diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2015-04-06 12:11:51 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2015-04-06 12:13:19 +0200 |
commit | 4041fc3e850aa1691160a7e8ae1c2cdd2b48355f (patch) | |
tree | b3920ecb7ff1bb09b9b3b60a47f24e99da34c3b4 /pkgs/development/libraries/libzip | |
parent | 40db8b6ffd623337635203690daf8a89231481f9 (diff) |
libzip: fix CVE-2015-2331 by Debian patch
Rebuild impact seems low, except for LibreOffice.
Diffstat (limited to 'pkgs/development/libraries/libzip')
-rw-r--r-- | pkgs/development/libraries/libzip/default.nix | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/pkgs/development/libraries/libzip/default.nix b/pkgs/development/libraries/libzip/default.nix index be50a58c54a0e..4af9278c7b1b9 100644 --- a/pkgs/development/libraries/libzip/default.nix +++ b/pkgs/development/libraries/libzip/default.nix @@ -2,12 +2,21 @@ stdenv.mkDerivation rec { name = "libzip-0.11.2"; - + src = fetchurl { url = "http://www.nih.at/libzip/${name}.tar.gz"; sha256 = "1mcqrz37vjrfr4gnss37z1m7xih9x9miq3mms78zf7wn7as1znw3"; }; - + + # fix CVE-2015-2331 taken from Debian patch: + # https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=libzip-0.11.2-1.2-nmu.diff;att=1;bug=780756 + postPatch = '' + substituteInPlace lib/zip_dirent.c --replace \ + 'else if ((cd->entry=(struct zip_entry *)' \ + 'else if (nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)' + cat lib/zip_dirent.c + ''; + propagatedBuildInputs = [ zlib ]; # At least mysqlWorkbench cannot find zipconf.h; I think also openoffice |