Merge pull request #124567 from TredwellGit/lz4

lz4: patch CVE-2021-3520 and null pointer dereference
This commit is contained in:
Robert Schütz 2021-05-30 18:02:44 +02:00 committed by GitHub
commit 1d817f8f5d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -14,6 +14,19 @@ stdenv.mkDerivation rec {
owner = pname;
};
patches = [
(fetchpatch { # https://github.com/lz4/lz4/pull/972
name = "CVE-2021-3520.patch";
url = "https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7.patch";
sha256 = "0r1cwpqdkdc8im0pf2r5jp7mwwn69xcw405rrk7rc0mpjcp5ydfk";
})
(fetchpatch { # https://github.com/lz4/lz4/pull/973
name = "avoid-null-pointer-dereference.patch";
url = "https://github.com/lz4/lz4/commit/29a6a1f4941e7243241fe00d6c13b749fd6b60c2.patch";
sha256 = "0v5yl5hd3qrfm3xm7m06j4b21qwllb4cqkjn2az7x1vnzqgpf8y7";
})
];
# TODO(@Ericson2314): Separate binaries and libraries
outputs = [ "bin" "out" "dev" ];