Merge pull request #271646 from LeSuisse/libnbd-1.18.1-CVE-2023-5871

libnbd: 1.18.0 -> 1.18.1 and apply patch for CVE-2023-5871
2024-09-30 01:17:28 +03:00 · 2023-12-03 22:14:38 +00:00 · 2023-12-03 22:14:38 +00:00 · 694dce5e3c
commit 694dce5e3c
parent 38c76a78a4 124e85cac8
1 changed files with 11 additions and 2 deletions
--- a/pkgs/development/libraries/libnbd/default.nix
+++ b/pkgs/development/libraries/libnbd/default.nix
@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, fetchpatch
 , bash-completion
 , pkg-config
 , perl
@ -12,13 +13,21 @@

 stdenv.mkDerivation rec {
  pname = "libnbd";
-  version = "1.18.0";
+  version = "1.18.1";

  src = fetchurl {
    url = "https://download.libguestfs.org/libnbd/${lib.versions.majorMinor version}-stable/${pname}-${version}.tar.gz";
-    hash = "sha256-srJyd32eCIthoncvM9JQEKCWEOZxxc3YntaV4Ay8kZ8=";
+    hash = "sha256-UNHRphDw1ycRnp0KClzHlSuLIxs5Mc4gcjB+EF/smbY=";
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-5871.patch";
+      url = "https://gitlab.com/nbdkit/libnbd/-/commit/4451e5b61ca07771ceef3e012223779e7a0c7701.patch";
+      hash = "sha256-zmg/kxSJtjp2w9917Sp33ezt7Ccj/inngzCUVesF1Tc=";
+    })
+  ];
+
  nativeBuildInputs = [
    bash-completion
    pkg-config