diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2017-12-24 15:50:08 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2017-12-25 10:36:36 +0100 |
commit | 0e762cdc0e6ad200239b003ed38f26de1de35b5d (patch) | |
tree | 31d50416965c25cea5dc05e60a3abc4f805c6d7d /pkgs/tools | |
parent | 6e0387a1e6425066ea2fd838e35ffc7325bc6729 (diff) | |
parent | ced4e5a6831e57b48f06abc6b4a0251d0ee8764f (diff) | |
download | nixlib-0e762cdc0e6ad200239b003ed38f26de1de35b5d.tar nixlib-0e762cdc0e6ad200239b003ed38f26de1de35b5d.tar.gz nixlib-0e762cdc0e6ad200239b003ed38f26de1de35b5d.tar.bz2 nixlib-0e762cdc0e6ad200239b003ed38f26de1de35b5d.tar.lz nixlib-0e762cdc0e6ad200239b003ed38f26de1de35b5d.tar.xz nixlib-0e762cdc0e6ad200239b003ed38f26de1de35b5d.tar.zst nixlib-0e762cdc0e6ad200239b003ed38f26de1de35b5d.zip |
Merge older staging branch
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/archivers/gnutar/CVE-2016-6321.patch | 35 | ||||
-rw-r--r-- | pkgs/tools/archivers/gnutar/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/networking/curl/default.nix | 7 |
3 files changed, 6 insertions, 42 deletions
diff --git a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch b/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch deleted file mode 100644 index c53d92891fc4..000000000000 --- a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 7340f67b9860ea0531c1450e5aa261c50f67165d -Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> -Date: Sat Oct 29 21:04:40 2016 -0700 - - When extracting, skip ".." members - - * NEWS: Document this. - * src/extract.c (extract_archive): Skip members whose names - contain "..". - -diff --git a/src/extract.c b/src/extract.c -index f982433..7904148 100644 ---- a/src/extract.c -+++ b/src/extract.c -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { diff --git a/pkgs/tools/archivers/gnutar/default.nix b/pkgs/tools/archivers/gnutar/default.nix index 447ef1f623fc..4677ee45afb2 100644 --- a/pkgs/tools/archivers/gnutar/default.nix +++ b/pkgs/tools/archivers/gnutar/default.nix @@ -2,15 +2,13 @@ stdenv.mkDerivation rec { name = "gnutar-${version}"; - version = "1.29"; + version = "1.30"; src = fetchurl { url = "mirror://gnu/tar/tar-${version}.tar.xz"; - sha256 = "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"; + sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0x3fsh7l63a8jgaz1n7dr5gzi"; }; - patches = [ ./CVE-2016-6321.patch ]; - # avoid retaining reference to CF during stdenv bootstrap configureFlags = stdenv.lib.optionals stdenv.isDarwin [ "gt_cv_func_CFPreferencesCopyAppValue=no" diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index c356a307e3e3..be42c4a1381a 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -6,7 +6,7 @@ , sslSupport ? false, openssl ? null , gnutlsSupport ? false, gnutls ? null , scpSupport ? false, libssh2 ? null -, gssSupport ? false, gss ? null +, gssSupport ? false, kerberos ? null , c-aresSupport ? false, c-ares ? null , brotliSupport ? false, brotli ? null }: @@ -21,6 +21,7 @@ assert gnutlsSupport -> gnutls != null; assert scpSupport -> libssh2 != null; assert c-aresSupport -> c-ares != null; assert brotliSupport -> brotli != null; +assert gssSupport -> kerberos != null; stdenv.mkDerivation rec { name = "curl-7.57.0"; @@ -45,7 +46,7 @@ stdenv.mkDerivation rec { optional idnSupport libidn ++ optional ldapSupport openldap ++ optional zlibSupport zlib ++ - optional gssSupport gss ++ + optional gssSupport kerberos ++ optional c-aresSupport c-ares ++ optional sslSupport openssl ++ optional gnutlsSupport gnutls ++ @@ -70,7 +71,7 @@ stdenv.mkDerivation rec { ( if brotliSupport then "--with-brotli" else "--without-brotli" ) ] ++ stdenv.lib.optional c-aresSupport "--enable-ares=${c-ares}" - ++ stdenv.lib.optional gssSupport "--with-gssapi=${gss}"; + ++ stdenv.lib.optional gssSupport "--with-gssapi=${kerberos.dev}"; CXX = "c++"; CXXCPP = "c++ -E"; |