diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-03-08 09:57:58 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-03-08 09:58:19 +0100 |
commit | 09af15654f0c8091f1b9e0bbb2e523cdee194442 (patch) | |
tree | e648edef1ce4c64c533f2593aa22b8015cf0e506 /pkgs/tools/archivers | |
parent | f306e67e15bdbe9a8358c9f81319fc4fcbadc2eb (diff) | |
parent | 0ee75214f336474e127c2e3546c0406a0c4d5fa7 (diff) | |
download | nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.gz nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.bz2 nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.lz nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.xz nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.zst nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.zip |
Merge master into closure-size
The kde-5 stuff still didn't merge well. I hand-fixed what I saw, but there may be more problems.
Diffstat (limited to 'pkgs/tools/archivers')
-rw-r--r-- | pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch | 29 | ||||
-rw-r--r-- | pkgs/tools/archivers/cpio/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/archivers/undmg/default.nix | 27 | ||||
-rw-r--r-- | pkgs/tools/archivers/undmg/setup-hook.sh | 5 | ||||
-rw-r--r-- | pkgs/tools/archivers/unrar/default.nix | 17 |
5 files changed, 75 insertions, 7 deletions
diff --git a/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch b/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch new file mode 100644 index 000000000000..90ddeff9790e --- /dev/null +++ b/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch @@ -0,0 +1,29 @@ +diff --git a/src/copyin.c b/src/copyin.c +index cde911e..032d35f 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -1385,6 +1385,8 @@ process_copy_in () + break; + } + ++ if (file_hdr.c_namesize <= 1) ++ file_hdr.c_name = xrealloc(file_hdr.c_name, 2); + cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, + false); + +diff --git a/src/util.c b/src/util.c +index 6ff6032..2763ac1 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -1411,7 +1411,10 @@ set_file_times (int fd, + } + + /* Do we have to ignore absolute paths, and if so, does the filename +- have an absolute path? */ ++ have an absolute path? ++ Before calling this function make sure that the allocated NAME buffer has ++ capacity at least 2 bytes to allow us to store the "." string inside. */ ++ + void + cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, + bool strip_leading_dots) diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix index 570f1904ee21..2313f27f2e54 100644 --- a/pkgs/tools/archivers/cpio/default.nix +++ b/pkgs/tools/archivers/cpio/default.nix @@ -19,6 +19,10 @@ in stdenv.mkDerivation { + "CVE-2015-1197-cpio-2.12.patch"; sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v"; }) + + # Report: http://www.openwall.com/lists/oss-security/2016/01/19/4 + # Patch from https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html + ./CVE-2016-2037-out-of-bounds-write.patch ]; preConfigure = if stdenv.isCygwin then '' diff --git a/pkgs/tools/archivers/undmg/default.nix b/pkgs/tools/archivers/undmg/default.nix new file mode 100644 index 000000000000..5cb7bf2c62fc --- /dev/null +++ b/pkgs/tools/archivers/undmg/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, zlib, bzip2 }: + +stdenv.mkDerivation rec { + version = "1.0.2"; + name = "undmg-${version}"; + + src = fetchFromGitHub { + owner = "matthewbauer"; + repo = "undmg"; + rev = "refs/tags/v${version}"; + sha256 = "0w9vwvj9zbpsjkg251bwv9y10wjyjmh54q2piklz74w64rlbqblr"; + name = "undmg-${version}"; + }; + + buildInputs = [ zlib bzip2 ]; + + setupHook = ./setup-hook.sh; + + installFlags = "PREFIX=\${out}"; + + meta = { + homepage = https://github.com/matthewbauer/undmg; + description = "Extract a DMG file"; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/pkgs/tools/archivers/undmg/setup-hook.sh b/pkgs/tools/archivers/undmg/setup-hook.sh new file mode 100644 index 000000000000..e5c8dda23b6a --- /dev/null +++ b/pkgs/tools/archivers/undmg/setup-hook.sh @@ -0,0 +1,5 @@ +unpackCmdHooks+=(_tryUnpackDmg) +_tryUnpackDmg() { + if ! [[ "$curSrc" =~ \.dmg$ ]]; then return 1; fi + undmg < "$curSrc" +} diff --git a/pkgs/tools/archivers/unrar/default.nix b/pkgs/tools/archivers/unrar/default.nix index 86ad4a4c1453..769f20c41111 100644 --- a/pkgs/tools/archivers/unrar/default.nix +++ b/pkgs/tools/archivers/unrar/default.nix @@ -1,18 +1,18 @@ {stdenv, fetchurl}: -let - version = "5.3.9"; -in -stdenv.mkDerivation { +stdenv.mkDerivation rec { name = "unrar-${version}"; + version = "5.3.11"; src = fetchurl { url = "http://www.rarlab.com/rar/unrarsrc-${version}.tar.gz"; - sha256 = "0nsxwg1zp3s34wyjznwmy2cc5929yk7m5smq11cqdb6hmql3fngz"; + sha256 = "0qw77gvr57azjbn76cjlm4sv1hf2hh90g7n7n33gfvlpnbs7mf3p"; }; - preBuild = '' - export buildFlags="CXX=$CXX" + buildPhase = '' + make unrar + make clean + make lib ''; installPhase = '' @@ -21,6 +21,9 @@ stdenv.mkDerivation { mkdir -p $out/share/doc/unrar cp acknow.txt license.txt \ $out/share/doc/unrar + + install -Dm755 libunrar.so $out/lib/libunrar.so + install -D dll.hpp $out/include/unrar/dll.hpp ''; setupHook = ./setup-hook.sh; |