diff options
| author | Jörg Thalheim <joerg@higgsboson.tk> | 2016-10-03 22:53:21 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-03 22:53:21 +0200 |
| commit | 45f64a37c9b4e38bb0a2f7d10337594b34658b23 (patch) | |
| tree | ab86a7ea35c112ba3d4487b8d9fa7c32db3020dc /pkgs/os-specific | |
| parent | 888f6a1280370de4f8268e0bae8d4b49d4db4cbc (diff) | |
| parent | ba00ba65eb45db72b35afc3dae619f62cec608a6 (diff) | |
| download | nixlib-45f64a37c9b4e38bb0a2f7d10337594b34658b23.tar nixlib-45f64a37c9b4e38bb0a2f7d10337594b34658b23.tar.gz nixlib-45f64a37c9b4e38bb0a2f7d10337594b34658b23.tar.bz2 nixlib-45f64a37c9b4e38bb0a2f7d10337594b34658b23.tar.lz nixlib-45f64a37c9b4e38bb0a2f7d10337594b34658b23.tar.xz nixlib-45f64a37c9b4e38bb0a2f7d10337594b34658b23.tar.zst nixlib-45f64a37c9b4e38bb0a2f7d10337594b34658b23.zip | |
Merge pull request #19175 from Mic92/util-linux
util-linux: workaround CVE-2016-2779
Diffstat (limited to 'pkgs/os-specific')
| -rw-r--r-- | pkgs/os-specific/linux/util-linux/default.nix | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index b777042d6011..c11056dff42b 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pkgconfig, zlib, ncurses ? null, perl ? null, pam, systemd, minimal ? false }: +{ lib, stdenv, fetchurl, pkgconfig, zlib, libseccomp, fetchpatch, autoreconfHook, ncurses ? null, perl ? null, pam, systemd, minimal ? false }: stdenv.mkDerivation rec { name = "util-linux-${version}"; @@ -14,7 +14,11 @@ stdenv.mkDerivation rec { patches = [ ./rtcwake-search-PATH-for-shutdown.patch - ]; + # CVE-2016-2779 + (fetchpatch { + url = https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2.patch; + sha256 = "0parn2zq21lh22r2ixmhqchm4jx2mwj84i9h92225hr4240xxndx"; + })]; outputs = [ "bin" "dev" "out" "man" ]; @@ -50,9 +54,11 @@ stdenv.mkDerivation rec { makeFlags = "usrbin_execdir=$(bin)/bin usrsbin_execdir=$(bin)/sbin"; - nativeBuildInputs = [ pkgconfig ]; + # autoreconfHook is required for CVE-2016-2779 + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + # libseccomp is required for CVE-2016-2779 buildInputs = - [ zlib pam ] + [ zlib pam libseccomp ] ++ lib.optional (ncurses != null) ncurses ++ lib.optional (systemd != null) systemd ++ lib.optional (perl != null) perl; |