From 4b759a0011dd91d921ccf5c379b7291535cfc280 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Nov 2017 21:19:12 +0100 Subject: [PATCH] rzip: fix CVE-2017-8364 --- pkgs/tools/compression/rzip/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/compression/rzip/default.nix b/pkgs/tools/compression/rzip/default.nix index 2737966b83e5..ad1b80410419 100644 --- a/pkgs/tools/compression/rzip/default.nix +++ b/pkgs/tools/compression/rzip/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, bzip2}: +{stdenv, fetchurl, fetchpatch, bzip2}: stdenv.mkDerivation { name = "rzip-2.1"; @@ -8,6 +8,14 @@ stdenv.mkDerivation { }; buildInputs = [ bzip2 ]; + patches = [ + (fetchpatch { + name = "CVE-2017-8364-fill-buffer.patch"; + url = https://sources.debian.net/data/main/r/rzip/2.1-4.1/debian/patches/80-CVE-2017-8364-fill-buffer.patch; + sha256 = "0jcjlx9ksdvxvjyxmyzscx9ar9992iy5icw0sc3n0p09qi4d6x1r"; + }) + ]; + meta = { homepage = http://rzip.samba.org/; description = "Compression program";