commit 3d2df41a8fe6591181f88b3aff16e1f62bc8efa6 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

rsync: fix CVE-2017-16548

Andreas Rammhold 8 years ago 3d2df41a 0a41fc6b

+17 -10

3 changed files

expand all

unified split

pkgs

applications

networking

sync

rsync

base.nix

default.nix

rrsync.nix

+13 -6

pkgs/applications/networking/sync/rsync/base.nix

··· 1 - { stdenv, fetchurl }: 1 + { stdenv, fetchurl, fetchpatch }: 2 2 3 3 rec { 4 4 version = "3.1.2"; ··· 7 7 url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; 8 8 sha256 = "1hm1q04hz15509f0p9bflw4d6jzfvpm1d36dxjwihk1wzakn5ypc"; 9 9 }; 10 - patches = fetchurl { 11 - # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 12 - url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; 13 - sha256 = "09i3dcl37p22dp75vlnsvx7bm05ggafnrf1zwhf2kbij4ngvxvpd"; 14 - }; 10 + patches = [ 11 + (fetchurl { 12 + # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 13 + url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; 14 + sha256 = "09i3dcl37p22dp75vlnsvx7bm05ggafnrf1zwhf2kbij4ngvxvpd"; 15 + }) 16 + (fetchpatch { 17 + name = "CVE-2017-16548.patch"; 18 + url = "https://git.samba.org/rsync.git/?p=rsync.git;a=commitdiff_plain;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hp=bc112b0e7feece62ce98708092306639a8a53cce"; 19 + sha256 = "1dcdnfhbc5gd0ph7pds0xr2v8rpb2a4p7l9c1wml96nhnyww1pg1"; 20 + }) 21 + ]; 15 22 16 23 meta = with stdenv.lib; { 17 24 homepage = http://rsync.samba.org/;

+2 -2

pkgs/applications/networking/sync/rsync/default.nix

··· 1 - { stdenv, fetchurl, perl, libiconv, zlib, popt 1 + { stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt 2 2 , enableACLs ? true, acl ? null 3 3 , enableCopyDevicesPatch ? false 4 4 }: ··· 6 6 assert enableACLs -> acl != null; 7 7 8 8 let 9 - base = import ./base.nix { inherit stdenv fetchurl; }; 9 + base = import ./base.nix { inherit stdenv fetchurl fetchpatch; }; 10 10 in 11 11 stdenv.mkDerivation rec { 12 12 name = "rsync-${base.version}";

+2 -2

pkgs/applications/networking/sync/rsync/rrsync.nix

··· 1 - { stdenv, fetchurl, perl, rsync }: 1 + { stdenv, fetchurl, fetchpatch, perl, rsync }: 2 2 3 3 let 4 - base = import ./base.nix { inherit stdenv fetchurl; }; 4 + base = import ./base.nix { inherit stdenv fetchurl fetchpatch; }; 5 5 in 6 6 stdenv.mkDerivation rec { 7 7 name = "rrsync-${base.version}";