diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2017-01-04 23:59:25 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2017-01-05 00:00:24 +0100 |
commit | 22796f0d4f47a7942dd443ca125ade898032022b (patch) | |
tree | 42af4a93e4a68a3c30b0b17284a0716feb4490dc /pkgs/shells/bash | |
parent | fa57b06dc657d4c45040db14c479f2ffb79dc84d (diff) | |
download | nixlib-22796f0d4f47a7942dd443ca125ade898032022b.tar nixlib-22796f0d4f47a7942dd443ca125ade898032022b.tar.gz nixlib-22796f0d4f47a7942dd443ca125ade898032022b.tar.bz2 nixlib-22796f0d4f47a7942dd443ca125ade898032022b.tar.lz nixlib-22796f0d4f47a7942dd443ca125ade898032022b.tar.xz nixlib-22796f0d4f47a7942dd443ca125ade898032022b.tar.zst nixlib-22796f0d4f47a7942dd443ca125ade898032022b.zip |
bash-4.3: fix security problems via a Gentoo patch
Diffstat (limited to 'pkgs/shells/bash')
-rw-r--r-- | pkgs/shells/bash/4.3.nix | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/pkgs/shells/bash/4.3.nix b/pkgs/shells/bash/4.3.nix index 76c24323fca9..f47b2da6b952 100644 --- a/pkgs/shells/bash/4.3.nix +++ b/pkgs/shells/bash/4.3.nix @@ -10,11 +10,21 @@ let baseConfigureFlags = if interactive then "--with-installed-readline" else "--disable-readline"; sha256 = "1m14s1f61mf6bijfibcjm9y6pkyvz6gibyl8p4hxq90fisi8gimg"; + upstreamPatches = + let + patch = nr: sha256: + fetchurl { + url = "mirror://gnu/bash/${realName}-patches/${shortName}-${nr}"; + inherit sha256; + }; + in + import ./bash-4.3-patches.nix patch; + inherit (stdenv.lib) optional optionalString; in stdenv.mkDerivation rec { - name = "${realName}-p${toString (builtins.length patches)}"; + name = "${realName}-p${toString (builtins.length upstreamPatches)}"; src = fetchurl { url = "mirror://gnu/bash/${realName}.tar.gz"; @@ -39,15 +49,14 @@ stdenv.mkDerivation rec { patchFlags = "-p0"; - patches = - (let - patch = nr: sha256: - fetchurl { - url = "mirror://gnu/bash/${realName}-patches/${shortName}-${nr}"; - inherit sha256; - }; - in - import ./bash-4.3-patches.nix patch) + patches = upstreamPatches + ++ [ (fetchurl { + # https://security.gentoo.org/glsa/201701-02 + url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells" + + "/bash/files/bash-4.4-popd-offset-overflow.patch" + + "?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682"; + sha256 = "02n08lw5spvsc2b1bll0gr6mg4qxcg7pzfjkw7ji5w7bjcikccbm"; + }) ] ++ optional stdenv.isCygwin ./cygwin-bash-4.3.33-1.src.patch; crossAttrs = { |