diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2017-12-09 13:09:28 +0100 |
|---|---|---|
| committer | Andreas Rammhold <andreas@rammhold.de> | 2017-12-09 13:10:47 +0100 |
| commit | 3d2df41a8fe6591181f88b3aff16e1f62bc8efa6 (patch) | |
| tree | 70a7f76e37c791445d6700b56e91b193b92d438c /pkgs/applications | |
| parent | 0a41fc6b7cba755076b18141c035333ab73bb6de (diff) | |
| download | nixlib-3d2df41a8fe6591181f88b3aff16e1f62bc8efa6.tar nixlib-3d2df41a8fe6591181f88b3aff16e1f62bc8efa6.tar.gz nixlib-3d2df41a8fe6591181f88b3aff16e1f62bc8efa6.tar.bz2 nixlib-3d2df41a8fe6591181f88b3aff16e1f62bc8efa6.tar.lz nixlib-3d2df41a8fe6591181f88b3aff16e1f62bc8efa6.tar.xz nixlib-3d2df41a8fe6591181f88b3aff16e1f62bc8efa6.tar.zst nixlib-3d2df41a8fe6591181f88b3aff16e1f62bc8efa6.zip | |
rsync: fix CVE-2017-16548
Diffstat (limited to 'pkgs/applications')
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/base.nix | 19 | ||||
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/rrsync.nix | 4 |
3 files changed, 17 insertions, 10 deletions
diff --git a/pkgs/applications/networking/sync/rsync/base.nix b/pkgs/applications/networking/sync/rsync/base.nix index a95835610d52..f6224b0f48f1 100644 --- a/pkgs/applications/networking/sync/rsync/base.nix +++ b/pkgs/applications/networking/sync/rsync/base.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, fetchpatch }: rec { version = "3.1.2"; @@ -7,11 +7,18 @@ rec { url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; sha256 = "1hm1q04hz15509f0p9bflw4d6jzfvpm1d36dxjwihk1wzakn5ypc"; }; - patches = fetchurl { - # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 - url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; - sha256 = "09i3dcl37p22dp75vlnsvx7bm05ggafnrf1zwhf2kbij4ngvxvpd"; - }; + patches = [ + (fetchurl { + # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 + url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; + sha256 = "09i3dcl37p22dp75vlnsvx7bm05ggafnrf1zwhf2kbij4ngvxvpd"; + }) + (fetchpatch { + name = "CVE-2017-16548.patch"; + url = "https://git.samba.org/rsync.git/?p=rsync.git;a=commitdiff_plain;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hp=bc112b0e7feece62ce98708092306639a8a53cce"; + sha256 = "1dcdnfhbc5gd0ph7pds0xr2v8rpb2a4p7l9c1wml96nhnyww1pg1"; + }) + ]; meta = with stdenv.lib; { homepage = http://rsync.samba.org/; diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 1f5e9601ff22..8c66e41f4cd2 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, perl, libiconv, zlib, popt +{ stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt , enableACLs ? true, acl ? null , enableCopyDevicesPatch ? false }: @@ -6,7 +6,7 @@ assert enableACLs -> acl != null; let - base = import ./base.nix { inherit stdenv fetchurl; }; + base = import ./base.nix { inherit stdenv fetchurl fetchpatch; }; in stdenv.mkDerivation rec { name = "rsync-${base.version}"; diff --git a/pkgs/applications/networking/sync/rsync/rrsync.nix b/pkgs/applications/networking/sync/rsync/rrsync.nix index 7563b0ea1950..bc2a6eb9c3cb 100644 --- a/pkgs/applications/networking/sync/rsync/rrsync.nix +++ b/pkgs/applications/networking/sync/rsync/rrsync.nix @@ -1,7 +1,7 @@ -{ stdenv, fetchurl, perl, rsync }: +{ stdenv, fetchurl, fetchpatch, perl, rsync }: let - base = import ./base.nix { inherit stdenv fetchurl; }; + base = import ./base.nix { inherit stdenv fetchurl fetchpatch; }; in stdenv.mkDerivation rec { name = "rrsync-${base.version}"; |