Merge pull request #75723 from andir/advancecomp

advancecomp: fix CVE-2019-9210
This commit is contained in:
Michael Raskin 2019-12-15 22:53:36 +00:00 committed by GitHub
commit 5f21b4b896
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,5 +1,9 @@
{ stdenv, fetchFromGitHub
, autoreconfHook, zlib }:
{ stdenv
, fetchFromGitHub
, fetchpatch
, autoreconfHook
, zlib
}:
stdenv.mkDerivation rec {
pname = "advancecomp";
@ -15,6 +19,15 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ zlib ];
patches = [
(fetchpatch {
name = "CVE-2019-9210.patch";
url = "https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02.patch";
sha256 = "0cdv9g87c1y8zwhqkd9ba2zjw4slcvg7yzcqv43idvnwb5fl29n7";
excludes = [ "doc/history.d" ];
})
];
meta = with stdenv.lib; {
description = ''A set of tools to optimize deflate-compressed files'';
license = licenses.gpl3 ;