sharutils: Patch CVE-2018-1000097

This commit is contained in:
Tim Steinbach 2018-08-05 14:41:59 -04:00
parent 93a056993f
commit 76a713bd29
No known key found for this signature in database
GPG Key ID: 472BFCCA96BD0EDA

View File

@ -19,7 +19,15 @@ stdenv.mkDerivation rec {
# remaps /etc/passwd to a trivial file, but we can't do that on Darwin so I do this
# instead. In this case, I pass in the very imaginative "submitter" as the submitter name
patchPhase = let
patches = [
# CVE-2018-1000097
(fetchurl {
url = "https://sources.debian.org/data/main/s/sharutils/1:4.15.2-2+deb9u1/debian/patches/01-fix-heap-buffer-overflow-cve-2018-1000097.patch";
sha256 = "19g0sxc8g79aj5gd5idz5409311253jf2q8wqkasf0handdvsbxx";
})
];
postPatch = let
# This evaluates to a string containing:
#
# substituteInPlace tests/shar-2 --replace '${SHAR}' '${SHAR} -s submitter'