Merge pull request #30736 from pbogdan/foomatic-filters-cves

foomatic-filters: fix CVE-2015-8327 & CVE-2015-8560
This commit is contained in:
Michael Raskin 2017-10-24 08:37:39 +02:00 committed by GitHub
commit d754f7c9ce

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, perl, cups, dbus, enscript }: { stdenv, fetchpatch, fetchurl, pkgconfig, perl, cups, dbus, enscript }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "foomatic-filters-4.0.17"; name = "foomatic-filters-4.0.17";
@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
buildInputs = [ perl cups dbus enscript ]; buildInputs = [ perl cups dbus enscript ];
patches = [
# for CVE-2015-8327 & CVE-2015-8560
(fetchpatch {
url = "https://anonscm.debian.org/cgit/collab-maint/foomatic-filters.git/plain/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch";
sha256 = "055nwi3sjf578nk40bqsch3wx8m2h65hdih0wmxflb6l0hwkq4p4";
})
];
preConfigure = preConfigure =
'' ''
substituteInPlace foomaticrip.c --replace /bin/bash /bin/sh substituteInPlace foomaticrip.c --replace /bin/bash /bin/sh