From f3bf4505a91bb16b9387baeb5d2f16444a354aec Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <vcunat@gmail.com>
Date: Thu, 26 Feb 2015 21:24:45 +0100
Subject: cpio: fix CVE-2015-1197 by Suse patch

---
 pkgs/tools/archivers/cpio/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'pkgs/tools/archivers/cpio/default.nix')

diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix
index 0bfa81cb9478c..6a61ded4b1980 100644
--- a/pkgs/tools/archivers/cpio/default.nix
+++ b/pkgs/tools/archivers/cpio/default.nix
@@ -18,6 +18,15 @@ stdenv.mkDerivation {
     })
   ] ++ stdenv.lib.optional stdenv.isDarwin ./darwin-fix.patch;
 
+  postPatch = let pp =
+    fetchpatch {
+      name = "CVE-2015-1197.diff";
+      url = "https://marc.info/?l=oss-security&m=142289947619786&w=2";
+      sha256 = "0fr95bj416zfljv40fl1sh50059d18wdmfgaq8ad2fqi5cnbk859";
+    };
+    # one "<" and one "&" sign get mangled in the patch
+    in "cat ${pp} | sed 's/&lt;/</;s/&amp;/\\&/' | patch -p1";
+
   meta = {
     homepage = http://www.gnu.org/software/cpio/;
     description = "A program to create or extract from cpio archives";
-- 
cgit 1.4.1