From 5d41dda02db3f538fb253056575c151192d4ce41 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 30 Oct 2017 08:40:48 -0400 Subject: [PATCH] cyrus_sasl: Fix CVE-2013-4122 --- pkgs/development/libraries/cyrus-sasl/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix index 5dbf134cf450..68398e93764c 100644 --- a/pkgs/development/libraries/cyrus-sasl/default.nix +++ b/pkgs/development/libraries/cyrus-sasl/default.nix @@ -1,4 +1,5 @@ -{ lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false }: +{ lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext, + pam, fixDarwinDylibNames, autoreconfHook, fetchpatch, enableLdap ? false }: with stdenv.lib; stdenv.mkDerivation rec { @@ -21,6 +22,10 @@ stdenv.mkDerivation rec { patches = [ ./missing-size_t.patch # https://bugzilla.redhat.com/show_bug.cgi?id=906519 + (fetchpatch { # CVE-2013-4122 + url = "http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.26-glibc217-crypt.diff"; + sha256 = "05l7dh1w9d5fvzg0pjwzqh0fy4ah8y5cv6v67s4ssbq8xwd4pkf2"; + }) ] ++ lib.optional stdenv.isFreeBSD ( fetchurl { url = "http://www.linuxfromscratch.org/patches/blfs/svn/cyrus-sasl-2.1.26-fixes-3.patch";