libcupsfilters: apply patches CVE-2025-64503 and CVE-2025-57812 (98fbc45e) · Commits · nix / nixpkgs

pkgs/by-name/li/libcupsfilters/package.nix

+20 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,7 @@
		dbus,
		dejavu_fonts,
		fetchFromGitHub,
		fetchpatch,
		fontconfig,
		ghostscript,
		lcms2,
		@@ -31,6 +32,25 @@ stdenv.mkDerivation {
		hash = "sha256-WEcg+NSsny/N1VAR1ejytM+3nOF3JlNuIUPf4w6N2ew=";
		};

		patches = [
		(fetchpatch {
		# https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9
		name = "CVE-2025-64503.patch";
		url = "https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f.patch";
		# File has been renamed before the fix
		decode = "sed -e 's/pdftoraster\.c/pdftoraster\.cxx/g'";
		hash = "sha256-cKbDHZEc/A51M+ce3kVsRxjRUWA96ynGv/avpq4iUHU=";
		})
		(fetchpatch {
		# https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4
		# https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-rc6w-jmvv-v7gx
		# https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-fmvr-45mx-43c6
		name = "CVE-2025-57812.patch";
		url = "https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa.patch";
		hash = "sha256-rPUbgtTu7j3uUZrtUhUPO1vFbV6naxIWsHf6x3JhS74=";
		})
		];

		nativeBuildInputs = [
		autoreconfHook
		pkg-config