Merge pull request #70479 from risicle/ris-libapreq2-CVE-2019-12412

perlPackages.libapreq2: add patch for CVE-2019-12412
This commit is contained in:
Aaron Andersen 2019-11-01 15:56:07 -04:00 committed by GitHub
commit 917c498534
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -5,7 +5,7 @@
for each package in a separate file: the call to the function would
be almost as much code as the function itself. */
{config, pkgs, fetchurl, stdenv, perl, overrides, buildPerl, shortenPerlShebang}:
{config, pkgs, fetchurl, fetchpatch, stdenv, perl, overrides, buildPerl, shortenPerlShebang}:
# cpan2nix assumes that perl-packages.nix will be used only with perl 5.28.2 or above
assert stdenv.lib.versionAtLeast perl.version "5.28.2";
@ -9498,6 +9498,14 @@ let
url = mirror://cpan/authors/id/I/IS/ISAAC/libapreq2-2.13.tar.gz;
sha256 = "5731e6833b32d88e4a5c690e45ddf20fcf969ce3da666c5627d775e92da0cf6e";
};
patches = [
(fetchpatch {
name = "CVE-2019-12412.patch";
url = "https://svn.apache.org/viewvc/httpd/apreq/trunk/library/parser_multipart.c?r1=1866760&r2=1866759&pathrev=1866760&view=patch";
sha256 = "08zaw5pb2i4w1y8crhxmlf0d8gzpvi9z49x4nwlkg4j87x7gjvaa";
stripLen = 2;
})
];
outputs = [ "out" ];
buildInputs = [ pkgs.apacheHttpd pkgs.apr pkgs.aprutil ApacheTest ExtUtilsXSBuilder ];
propagatedBuildInputs = [ (pkgs.apacheHttpdPackages.mod_perl.override { inherit perl; }) ];