diff options
author | Tim Steinbach <tim@nequissimus.com> | 2018-08-05 16:02:57 -0400 |
---|---|---|
committer | Tim Steinbach <tim@nequissimus.com> | 2018-08-05 16:02:57 -0400 |
commit | f0814ec049e8b69547d7ffe1644c0267eba3d8d7 (patch) | |
tree | f06019357115accdc86b0694d0cf4e152cdb82ce /pkgs/tools/text | |
parent | 71680eb127aea3bf6abb6fba1babcb3b212ebb3b (diff) | |
download | nixlib-f0814ec049e8b69547d7ffe1644c0267eba3d8d7.tar nixlib-f0814ec049e8b69547d7ffe1644c0267eba3d8d7.tar.gz nixlib-f0814ec049e8b69547d7ffe1644c0267eba3d8d7.tar.bz2 nixlib-f0814ec049e8b69547d7ffe1644c0267eba3d8d7.tar.lz nixlib-f0814ec049e8b69547d7ffe1644c0267eba3d8d7.tar.xz nixlib-f0814ec049e8b69547d7ffe1644c0267eba3d8d7.tar.zst nixlib-f0814ec049e8b69547d7ffe1644c0267eba3d8d7.zip |
patch: Fix CVE-2018-1000156
Diffstat (limited to 'pkgs/tools/text')
-rw-r--r-- | pkgs/tools/text/gnupatch/default.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/pkgs/tools/text/gnupatch/default.nix b/pkgs/tools/text/gnupatch/default.nix index c83eab2e2ef6..0ad2a18236f6 100644 --- a/pkgs/tools/text/gnupatch/default.nix +++ b/pkgs/tools/text/gnupatch/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl -, ed +, ed, autoreconfHook , buildPlatform, hostPlatform }: @@ -14,9 +14,18 @@ stdenv.mkDerivation rec { patches = [ # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a ./CVE-2018-6951.patch + (fetchurl { + url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Allow_input_files_to_be_missing_for_ed-style_patches.patch; + sha256 = "0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64"; + }) + (fetchurl { # CVE-2018-1000156 + url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch; + sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg"; + }) ]; buildInputs = stdenv.lib.optional doCheck ed; + nativeBuildInputs = [ autoreconfHook ]; configureFlags = stdenv.lib.optionals (hostPlatform != buildPlatform) [ "ac_cv_func_strnlen_working=yes" |