Merge pull request #44466 from vcunat/p/exiv2-cve

exiv2: bugfix updates
2025-01-18 19:03:28 +00:00 · 2018-08-05 21:32:33 +02:00 · 2018-08-05 21:32:33 +02:00 · b909d807b1
commit b909d807b1
parent 2da02088f7 6a1148997a
1 changed files with 30 additions and 15 deletions
--- a/pkgs/development/libraries/exiv2/default.nix
+++ b/pkgs/development/libraries/exiv2/default.nix
@ -1,11 +1,15 @@
-{ stdenv, fetchurl, fetchpatch, zlib, expat, gettext }:
+{ stdenv, fetchurl, fetchFromGitHub, fetchpatch, zlib, expat, gettext
+, autoconf }:

 stdenv.mkDerivation rec {
-  name = "exiv2-0.26";
+  name = "exiv2-0.26.2018.06.09";

-  src = fetchurl {
-    url = "http://www.exiv2.org/builds/${name}-trunk.tar.gz";
-    sha256 = "1yza317qxd8yshvqnay164imm0ks7cvij8y8j86p1gqi1153qpn7";
+    #url = "http://www.exiv2.org/builds/${name}-trunk.tar.gz";
+  src = fetchFromGitHub rec {
+    owner = "exiv2";
+    repo  = "exiv2";
+    rev = "4aa57ad";
+    sha256 = "1kblpxbi4wlb0l57xmr7g23zn9adjmfswhs6kcwmd7skwi2yivcd";
  };

  patches = [
@ -16,25 +20,36 @@ stdenv.mkDerivation rec {
          + "/sha512/${sha512}/${patchname}";
      sha512 = "3f9242dbd4bfa9dcdf8c9820243b13dc14990373a800c4ebb6cf7eac5653cfef"
             + "e6f2c47a94fbee4ed24f0d8c2842729d721f6100a2b215e0f663c89bfefe9e32";
-     })
-     (fetchpatch {
-       # many CVEs - see https://github.com/Exiv2/exiv2/pull/120
-       url = "https://patch-diff.githubusercontent.com/raw/Exiv2/exiv2/pull/120.patch";
-       sha256 = "1szl22xmh12hibzaqf2zi8zl377x841m52x4jm5lziw6j8g81sj8";
-       excludes = [ "test/bugfixes-test.sh" ];
-     })
+    })
+    # Two backports from master, submitted as https://github.com/Exiv2/exiv2/pull/398
+    (fetchpatch {
+      name = "CVE-2018-12264.diff";
+      url = "https://github.com/vcunat/exiv2/commit/fd18e853.diff";
+      sha256 = "0y7ahh45lpaiazjnfllndfaa5pyixh6z4kcn2ywp7qy4ra7qpwdr";
+    })
+    (fetchpatch {
+      name = "CVE-2018-12265.diff";
+      url = "https://github.com/vcunat/exiv2/commit/9ed1671bd4.diff";
+      sha256 = "1cn446pfcgsh1bn9vxikkkcy1cqq7ghz2w291h1094ydqg6w7q6w";
+    })
  ];

  postPatch = "patchShebangs ./src/svn_version.sh";

+  preConfigure = "make config"; # needed because not using tarball
+
  outputs = [ "out" "dev" ];

-  nativeBuildInputs = [ gettext ];
+  nativeBuildInputs = [
+    gettext
+    autoconf # needed because not using tarball
+  ];
  propagatedBuildInputs = [ zlib expat ];

-  meta = {
+  meta = with stdenv.lib; {
    homepage = http://www.exiv2.org/;
    description = "A library and command-line utility to manage image metadata";
-    platforms = stdenv.lib.platforms.all;
+    platforms = platforms.all;
+    license = licenses.gpl2;
  };
 }