pyrox.dev
fuseiso: fix CVE-2015-8836 & CVE-2015-8837
+22
-2
pkgs/tools/filesystems/fuseiso/default.nix
+22
-2
pkgs/tools/filesystems/fuseiso/default.nix
···
1
-
{ stdenv, fetchurl, pkgconfig, fuse, zlib, glib }:
2
3
stdenv.mkDerivation rec {
4
name = "fuseiso-20070708";
5
6
src = fetchurl {
7
url = "mirror://sourceforge/project/fuseiso/fuseiso/20070708/fuseiso-20070708.tar.bz2";
8
-
sha1 = "fe142556ad35dd7e5dc31a16183232a6e2da7692";
9
};
10
11
buildInputs = [ pkgconfig fuse zlib glib ];
12
13
meta = {
14
homepage = http://sourceforge.net/projects/fuseiso;
···
1
+
{ stdenv, fetchurl, fetchpatch, pkgconfig, fuse, zlib, glib }:
2
3
stdenv.mkDerivation rec {
4
name = "fuseiso-20070708";
5
6
src = fetchurl {
7
url = "mirror://sourceforge/project/fuseiso/fuseiso/20070708/fuseiso-20070708.tar.bz2";
8
+
sha256 = "127xql52dcdhmh7s5m9xc6q39jdlj3zhbjar1j821kb6gl3jw94b";
9
};
10
11
buildInputs = [ pkgconfig fuse zlib glib ];
12
+
13
+
patches = let fetchPatchFromDebian = { patch, sha256 }:
14
+
fetchpatch {
15
+
inherit sha256;
16
+
url = "https://sources.debian.net/data/main/f/fuseiso/20070708-3.2/debian/patches/${patch}";
17
+
};
18
+
in [
19
+
(fetchPatchFromDebian {
20
+
patch = "00-support_large_iso.patch";
21
+
sha256 = "1lmclb1qwzz5f4wlq693g83bblwnjjl73qhgfxbsaac5hnn2shjw";
22
+
})
23
+
(fetchPatchFromDebian { # CVE-2015-8837
24
+
patch = "02-prevent-buffer-overflow.patch";
25
+
sha256 = "1ls2pp3mh91pdb51qz1fsd8pwhbky6988bpd156bn7wgfxqzh8ig";
26
+
})
27
+
(fetchPatchFromDebian { # CVE-2015-8836
28
+
patch = "03-prevent-integer-overflow.patch";
29
+
sha256 = "100cw07fk4sa3hl7a1gk2hgz4qsxdw99y20r7wpidwwwzy463zcv";
30
+
})
31
+
];
32
33
meta = {
34
homepage = http://sourceforge.net/projects/fuseiso;