat but it thinks that they're in /usr