diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/cairo')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/cairo/default.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/cairo/default.nix b/nixpkgs/pkgs/development/libraries/cairo/default.nix index 137da005062e..905098faead9 100644 --- a/nixpkgs/pkgs/development/libraries/cairo/default.nix +++ b/nixpkgs/pkgs/development/libraries/cairo/default.nix @@ -53,6 +53,16 @@ in stdenv.mkDerivation rec { ./0002-gl-don-t-implicitly-include-X11-headers.patch ./0003-test-only-build-GL-tests-when-Xlib-is-enabled.patch ./0004-util-don-t-build-cairo-sphinx-unless-PNG-enabled.patch + + # Fixes CVE-2020-35492; see https://github.com/NixOS/nixpkgs/issues/120364. + # CVE information: https://nvd.nist.gov/vuln/detail/CVE-2020-35492 + # Upstream PR: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/85 + (fetchpatch { + name = "CVE-2020-35492.patch"; + includes = [ "src/cairo-image-compositor.c" ]; + url = "https://github.com/freedesktop/cairo/commit/78266cc8c0f7a595cfe8f3b694bfb9bcc3700b38.patch"; + sha256 = "048nzfz7rkgqb9xs0dfs56qdw7ckkxr87nbj3p0qziqdq4nb6wki"; + }) ] ++ optionals stdenv.hostPlatform.isDarwin [ # Workaround https://gitlab.freedesktop.org/cairo/cairo/-/issues/121 ./skip-configure-stderr-check.patch |