diff options
author | Daniel Frank <git@danielfrank.net> | 2020-05-01 14:25:42 +0200 |
---|---|---|
committer | Daniel Frank <git@danielfrank.net> | 2020-05-01 14:26:18 +0200 |
commit | dd16c3944c062ec7617981cd9a54d51925c73d19 (patch) | |
tree | 23fa7ebd9ec798d863dc892b1f767d397c577ea4 /pkgs/tools/archivers | |
parent | 9d11b73c332d4ae65ea6dc9aad1c236100f7e4a9 (diff) | |
download | nixlib-dd16c3944c062ec7617981cd9a54d51925c73d19.tar nixlib-dd16c3944c062ec7617981cd9a54d51925c73d19.tar.gz nixlib-dd16c3944c062ec7617981cd9a54d51925c73d19.tar.bz2 nixlib-dd16c3944c062ec7617981cd9a54d51925c73d19.tar.lz nixlib-dd16c3944c062ec7617981cd9a54d51925c73d19.tar.xz nixlib-dd16c3944c062ec7617981cd9a54d51925c73d19.tar.zst nixlib-dd16c3944c062ec7617981cd9a54d51925c73d19.zip |
p7zip: fix two CVEs
Diffstat (limited to 'pkgs/tools/archivers')
-rw-r--r-- | pkgs/tools/archivers/p7zip/default.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/archivers/p7zip/default.nix b/pkgs/tools/archivers/p7zip/default.nix index 3f0c2487c91b..7e384902098b 100644 --- a/pkgs/tools/archivers/p7zip/default.nix +++ b/pkgs/tools/archivers/p7zip/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, lib, enableUnfree ? false }: +{ stdenv, fetchurl, fetchpatch, lib, enableUnfree ? false }: stdenv.mkDerivation rec { pname = "p7zip"; @@ -12,6 +12,14 @@ stdenv.mkDerivation rec { patches = [ ./12-CVE-2016-9296.patch ./13-CVE-2017-17969.patch + (fetchpatch { + url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch"; + sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp"; + }) + (fetchpatch { + url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch"; + sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6"; + }) ]; # Default makefile is full of impurities on Darwin. The patch doesn't hurt Linux so I'm leaving it unconditional |