commit a08ee2292caa8a676332c695d7d46bd38c235931

pyrox.dev / nixpkgs

lol

fork atom

rsync: add patch for CVE-2020-14387

Robert Scott 4 years ago a08ee229 09be4e77

+16 -6

3 changed files

expand all

unified split

pkgs

applications

networking

sync

rsync

base.nix

default.nix

rrsync.nix

+8 -1

pkgs/applications/networking/sync/rsync/base.nix

··· 1 - { lib, fetchurl }: 1 + { lib, fetchurl, fetchpatch }: 2 2 3 3 rec { 4 4 version = "3.2.3"; ··· 12 12 url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; 13 13 sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; 14 14 }; 15 + extraPatches = [ 16 + (fetchpatch { 17 + name = "CVE-2020-14387.patch"; 18 + url = "https://git.samba.org/?p=rsync.git;a=patch;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd"; 19 + sha256 = "000lyx48lns84p53nsdlr45mb9558lrvnsz3yic0y3z6h2izv82x"; 20 + }) 21 + ]; 15 22 16 23 meta = with lib; { 17 24 description = "Fast incremental file transfer utility";

+4 -3

pkgs/applications/networking/sync/rsync/default.nix

··· 1 - { lib, stdenv, fetchurl, perl, libiconv, zlib, popt 1 + { lib, stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt 2 2 , enableACLs ? lib.meta.availableOn stdenv.hostPlatform acl, acl ? null 3 3 , enableLZ4 ? true, lz4 ? null 4 4 , enableOpenSSL ? true, openssl ? null ··· 15 15 assert enableZstd -> zstd != null; 16 16 17 17 let 18 - base = import ./base.nix { inherit lib fetchurl; }; 18 + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; 19 19 in 20 20 stdenv.mkDerivation rec { 21 21 name = "rsync-${base.version}"; ··· 25 25 patchesSrc = base.upstreamPatchTarball; 26 26 27 27 srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc; 28 - patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; 28 + patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff" 29 + ++ base.extraPatches; 29 30 30 31 buildInputs = [libiconv zlib popt] 31 32 ++ lib.optional enableACLs acl

+4 -2

pkgs/applications/networking/sync/rsync/rrsync.nix

··· 1 - { lib, stdenv, fetchurl, perl, rsync }: 1 + { lib, stdenv, fetchurl, perl, rsync, fetchpatch }: 2 2 3 3 let 4 - base = import ./base.nix { inherit lib fetchurl; }; 4 + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; 5 5 in 6 6 stdenv.mkDerivation { 7 7 name = "rrsync-${base.version}"; ··· 14 14 # We just want something from the support directory 15 15 dontConfigure = true; 16 16 dontBuild = true; 17 + 18 + patches = base.extraPatches; 17 19 18 20 postPatch = '' 19 21 substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync