bspatch: security and bug fixes

1 files changed, 24 insertions, 2 deletions

diff --git a/pkgs/tools/compression/bsdiff/default.nix b/pkgs/tools/compression/bsdiff/default.nix
index 8f8818781ab4b..541609bf13b3c 100644
--- a/pkgs/tools/compression/bsdiff/default.nix
+++ b/pkgs/tools/compression/bsdiff/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, bzip2 }:
+{ lib, stdenv, fetchurl, fetchpatch, bzip2 }:
 
 stdenv.mkDerivation rec {
   pname = "bsdiff";
@@ -10,7 +10,29 @@ stdenv.mkDerivation rec {
   };
 
   buildInputs = [ bzip2 ];
-  patches = [ ./include-systypes.patch ];
+  patches = [
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/20-CVE-2014-9862.patch";
+      sha256 = "sha256-3UuUfNvShQ8fLqxCKUTb/n4BmjL4+Nl7aEqCxYrrERQ=";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/30-bug-632585-mmap-src-file-instead-of-malloc-read-it.patch";
+      sha256 = "sha256-esbhz2/efUiuQDuF7LGfSeEn3/f1WbqCxQpTs2A0ulI=";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/31-bug-632585-mmap-dst-file-instead-of-malloc-read-it.patch";
+      sha256 = "sha256-Of4aOcI0rsgdRzPqyw2VRn2p9wQuo3hdlgDTBdXGzoc=";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/32-bug-632585-use-int32_t-instead-off_t-for-file-size.patch";
+      sha256 = "sha256-SooFnFK4uKNXvXQb/LEcH8GocnRtkryExI4b3BZTsAY=";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/33-CVE-2020-14315.patch";
+      sha256 = "sha256-eHu0ulZ4dneIju3GuffzvbpI0Hk2eDpovEUjmrHDk9U=";
+    })
+    ./include-systypes.patch
+  ];
 
   buildPhase = ''
     $CC -O3 -lbz2 bspatch.c -o bspatch