diff options
author | Vladimír Čunát <v@cunat.cz> | 2019-06-22 11:53:12 +0200 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2019-06-22 11:58:21 +0200 |
commit | 4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e (patch) | |
tree | e9460edea4d6712915fb650026cd1b36f408c354 /pkgs/tools | |
parent | ffd9bf7e2929ec94ee3f8f3ec7b0d889eec302b4 (diff) | |
download | nixlib-4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e.tar nixlib-4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e.tar.gz nixlib-4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e.tar.bz2 nixlib-4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e.tar.lz nixlib-4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e.tar.xz nixlib-4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e.tar.zst nixlib-4fd6cb7abdac13dcb70651dabc33c03f5bc9b16e.zip |
bzip2: patch CVE-2019-12900
The vulnerability seems quite serious. It isn't practical to use fetchpatch here due to bootstrapping, so I just committed the small patch file.
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/compression/bzip2/cve-2019-12900.patch | 13 | ||||
-rw-r--r-- | pkgs/tools/compression/bzip2/default.nix | 1 |
2 files changed, 14 insertions, 0 deletions
diff --git a/pkgs/tools/compression/bzip2/cve-2019-12900.patch b/pkgs/tools/compression/bzip2/cve-2019-12900.patch new file mode 100644 index 000000000000..bf3d13a7a691 --- /dev/null +++ b/pkgs/tools/compression/bzip2/cve-2019-12900.patch @@ -0,0 +1,13 @@ +https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d +diff --git a/decompress.c b/decompress.c +--- a/decompress.c ++++ b/decompress.c +@@ -287,7 +287,7 @@ + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { diff --git a/pkgs/tools/compression/bzip2/default.nix b/pkgs/tools/compression/bzip2/default.nix index ffdbcf463eab..a0ec6c07055b 100644 --- a/pkgs/tools/compression/bzip2/default.nix +++ b/pkgs/tools/compression/bzip2/default.nix @@ -22,6 +22,7 @@ stdenv.mkDerivation rec { patches = [ ./CVE-2016-3189.patch + ./cve-2019-12900.patch ]; postPatch = '' |