patch: Fix CVE-2018-1000156

1 files changed, 10 insertions, 1 deletions

diff --git a/pkgs/tools/text/gnupatch/default.nix b/pkgs/tools/text/gnupatch/default.nix
index c83eab2e2ef6..0ad2a18236f6 100644
--- a/pkgs/tools/text/gnupatch/default.nix
+++ b/pkgs/tools/text/gnupatch/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl
-, ed
+, ed, autoreconfHook
 , buildPlatform, hostPlatform
 }:
 
@@ -14,9 +14,18 @@ stdenv.mkDerivation rec {
   patches = [
     # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
     ./CVE-2018-6951.patch
+    (fetchurl {
+      url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Allow_input_files_to_be_missing_for_ed-style_patches.patch;
+      sha256 = "0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64";
+    })
+    (fetchurl { # CVE-2018-1000156
+      url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch;
+      sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg";
+    })
   ];
 
   buildInputs = stdenv.lib.optional doCheck ed;
+  nativeBuildInputs = [ autoreconfHook ];
 
   configureFlags = stdenv.lib.optionals (hostPlatform != buildPlatform) [
     "ac_cv_func_strnlen_working=yes"