opencv: CVE-2019-14493

author: Marek Mahut <marek.mahut@gmail.com> 2019-08-23 20:36:31 +0200
committer: Marek Mahut <marek.mahut@gmail.com> 2019-08-23 20:36:31 +0200
commit: 589405a563e2e48a6dd3bc9088b65246e17ec582 (patch)
tree: 5d955fff3b062bf3e7d2adf0143f78ffe6897049 /pkgs/development/libraries/opencv
parent: a8d3aebdce8a2ffb0134fac33e2e9da18aebeb06 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix
index 85bb2f1effd9..3fdc392e92b8 100644
--- a/pkgs/development/libraries/opencv/4.x.nix
+++ b/pkgs/development/libraries/opencv/4.x.nix
@@ -1,5 +1,5 @@
 { lib, stdenv
-, fetchurl, fetchFromGitHub
+, fetchurl, fetchFromGitHub, fetchpatch
 , cmake, pkgconfig, unzip, zlib, pcre, hdf5
 , glog, boost, gflags, protobuf
 , config
@@ -160,6 +160,14 @@ stdenv.mkDerivation rec {
     cp --no-preserve=mode -r "${contribSrc}/modules" "$NIX_BUILD_TOP/source/opencv_contrib"
   '';
 
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023.patch";
+      name = "CVE-2019-14493.patch";
+      sha256 = "14qva9f5z10apz5q0skdyiclr9sgkhab4fzksy1w3b6j6hg4wm7m";
+    })
+  ];
+
   # This prevents cmake from using libraries in impure paths (which
   # causes build failure on non NixOS)
   # Also, work around https://github.com/NixOS/nixpkgs/issues/26304 with
author	Marek Mahut <marek.mahut@gmail.com>	2019-08-23 20:36:31 +0200
committer	Marek Mahut <marek.mahut@gmail.com>	2019-08-23 20:36:31 +0200
commit	589405a563e2e48a6dd3bc9088b65246e17ec582 (patch)
tree	5d955fff3b062bf3e7d2adf0143f78ffe6897049 /pkgs/development/libraries/opencv
parent	a8d3aebdce8a2ffb0134fac33e2e9da18aebeb06 (diff)