Merge commit '432fc2d9a67f92e05438dff5fdc2b39d33f77997'

# Conflicts: # nixpkgs/pkgs/applications/editors/emacs/elisp-packages/elpa-generated.nix # nixpkgs/pkgs/applications/networking/mailreaders/thunderbird/default.nix # nixpkgs/pkgs/applications/window-managers/sway/default.nix # nixpkgs/pkgs/build-support/rust/default.nix # nixpkgs/pkgs/development/go-modules/generic/default.nix
author: Alyssa Ross <hi@alyssa.is> 2021-06-22 15:01:47 +0000
committer: Alyssa Ross <hi@alyssa.is> 2021-06-22 16:57:59 +0000
commit: 633cab0ecb07627706c6b523e219490f019eaab5 (patch)
tree: 4fb472bdfe2723037dad53dc1b8a87c939015f5e /nixpkgs/pkgs/development/libraries/cereal
parent: ffb691c199e7e0cbc4e45e5310779c9e3f7c2a73 (diff)
parent: 432fc2d9a67f92e05438dff5fdc2b39d33f77997 (diff)
download: nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar
nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.gz
nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.bz2
nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.lz
nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.xz
nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.zst
nixlib-633cab0ecb07627706c6b523e219490f019eaab5.zip
1 files changed, 14 insertions, 2 deletions
diff --git a/nixpkgs/pkgs/development/libraries/cereal/default.nix b/nixpkgs/pkgs/development/libraries/cereal/default.nix
index d2321175f8bd..958a92dec34e 100644
--- a/nixpkgs/pkgs/development/libraries/cereal/default.nix
+++ b/nixpkgs/pkgs/development/libraries/cereal/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, cmake }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake }:
 stdenv.mkDerivation rec {
   pname = "cereal";
   version = "1.3.0";
@@ -12,7 +12,19 @@ stdenv.mkDerivation rec {
     sha256 = "0hc8wh9dwpc1w1zf5lfss4vg5hmgpblqxbrpp1rggicpx9ar831p";
   };
 
-  cmakeFlagsArray = [ "-DJUST_INSTALL_CEREAL=yes" ];
+  patches = [
+    # https://nvd.nist.gov/vuln/detail/CVE-2020-11105
+    # serialized std::shared_ptr variables cannot always be expected to
+    # serialize back into their original values. This can have any number of
+    # consequences, depending on the context within which this manifests.
+    (fetchpatch {
+      name = "CVE-2020-11105.patch";
+      url = "https://github.com/USCiLab/cereal/commit/f27c12d491955c94583512603bf32c4568f20929.patch";
+      sha256 = "CIkbJ7bAN0MXBhTXQdoQKXUmY60/wQvsdn99FaWt31w=";
+    })
+  ];
+
+  cmakeFlags = [ "-DJUST_INSTALL_CEREAL=yes" ];
 
   meta = with lib; {
     description = "A header-only C++11 serialization library";
author	Alyssa Ross <hi@alyssa.is>	2021-06-22 15:01:47 +0000
committer	Alyssa Ross <hi@alyssa.is>	2021-06-22 16:57:59 +0000
commit	633cab0ecb07627706c6b523e219490f019eaab5 (patch)
tree	4fb472bdfe2723037dad53dc1b8a87c939015f5e /nixpkgs/pkgs/development/libraries/cereal
parent	ffb691c199e7e0cbc4e45e5310779c9e3f7c2a73 (diff)
parent	432fc2d9a67f92e05438dff5fdc2b39d33f77997 (diff)
download	nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.gz nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.bz2 nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.lz nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.xz nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.zst nixlib-633cab0ecb07627706c6b523e219490f019eaab5.zip