Merge pull request #284491 from LeSuisse/libredwg-CVE-2023-26157

libredwg: apply patch for CVE-2023-26157
2024-11-24 07:53:19 +00:00 · 2024-01-28 12:16:58 -05:00 · 2024-01-28 12:16:58 -05:00 · 41ba20eb59
commit 41ba20eb59
parent c357950539 926673e780
1 changed files with 9 additions and 0 deletions
--- a/pkgs/development/libraries/libredwg/default.nix
+++ b/pkgs/development/libraries/libredwg/default.nix
@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , autoreconfHook
 , writeShellScript
 , pkg-config
@ -27,6 +28,14 @@ stdenv.mkDerivation rec {
    fetchSubmodules = true;
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-26157.patch";
+      url = "https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc.patch";
+      hash = "sha256-EEF3YYPW+6SvXRiAw3zz6tWU9w/qmGtc09Tf8wn7hVc=";
+    })
+  ];
+
  postPatch = let
    printVersion = writeShellScript "print-version" ''
      echo -n ${lib.escapeShellArg version}