diff options
author | Robert Scott <code@humanleg.org.uk> | 2019-10-26 14:28:02 +0100 |
---|---|---|
committer | Robert Scott <code@humanleg.org.uk> | 2019-11-04 20:43:34 +0000 |
commit | be28735bfe1a9cb307355cd32c4d8603df756136 (patch) | |
tree | 3eec3f21000b049d244640a6055d9596b4cb7aaf | |
parent | 0391c19a73bbe758acf10f2766d1a54db08bd458 (diff) |
file: add patch for CVE-2019-18218
upstream patch https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84.patch doesn't apply directly, debian have a version which has been adapted for 5.37. (cherry picked from commit 99273fc55533db11748750f5337f0791e8233cee)
-rw-r--r-- | pkgs/tools/misc/file/default.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix index ed31d01f09d5e..33d9972e867c4 100644 --- a/pkgs/tools/misc/file/default.nix +++ b/pkgs/tools/misc/file/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, file, zlib, libgnurx }: +{ stdenv, fetchurl, fetchpatch, file, zlib, libgnurx }: stdenv.mkDerivation rec { name = "file-${version}"; @@ -12,6 +12,14 @@ stdenv.mkDerivation rec { sha256 = "0ya330cdkvfi2d28h8gvhghj4gnhysmifmryysl0a97xq2884q7v"; }; + patches = [ + (fetchpatch { + name = "CVE-2019-18218.patch"; + url = "https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch"; + sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj"; + }) + ]; + nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file; buildInputs = [ zlib ] ++ stdenv.lib.optional stdenv.hostPlatform.isWindows libgnurx; |