Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: ca6b6595392b
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: a08e88c7e51b
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Nov 13, 2019

  1. opencv4: add patches for CVE-2019-14491, CVE-2019-14492, CVE-2019-14493 

    … & CVE-2019-15939

 (#73073)
    @risicle @c0bw3b
    risicle authored and c0bw3b committed Nov 13, 2019
    Copy the full SHA
    a08e88c View commit details
Showing with 19 additions and 1 deletion.
  1. +19 −1 pkgs/development/libraries/opencv/4.x.nix
20 changes: 19 additions & 1 deletion pkgs/development/libraries/opencv/4.x.nix
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{ lib, stdenv
, fetchurl, fetchFromGitHub
, fetchurl, fetchFromGitHub, fetchpatch
, cmake, pkgconfig, unzip, zlib, pcre, hdf5
, glog, boost, google-gflags, protobuf
, config
@@ -160,6 +160,24 @@ stdenv.mkDerivation rec {
cp --no-preserve=mode -r "${contribSrc}/modules" "$NIX_BUILD_TOP/source/opencv_contrib"
'';

patches = [
(fetchpatch {
name = "CVE-2019-14491.CVE-2019-14492.patch";
url = "https://github.com/opencv/opencv/pull/15150/commits/321c74ccd6077bdea1d47450ca4fe955cb5b6330.patch";
sha256 = "03nxq24wsyszpl24i9fz3k06np75g9p4pqgnn1iw0nqdn7qds8pm";
})
(fetchpatch {
name = "CVE-2019-14493.patch";
url = "https://github.com/opencv/opencv/pull/15145/commits/5691d998ead1d9b0542bcfced36c2dceb3a59023.patch";
sha256 = "14qva9f5z10apz5q0skdyiclr9sgkhab4fzksy1w3b6j6hg4wm7m";
})
(fetchpatch {
name = "CVE-2019-15939.patch";
url = "https://github.com/opencv/opencv/pull/15382/commits/5a497077f109d543ab86dfdf8add1c76c0e47d29.patch";
sha256 = "18wqsss5zz3f6i1ih8gd17h2zrrqpgfd7jmc45v70gk30nmhcj5b";
})
];

# This prevents cmake from using libraries in impure paths (which
# causes build failure on non NixOS)
# Also, work around https://github.com/NixOS/nixpkgs/issues/26304 with