diff options
author | Mauricio Collares <mauricio@collares.org> | 2024-05-03 10:53:58 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-03 10:53:58 -0300 |
commit | b2c5e1e4390e88cb5cdb7f96031e0afa2c99b76c (patch) | |
tree | 3cad9e2405326b128c6404a8163caad3a7e5f4b8 /pkgs/applications | |
parent | 013844af158b8f64b05fe338c25789e1c86a19d0 (diff) | |
parent | 6a3601a1c654e27dc3a39e7732ed4b9972b8247f (diff) |
Merge pull request #308781 from LeSuisse/R-CVE-2024-27322
R: apply patch for CVE-2024-27322
Diffstat (limited to 'pkgs/applications')
-rw-r--r-- | pkgs/applications/science/math/R/default.nix | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/pkgs/applications/science/math/R/default.nix b/pkgs/applications/science/math/R/default.nix index acfc38686ea42..5ceb413a24211 100644 --- a/pkgs/applications/science/math/R/default.nix +++ b/pkgs/applications/science/math/R/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, bzip2, gfortran, libX11, libXmu, libXt, libjpeg, libpng +{ lib, stdenv, fetchurl, fetchpatch, bzip2, gfortran, libX11, libXmu, libXt, libjpeg, libpng , libtiff, ncurses, pango, pcre2, perl, readline, tcl, texlive, texliveSmall, tk, xz, zlib , less, texinfo, graphviz, icu, pkg-config, bison, imake, which, jdk, blas, lapack , curl, Cocoa, Foundation, libobjc, libcxx, tzdata @@ -37,6 +37,12 @@ stdenv.mkDerivation (finalAttrs: { patches = [ ./no-usr-local-search-paths.patch + (fetchpatch { + # https://hiddenlayer.com/research/r-bitrary-code-execution/ + name = "CVE-2024-27322.patch"; + url = "https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7.patch"; + hash = "sha256-CH2mMmie9E96JeGSC7UGm7/roUNhK5xv6HO53N2ixEI="; + }) ]; # Test of the examples for package 'tcltk' fails in Darwin sandbox. See: |