nixpkgs/pkgs/tools/text/gnupatch/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

64 lines
2.0 KiB
Nix
Raw Normal View History

2021-01-15 09:19:50 +00:00
{ lib, stdenv, fetchurl
2018-08-05 21:02:57 +01:00
, ed, autoreconfHook
2017-06-03 16:27:33 +01:00
}:
2012-09-18 19:48:31 +01:00
stdenv.mkDerivation rec {
pname = "patch";
version = "2.7.6";
src = fetchurl {
url = "mirror://gnu/patch/patch-${version}.tar.xz";
2018-02-07 17:02:41 +00:00
sha256 = "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc";
};
patches = [
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
./CVE-2018-6951.patch
gnupatch: Don't fetch from cgit URLs with unstable hashes cgit cannot serve patches with stable hashes, so store these patches in-tree. cgit community discussion about this problem: https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html We pull the patches in-tree rather than strip cgit footers with fetchpatch because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587 dependencies of fetchpatch cannot use fetchpatch. Verification that the only difference between the live page, the patch committed here, and the version cached under the old hash at tarballs.nixos.org is the cgit version footer: $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch --- cgit-live +++ Allow_input_files_to_be_missing_for_ed-style_patches.patch 2020-01-29 17:22:00.077312937 -0800 @@ -32 +32 @@ -cgit v1.2.1 +cgit v1.0-41-gc330 $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch --- cgit-live +++ CVE-2018-1000156.patch 2020-01-29 17:23:41.021116969 -0800 @@ -210 +210 @@ -cgit v1.2.1 +cgit v1.0-41-gc330
2020-01-30 01:07:02 +00:00
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
./Allow_input_files_to_be_missing_for_ed-style_patches.patch
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b7b028a77bd855f6f56b17c8837fc1cca77b469d
./Abort_when_cleaning_up_fails.patch
gnupatch: Don't fetch from cgit URLs with unstable hashes cgit cannot serve patches with stable hashes, so store these patches in-tree. cgit community discussion about this problem: https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html We pull the patches in-tree rather than strip cgit footers with fetchpatch because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587 dependencies of fetchpatch cannot use fetchpatch. Verification that the only difference between the live page, the patch committed here, and the version cached under the old hash at tarballs.nixos.org is the cgit version footer: $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch --- cgit-live +++ Allow_input_files_to_be_missing_for_ed-style_patches.patch 2020-01-29 17:22:00.077312937 -0800 @@ -32 +32 @@ -cgit v1.2.1 +cgit v1.0-41-gc330 $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch --- cgit-live +++ CVE-2018-1000156.patch 2020-01-29 17:23:41.021116969 -0800 @@ -210 +210 @@ -cgit v1.2.1 +cgit v1.0-41-gc330
2020-01-30 01:07:02 +00:00
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d
./CVE-2018-1000156.patch
# https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
./CVE-2018-6952.patch
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
./CVE-2019-13636.patch
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
./CVE-2019-13638-and-CVE-2018-20969.patch
];
2018-08-05 21:02:57 +01:00
nativeBuildInputs = [ autoreconfHook ];
2021-01-15 09:19:50 +00:00
configureFlags = lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
2017-06-03 16:27:33 +01:00
"ac_cv_func_strnlen_working=yes"
];
doCheck = stdenv.hostPlatform.libc != "musl"; # not cross;
nativeCheckInputs = [ed];
meta = {
description = "GNU Patch, a program to apply differences to files";
mainProgram = "patch";
longDescription =
'' GNU Patch takes a patch file containing a difference listing
produced by the diff program and applies those differences to one or
more original files, producing patched versions.
'';
homepage = "https://savannah.gnu.org/projects/patch";
2021-01-15 09:19:50 +00:00
license = lib.licenses.gpl3Plus;
2013-08-16 22:44:33 +01:00
maintainers = [ ];
2021-01-15 09:19:50 +00:00
platforms = lib.platforms.all;
};
}