Merge #68032: systemd: fix CVE-2019-15718 (staging-next)

author: Vladimír Čunát <v@cunat.cz> 2019-09-04 11:03:10 +0200
committer: Vladimír Čunát <v@cunat.cz> 2019-09-04 11:03:10 +0200
commit: b479a214039913672817cffa876f8425b0168881 (patch)
tree: 48f1eeb66f3d4a30b98085fba333095438f9815d /pkgs/os-specific/linux/systemd
parent: 7eb2a3b1cd94ec9d4a191388678ffd7883dea01d (diff)
parent: cde77150393ba1fec58ae0fa3f877766f92b5f28 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index ea82d92f17ae6..4117df8cf13c3 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchFromGitHub, pkgconfig, intltool, gperf, libcap, kmod
+{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap, kmod
 , xz, pam, acl, libuuid, m4, utillinux, libffi
 , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor
 , audit, lz4, bzip2, libmicrohttpd, pcre2
@@ -28,6 +28,14 @@ stdenv.mkDerivation {
     sha256 = "0pyjvzzh8nnxv4z58n82lz1mjnzv44sylcjgkvw8sp35vx1ryxfh";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-15718.patch";
+      url = https://github.com/systemd/systemd/pull/13457/commits/35e528018f315798d3bffcb592b32a0d8f5162bd.patch;
+      sha256 = "0m0ypnnllx4r6a2qy1586as15i2qrzxwi1sqdp14rzdwajz1rvnv";
+    })
+  ];
+
   outputs = [ "out" "lib" "man" "dev" ];
 
   nativeBuildInputs =
author	Vladimír Čunát <v@cunat.cz>	2019-09-04 11:03:10 +0200
committer	Vladimír Čunát <v@cunat.cz>	2019-09-04 11:03:10 +0200
commit	b479a214039913672817cffa876f8425b0168881 (patch)
tree	48f1eeb66f3d4a30b98085fba333095438f9815d /pkgs/os-specific/linux/systemd
parent	7eb2a3b1cd94ec9d4a191388678ffd7883dea01d (diff)
parent	cde77150393ba1fec58ae0fa3f877766f92b5f28 (diff)