screen: apply patch for CVE-2021-26937
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. Fixes: CVE-2021-26937
This commit is contained in:
parent
2f96b9a7b4
commit
c3b5487720
@ -16,7 +16,14 @@ stdenv.mkDerivation rec {
|
|||||||
"--enable-colors256"
|
"--enable-colors256"
|
||||||
];
|
];
|
||||||
|
|
||||||
patches = lib.optional stdenv.hostPlatform.isMusl
|
patches = [
|
||||||
|
(fetchpatch {
|
||||||
|
# Fixes denial of services in encoding.c, remove > 4.8.0
|
||||||
|
name = "CVE-2021-26937.patch";
|
||||||
|
url = "https://salsa.debian.org/debian/screen/-/raw/master/debian/patches/99_CVE-2021-26937.patch";
|
||||||
|
sha256 = "05f3p1c7s83nccwkhmavjzgaysxnvq41c7jffs31ra65kcpabqy0";
|
||||||
|
})
|
||||||
|
] ++ lib.optional stdenv.hostPlatform.isMusl
|
||||||
(fetchpatch {
|
(fetchpatch {
|
||||||
url = "https://gist.githubusercontent.com/yujinakayama/4608863/raw/76b9f89af5e5a2e97d9a0f36aac989fb56cf1447/gistfile1.diff";
|
url = "https://gist.githubusercontent.com/yujinakayama/4608863/raw/76b9f89af5e5a2e97d9a0f36aac989fb56cf1447/gistfile1.diff";
|
||||||
sha256 = "0f9bf83p8zdxaa1pr75jyf5g8xr3r8kv7cyzzbpraa1q4j15ss1p";
|
sha256 = "0f9bf83p8zdxaa1pr75jyf5g8xr3r8kv7cyzzbpraa1q4j15ss1p";
|
||||||
|
Loading…
Reference in New Issue
Block a user