diff options
-rw-r--r-- | pkgs/tools/networking/curl-impersonate/default.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix index be9f3f61df1c0..2ea3ac6a09a22 100644 --- a/pkgs/tools/networking/curl-impersonate/default.nix +++ b/pkgs/tools/networking/curl-impersonate/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , callPackage , buildGoModule , installShellFiles @@ -41,6 +42,12 @@ let # Fix shebangs in the NSS build script # (can't just patchShebangs since makefile unpacks it) ./curl-impersonate-0.5.2-fix-shebangs.patch + + # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html + (fetchpatch { + url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.patch"; + hash = "sha256-jFrz4Q+MJGfNmwwzHhThado4c9hTd/+b/bfRsr3FW5k="; + }) ]; # Disable blanket -Werror to fix build on `gcc-13` related to minor @@ -159,12 +166,6 @@ let license = with licenses; [ curl mit ]; maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ]; platforms = platforms.unix; - knownVulnerabilities = [ - "CVE-2023-38545" # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html - "CVE-2023-32001" # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html - "CVE-2022-43551" # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html - "CVE-2022-42916" # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html - ]; }; }; in |