jshon: fix null termination in read_stream. · pyrox.dev/nixpkgs@5d6ea2d

lol

jshon: fix null termination in read_stream.

This fixes a somewhat critical (security?) bug.

We are trying to get it merged upstream but have had no response from
the ordinary maintainer in over a week.

(See <https://github.com/keenerd/jshon/issues/53>.)

fixes #23727

authored by

Daniel Brockman and committed by

Jörg Thalheim 9 years ago 5d6ea2d6 b3c14bbf

+12 -3

1 changed file

expand all

unified split

pkgs

development

tools

parsing

jshon

default.nix

+12 -3

pkgs/development/tools/parsing/jshon/default.nix

··· 1 - { stdenv, lib, fetchFromGitHub, jansson }: 2 3 stdenv.mkDerivation rec { 4 name = "jshon-20140712"; ··· 12 repo = "jshon"; 13 }; 14 15 buildInputs = [ jansson ]; 16 17 - patchPhase = 18 '' 19 substituteInPlace Makefile --replace "/usr/" "/" 20 ''; 21 22 - preInstall = 23 '' 24 export DESTDIR=$out 25 '';

··· 1 + { stdenv, lib, fetchFromGitHub, fetchpatch, jansson }: 2 3 stdenv.mkDerivation rec { 4 name = "jshon-20140712"; ··· 12 repo = "jshon"; 13 }; 14 15 + patches = [ 16 + # Fix null termination in read_stream. 17 + # https://github.com/keenerd/jshon/issues/53 18 + (fetchpatch { 19 + url = https://github.com/mbrock/jshon/commit/32288dd186573ceb58164f30be1782d4580466d8.patch; 20 + sha256 = "04rss2nprl9nqblc7smq0477n54hm801xgnnmvyzni313i1n6vhl"; 21 + }) 22 + ]; 23 + 24 buildInputs = [ jansson ]; 25 26 + patchPhase = 27 '' 28 substituteInPlace Makefile --replace "/usr/" "/" 29 ''; 30 31 + preInstall = 32 '' 33 export DESTDIR=$out 34 '';