diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-10-01 05:30:26 +0200 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-10-01 05:31:29 +0200 |
commit | 500d7b81f92152bf54ec15113d481051f68ed6cf (patch) | |
tree | ad264ac9f33c07559a3294a357f8a12ac725c1a5 /pkgs/misc/lilypond | |
parent | e7fe577d9803885d1191c6612b95c246cb605dde (diff) | |
download | nixlib-500d7b81f92152bf54ec15113d481051f68ed6cf.tar nixlib-500d7b81f92152bf54ec15113d481051f68ed6cf.tar.gz nixlib-500d7b81f92152bf54ec15113d481051f68ed6cf.tar.bz2 nixlib-500d7b81f92152bf54ec15113d481051f68ed6cf.tar.lz nixlib-500d7b81f92152bf54ec15113d481051f68ed6cf.tar.xz nixlib-500d7b81f92152bf54ec15113d481051f68ed6cf.tar.zst nixlib-500d7b81f92152bf54ec15113d481051f68ed6cf.zip |
lilypond: add patch to restrict embedded-{ps,svg} when -dsafe is used
Fixes: CVE-2020-17353 Closes: #96802
Diffstat (limited to 'pkgs/misc/lilypond')
-rw-r--r-- | pkgs/misc/lilypond/default.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkgs/misc/lilypond/default.nix b/pkgs/misc/lilypond/default.nix index 9e76693ce8fd..44dbf086ca57 100644 --- a/pkgs/misc/lilypond/default.nix +++ b/pkgs/misc/lilypond/default.nix @@ -16,7 +16,14 @@ stdenv.mkDerivation rec { sha256 = "0qd6pd4siss016ffmcyw5qc6pr2wihnvrgd4kh1x725w7wr02nar"; }; - patches = [ ./findlib.patch ]; + patches = [ + ./findlib.patch + (fetchurl { + name = "CVE-2020-17353.patch"; + url = "https://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commitdiff_plain;h=b84ea4740f3279516905c5db05f4074e777c16ff;hp=b97bd35ac99efd68569327f62f3c8a19511ebe43"; + sha256 = "1i79gy3if070rdgj7j6inw532j0f6ya5qc6kgcnlkbx02rqrhr7v"; + }) + ]; postInstall = '' for f in "$out/bin/"*; do |