nixpkgs/pkgs/applications/version-management/cvs/default.nix
Andreas Rammhold d0c8c66068
cvs: fix CVE-2017-12836
This patch is based on the work of the patch from Thorsten Glaser (MirBSD) [1]

[1] http://www.mirbsd.org/cvs.cgi/src/gnu/usr.bin/cvs/src/rsh-client.c.diff?r1=1.6;r2=1.7
2017-11-07 17:01:45 +01:00

35 lines
759 B
Nix

{ stdenv, fetchurl, nano }:
stdenv.mkDerivation {
name = "cvs-1.12.13";
src = fetchurl {
url = mirror://savannah/cvs/source/feature/1.12.13/cvs-1.12.13.tar.bz2;
sha256 = "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq";
};
patches = [
./getcwd-chroot.patch
./CVE-2012-0804.patch
./CVE-2017-12836.patch
];
hardeningDisable = [ "fortify" "format" ];
preConfigure = ''
# Apply the Debian patches.
for p in "debian/patches/"*; do
echo "applying \`$p' ..."
patch --verbose -p1 < "$p"
done
'';
buildInputs = [ nano ];
meta = {
homepage = http://cvs.nongnu.org;
description = "Concurrent Versions System - a source control system";
platforms = stdenv.lib.platforms.all;
};
}