Skip to content

Commit da8c5d9

Browse files
vcunatvcunat
committedNov 6, 2016
Merge #20206: libtiff: patch for some more CVEs
(cherry picked from commit b4c296e)
1 parent 674ebc2 commit da8c5d9

File tree

1 file changed

+22
-8
lines changed

1 file changed

+22
-8
lines changed
 

Diff for: ‎pkgs/development/libraries/libtiff/default.nix

+22-8
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
let
44
version = "4.0.6";
5+
debversion = "3";
56
in
67
stdenv.mkDerivation rec {
78
name = "libtiff-${version}";
@@ -19,35 +20,48 @@ stdenv.mkDerivation rec {
1920

2021
enableParallelBuilding = true;
2122

22-
patches = [
23+
patches = let p = "https://sources.debian.net/data/main/t/tiff/${version}-${debversion}/debian/patches"; in [
2324
(fetchpatch {
24-
url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/01-CVE-2015-8665_and_CVE-2015-8683.patch";
25+
url = "${p}/01-CVE-2015-8665_and_CVE-2015-8683.patch";
2526
sha256 = "1c4zmvxj124873al8fvkiv8zq7wx5mv2vd4f1y9w8liv92cm7hkc";
2627
})
2728
(fetchpatch {
28-
url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/02-fix_potential_out-of-bound_writes_in_decode_functions.patch";
29+
url = "${p}/02-fix_potential_out-of-bound_writes_in_decode_functions.patch";
2930
sha256 = "0rsc7zh7cdhgcmx2vbjfaqrb0g93a3924ngqkrzb14w5j2fqfbxv";
3031
})
3132
(fetchpatch {
32-
url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/03-fix_potential_out-of-bound_write_in_NeXTDecode.patch";
33+
url = "${p}/03-fix_potential_out-of-bound_write_in_NeXTDecode.patch";
3334
sha256 = "1s01xhp4sl04yhqhqwp50gh43ykcqk230mmbv62vhy2jh7v0ky3a";
3435
})
3536
(fetchpatch {
36-
url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/04-CVE-2016-5314_CVE-2016-5316_CVE-2016-5320_CVE-2016-5875.patch";
37+
url = "${p}/04-CVE-2016-5314_CVE-2016-5316_CVE-2016-5320_CVE-2016-5875.patch";
3738
sha256 = "0by35qxpzv9ib3mnh980gd30jf3qmsfp2kl730rq4pq66wpzg9m8";
3839
})
3940
(fetchpatch {
40-
url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/05-CVE-2016-6223.patch";
41+
url = "${p}/05-CVE-2016-6223.patch";
4142
sha256 = "0rh8ia0wsf5yskzwdjrlbiilc9m0lq0igs42k6922pl3sa1lxzv1";
4243
})
4344
(fetchpatch {
44-
url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/06-CVE-2016-5321.patch";
45+
url = "${p}/06-CVE-2016-5321.patch";
4546
sha256 = "0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0";
4647
})
4748
(fetchpatch {
48-
url = "https://sources.debian.net/data/main/t/tiff/4.0.6-2/debian/patches/07-CVE-2016-5323.patch";
49+
url = "${p}/07-CVE-2016-5323.patch";
4950
sha256 = "1j6w8g6qizkx5h4aq95kxzx6bgkn4jhc8l22swwhvlkichsh4910";
5051
})
52+
(fetchurl {
53+
url = "${p}/08-CVE-2016-3623_CVE-2016-3624.patch";
54+
sha256 = "1xnvwjvgyxi387h1sdiyp4360a3176jmipb7ghm8vwiz7cisdn9z";
55+
})
56+
(fetchurl {
57+
url = "${p}/09-CVE-2016-5652.patch";
58+
sha256 = "1yqfq32gzh21ab2jfqkq13gaz0nin0492l06adzsyhr5brvdhnx8";
59+
})
60+
(fetchurl {
61+
url = "${p}/10-CVE-2016-3658.patch";
62+
sha256 = "01kb8rfk30fgjf1hy0m088yhjfld1yyh4bk3gkg8jx3dl9bd076d";
63+
})
64+
5165

5266
];
5367

0 commit comments

Comments
 (0)
Please sign in to comment.