libzip: fix CVE-2015-2331 by Debian patch

Rebuild impact seems low, except for LibreOffice.
author: Vladimír Čunát <vcunat@gmail.com> 2015-04-06 12:11:51 +0200
committer: Vladimír Čunát <vcunat@gmail.com> 2015-04-06 12:13:19 +0200
commit: 4041fc3e850aa1691160a7e8ae1c2cdd2b48355f (patch)
tree: b3920ecb7ff1bb09b9b3b60a47f24e99da34c3b4 /pkgs/development/libraries/libzip
parent: 40db8b6ffd623337635203690daf8a89231481f9 (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/pkgs/development/libraries/libzip/default.nix b/pkgs/development/libraries/libzip/default.nix
index be50a58c54a0e..4af9278c7b1b9 100644
--- a/pkgs/development/libraries/libzip/default.nix
+++ b/pkgs/development/libraries/libzip/default.nix
@@ -2,12 +2,21 @@
 
 stdenv.mkDerivation rec {
   name = "libzip-0.11.2";
-  
+
   src = fetchurl {
     url = "http://www.nih.at/libzip/${name}.tar.gz";
     sha256 = "1mcqrz37vjrfr4gnss37z1m7xih9x9miq3mms78zf7wn7as1znw3";
   };
-  
+
+  # fix CVE-2015-2331 taken from Debian patch:
+  # https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=libzip-0.11.2-1.2-nmu.diff;att=1;bug=780756
+  postPatch = ''
+    substituteInPlace lib/zip_dirent.c --replace \
+      'else if ((cd->entry=(struct zip_entry *)' \
+      'else if (nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)'
+    cat lib/zip_dirent.c
+  '';
+
   propagatedBuildInputs = [ zlib ];
 
   # At least mysqlWorkbench cannot find zipconf.h; I think also openoffice
author	Vladimír Čunát <vcunat@gmail.com>	2015-04-06 12:11:51 +0200
committer	Vladimír Čunát <vcunat@gmail.com>	2015-04-06 12:13:19 +0200
commit	4041fc3e850aa1691160a7e8ae1c2cdd2b48355f (patch)
tree	b3920ecb7ff1bb09b9b3b60a47f24e99da34c3b4 /pkgs/development/libraries/libzip
parent	40db8b6ffd623337635203690daf8a89231481f9 (diff)