nixpkgs/pkgs/tools/text/gnupatch/default.nix

{ lib, stdenv, fetchurl
, ed, autoreconfHook
}:

stdenv.mkDerivation rec {
  pname = "patch";
  version = "2.7.6";

  src = fetchurl {
    url = "mirror://gnu/patch/patch-${version}.tar.xz";
    sha256 = "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc";
  };

  patches = [
    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
    ./CVE-2018-6951.patch

    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
    ./Allow_input_files_to_be_missing_for_ed-style_patches.patch

    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d
    ./CVE-2018-1000156.patch

    # https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
    ./CVE-2018-6952.patch

    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
    ./CVE-2019-13636.patch

    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
    ./CVE-2019-13638-and-CVE-2018-20969.patch
  ];

  nativeBuildInputs = [ autoreconfHook ];

  configureFlags = lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
    "ac_cv_func_strnlen_working=yes"
  ];

  doCheck = stdenv.hostPlatform.libc != "musl"; # not cross;
  checkInputs = [ed];

  meta = {
    description = "GNU Patch, a program to apply differences to files";

    longDescription =
      '' GNU Patch takes a patch file containing a difference listing
         produced by the diff program and applies those differences to one or
         more original files, producing patched versions.
      '';

    homepage = "https://savannah.gnu.org/projects/patch";

    license = lib.licenses.gpl3Plus;

    maintainers = [ ];
    platforms = lib.platforms.all;
  };
}
pkgs/tools: stdenv.lib -> lib 2021-01-15 09:19:50 +00:00			`{ lib, stdenv, fetchurl`
patch: Fix CVE-2018-1000156 2018-08-05 21:02:57 +01:00			`, ed, autoreconfHook`
gnu patch: Fix for cross 2017-06-03 16:27:33 +01:00			`}:`
* bash 2.0, findutils 4.2.28. * Some Nix expression simplifications. Sense and simplicity! svn path=/nixpkgs/trunk/; revision=6836 2006-10-25 00:05:12 +01:00
patch: Update to 2.7 2012-09-18 19:48:31 +01:00			`stdenv.mkDerivation rec {`
gnupatch: replace name with pname&version 2021-07-27 19:43:38 +01:00			`pname = "patch";`
			`version = "2.7.6";`
GNU Patch 2.6.1. svn path=/nixpkgs/branches/stdenv-updates/; revision=19260 2010-01-06 13:50:51 +00:00
GNU Patch: On Darwin, use an existing tarball, and patch from there. svn path=/nixpkgs/trunk/; revision=33892 2012-04-23 16:47:21 +01:00			`src = fetchurl {`
gnupatch: replace name with pname&version 2021-07-27 19:43:38 +01:00			`url = "mirror://gnu/patch/patch-${version}.tar.xz";`
gnupatch: 2.7.5 -> 2.7.6 2018-02-07 17:02:41 +00:00			`sha256 = "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc";`
GNU Patch: On Darwin, use an existing tarball, and patch from there. svn path=/nixpkgs/trunk/; revision=33892 2012-04-23 16:47:21 +01:00			`};`
* bash 2.0, findutils 4.2.28. * Some Nix expression simplifications. Sense and simplicity! svn path=/nixpkgs/trunk/; revision=6836 2006-10-25 00:05:12 +01:00
gnupatch: fix CVE-2018-6951 fixes #39045 2018-04-17 08:03:12 +01:00			`patches = [`
			`# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a`
			`./CVE-2018-6951.patch`
gnupatch: Don't fetch from cgit URLs with unstable hashes cgit cannot serve patches with stable hashes, so store these patches in-tree. cgit community discussion about this problem: https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html We pull the patches in-tree rather than strip cgit footers with fetchpatch because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587 dependencies of fetchpatch cannot use fetchpatch. Verification that the only difference between the live page, the patch committed here, and the version cached under the old hash at tarballs.nixos.org is the cgit version footer: $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch --- cgit-live +++ Allow_input_files_to_be_missing_for_ed-style_patches.patch 2020-01-29 17:22:00.077312937 -0800 @@ -32 +32 @@ -cgit v1.2.1 +cgit v1.0-41-gc330 $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch --- cgit-live +++ CVE-2018-1000156.patch 2020-01-29 17:23:41.021116969 -0800 @@ -210 +210 @@ -cgit v1.2.1 +cgit v1.0-41-gc330 2020-01-30 01:07:02 +00:00
			`# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1`
			`./Allow_input_files_to_be_missing_for_ed-style_patches.patch`

			`# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d`
			`./CVE-2018-1000156.patch`

gnupatch: add patch for CVE-2018-6952 Refs: https://nvd.nist.gov/vuln/detail/CVE-2018-6952 https://savannah.gnu.org/bugs/index.php?53133 2019-04-27 01:50:54 +01:00			`# https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300`
			`./CVE-2018-6952.patch`
gnupatch: apply patches for CVE-2019-1363 and CVE-2019-13638 2019-07-28 08:55:06 +01:00
			`# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a`
			`./CVE-2019-13636.patch`

			`# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0`
gnupatch: rename patch files to match their CVE ids. This should be a behavior no-op, but it helps vulnix figure out that we are up to date regarding security patches. 2019-10-02 20:56:40 +01:00			`./CVE-2019-13638-and-CVE-2018-20969.patch`
gnupatch: fix CVE-2018-6951 fixes #39045 2018-04-17 08:03:12 +01:00			`];`

patch: Fix CVE-2018-1000156 2018-08-05 21:02:57 +01:00			`nativeBuildInputs = [ autoreconfHook ];`
GNU Patch: Use GNU ed and re-enable the tests. svn path=/nixpkgs/branches/stdenv-updates/; revision=19315 2010-01-08 21:28:30 +00:00
pkgs/tools: stdenv.lib -> lib 2021-01-15 09:19:50 +00:00			`configureFlags = lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [`
gnu patch: Fix for cross 2017-06-03 16:27:33 +01:00			`"ac_cv_func_strnlen_working=yes"`
			`];`
Making a bunch of basic programs cross-buildable. After this, the 'bootstrap-tools' can be cross-built. svn path=/nixpkgs/branches/stdenv-updates/; revision=20945 2010-04-04 19:10:42 +01:00
treewide: Remove usage of remaining redundant platform compatability stuff Want to get this out of here for 18.09, so it can be deprecated thereafter. 2018-08-20 19:43:41 +01:00			`doCheck = stdenv.hostPlatform.libc != "musl"; # not cross;`
patch: use checkInputs instead of conditional This is more clear, to separate test dependencies. 2018-09-30 02:25:51 +01:00			`checkInputs = [ed];`
GNU Patch 2.6.1. svn path=/nixpkgs/branches/stdenv-updates/; revision=19260 2010-01-06 13:50:51 +00:00
			`meta = {`
			`description = "GNU Patch, a program to apply differences to files";`

			`longDescription =`
			`'' GNU Patch takes a patch file containing a difference listing`
			`produced by the diff program and applies those differences to one or`
			`more original files, producing patched versions.`
			`'';`

treewide: Per RFC45, remove all unquoted URLs 2020-04-01 02:11:51 +01:00			`homepage = "https://savannah.gnu.org/projects/patch";`
GNU Patch 2.6.1. svn path=/nixpkgs/branches/stdenv-updates/; revision=19260 2010-01-06 13:50:51 +00:00
pkgs/tools: stdenv.lib -> lib 2021-01-15 09:19:50 +00:00			`license = lib.licenses.gpl3Plus;`
GNU Patch 2.6.1. svn path=/nixpkgs/branches/stdenv-updates/; revision=19260 2010-01-06 13:50:51 +00:00
unmaintain several packages 2013-08-16 22:44:33 +01:00			`maintainers = [ ];`
pkgs/tools: stdenv.lib -> lib 2021-01-15 09:19:50 +00:00			`platforms = lib.platforms.all;`
GNU Patch 2.6.1. svn path=/nixpkgs/branches/stdenv-updates/; revision=19260 2010-01-06 13:50:51 +00:00			`};`
			`}`