diff options
Diffstat (limited to 'pkgs/development/php-packages/composer/default.nix')
| -rw-r--r-- | pkgs/development/php-packages/composer/default.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/pkgs/development/php-packages/composer/default.nix b/pkgs/development/php-packages/composer/default.nix index 40c6dc80fadff..9443905e73740 100644 --- a/pkgs/development/php-packages/composer/default.nix +++ b/pkgs/development/php-packages/composer/default.nix @@ -1,4 +1,4 @@ -{ lib, callPackage, fetchFromGitHub, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }: +{ lib, callPackage, fetchFromGitHub, fetchpatch, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }: php.buildComposerProject (finalAttrs: { # Hash used by ../../../build-support/php/pkgs/composer-phar.nix to @@ -22,6 +22,18 @@ php.buildComposerProject (finalAttrs: { hash = "sha256-CKP7CYOuMKpuWdVveET2iLJPKJyCnv5YVjx4DE68UoE="; }; + patches = [ + (fetchpatch { + name = "CVE-2024-24821.patch"; + url = "https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7.patch"; + hash = "sha256-Q7gkPLf59+p++DpfJZeOrAOiWePuGkdGYRaS/rK+Nv4="; + excludes = [ + # Skipping test files, they are not included in the source tarball + "tests/*" + ]; + }) + ]; + nativeBuildInputs = [ makeBinaryWrapper ]; postInstall = '' |