diff options
author | Lily Foster <lily@lily.flowers> | 2024-05-08 10:33:48 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-08 10:33:48 -0400 |
commit | 0b76e6184e98e13e1814b8ce33d6930eaf262b52 (patch) | |
tree | 1bb20e85c43fa21bf58e04b7a2cdfabaaf4f93a9 /pkgs | |
parent | bd8d932ecdadd7df2597e7d06f4b29526cf1f24b (diff) | |
parent | f409d2f9ae334b777960681017a54fedf4533c1d (diff) |
Merge pull request #309400 from chuangzhu/curl-impersonate-patch-vulns
curl-impersonate: patch knownVulnerabilities
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/tools/networking/curl-impersonate/default.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix index be9f3f61df1c0..2ea3ac6a09a22 100644 --- a/pkgs/tools/networking/curl-impersonate/default.nix +++ b/pkgs/tools/networking/curl-impersonate/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , callPackage , buildGoModule , installShellFiles @@ -41,6 +42,12 @@ let # Fix shebangs in the NSS build script # (can't just patchShebangs since makefile unpacks it) ./curl-impersonate-0.5.2-fix-shebangs.patch + + # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html + (fetchpatch { + url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.patch"; + hash = "sha256-jFrz4Q+MJGfNmwwzHhThado4c9hTd/+b/bfRsr3FW5k="; + }) ]; # Disable blanket -Werror to fix build on `gcc-13` related to minor @@ -159,12 +166,6 @@ let license = with licenses; [ curl mit ]; maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ]; platforms = platforms.unix; - knownVulnerabilities = [ - "CVE-2023-38545" # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html - "CVE-2023-32001" # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html - "CVE-2022-43551" # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html - "CVE-2022-42916" # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html - ]; }; }; in |