JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libzip: fix CVE-2015-2331 by Debian patch

Browse Source 
Rebuild impact seems low, except for LibreOffice.
This commit is contained in:
Vladimír Čunát 2015-04-06 12:11:51 +02:00
parent 40db8b6ffd
commit 4041fc3e85
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkgs/development/libraries/libzip/default.nix
View File

@ -2,12 +2,21 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "libzip-0.11.2"; name = "libzip-0.11.2";
src = fetchurl { src = fetchurl {
url = "http://www.nih.at/libzip/${name}.tar.gz"; url = "http://www.nih.at/libzip/${name}.tar.gz";
sha256 = "1mcqrz37vjrfr4gnss37z1m7xih9x9miq3mms78zf7wn7as1znw3"; sha256 = "1mcqrz37vjrfr4gnss37z1m7xih9x9miq3mms78zf7wn7as1znw3";
}; };
# fix CVE-2015-2331 taken from Debian patch:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=libzip-0.11.2-1.2-nmu.diff;att=1;bug=780756
postPatch = ''
substituteInPlace lib/zip_dirent.c --replace \
'else if ((cd->entry=(struct zip_entry *)' \
'else if (nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)'
cat lib/zip_dirent.c
'';
propagatedBuildInputs = [ zlib ]; propagatedBuildInputs = [ zlib ];
# At least mysqlWorkbench cannot find zipconf.h; I think also openoffice # At least mysqlWorkbench cannot find zipconf.h; I think also openoffice