commit 668572753c598ed4bf617794093bfb91aa82427c · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

fuseiso: fix CVE-2015-8836 & CVE-2015-8837

Franz Pletz 9 years ago 66857275 c049fd4a

+22 -2

1 changed file

expand all

unified split

pkgs

tools

filesystems

fuseiso

default.nix

+22 -2

pkgs/tools/filesystems/fuseiso/default.nix

··· 1 - { stdenv, fetchurl, pkgconfig, fuse, zlib, glib }: 1 + { stdenv, fetchurl, fetchpatch, pkgconfig, fuse, zlib, glib }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 name = "fuseiso-20070708"; 5 5 6 6 src = fetchurl { 7 7 url = "mirror://sourceforge/project/fuseiso/fuseiso/20070708/fuseiso-20070708.tar.bz2"; 8 - sha1 = "fe142556ad35dd7e5dc31a16183232a6e2da7692"; 8 + sha256 = "127xql52dcdhmh7s5m9xc6q39jdlj3zhbjar1j821kb6gl3jw94b"; 9 9 }; 10 10 11 11 buildInputs = [ pkgconfig fuse zlib glib ]; 12 + 13 + patches = let fetchPatchFromDebian = { patch, sha256 }: 14 + fetchpatch { 15 + inherit sha256; 16 + url = "https://sources.debian.net/data/main/f/fuseiso/20070708-3.2/debian/patches/${patch}"; 17 + }; 18 + in [ 19 + (fetchPatchFromDebian { 20 + patch = "00-support_large_iso.patch"; 21 + sha256 = "1lmclb1qwzz5f4wlq693g83bblwnjjl73qhgfxbsaac5hnn2shjw"; 22 + }) 23 + (fetchPatchFromDebian { # CVE-2015-8837 24 + patch = "02-prevent-buffer-overflow.patch"; 25 + sha256 = "1ls2pp3mh91pdb51qz1fsd8pwhbky6988bpd156bn7wgfxqzh8ig"; 26 + }) 27 + (fetchPatchFromDebian { # CVE-2015-8836 28 + patch = "03-prevent-integer-overflow.patch"; 29 + sha256 = "100cw07fk4sa3hl7a1gk2hgz4qsxdw99y20r7wpidwwwzy463zcv"; 30 + }) 31 + ]; 12 32 13 33 meta = { 14 34 homepage = http://sourceforge.net/projects/fuseiso;