commit 6a3601a1c654e27dc3a39e7732ed4b9972b8247f · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

R: apply patch for CVE-2024-27322

https://hiddenlayer.com/research/r-bitrary-code-execution/

Patch has been identified by checking the SCM logs.
I was not able to find another part of the patch.
Fedora 39 went the same way in https://src.fedoraproject.org/rpms/R/c/b1a4e124f24f03916877bc116c1f9e89dd6c34a5?branch=f39
See also https://github.com/spack/spack/issues/43932

Thomas Gerbet 2 years ago 6a3601a1 c88c954f

+7 -1

1 changed file

expand all

unified split

pkgs

applications

science

math

default.nix

+7 -1

pkgs/applications/science/math/R/default.nix

··· 1 - { lib, stdenv, fetchurl, bzip2, gfortran, libX11, libXmu, libXt, libjpeg, libpng 1 + { lib, stdenv, fetchurl, fetchpatch, bzip2, gfortran, libX11, libXmu, libXt, libjpeg, libpng 2 2 , libtiff, ncurses, pango, pcre2, perl, readline, tcl, texlive, texliveSmall, tk, xz, zlib 3 3 , less, texinfo, graphviz, icu, pkg-config, bison, imake, which, jdk, blas, lapack 4 4 , curl, Cocoa, Foundation, libobjc, libcxx, tzdata ··· 37 37 38 38 patches = [ 39 39 ./no-usr-local-search-paths.patch 40 + (fetchpatch { 41 + # https://hiddenlayer.com/research/r-bitrary-code-execution/ 42 + name = "CVE-2024-27322.patch"; 43 + url = "https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7.patch"; 44 + hash = "sha256-CH2mMmie9E96JeGSC7UGm7/roUNhK5xv6HO53N2ixEI="; 45 + }) 40 46 ]; 41 47 42 48 # Test of the examples for package 'tcltk' fails in Darwin sandbox. See: