tjh.dev
fork
Configure Feed
Select the types of activity you want to include in your feed.
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
fork
Configure Feed
Select the types of activity you want to include in your feed.
libzip: fix CVE-2015-2331 by Debian patch
Rebuild impact seems low, except for LibreOffice.
+11
-2
+11
-2
pkgs/development/libraries/libzip/default.nix
+11
-2
pkgs/development/libraries/libzip/default.nix
···
2
2
3
3
stdenv.mkDerivation rec {
4
4
name = "libzip-0.11.2";
5
-
5
+
6
6
src = fetchurl {
7
7
url = "http://www.nih.at/libzip/${name}.tar.gz";
8
8
sha256 = "1mcqrz37vjrfr4gnss37z1m7xih9x9miq3mms78zf7wn7as1znw3";
9
9
};
10
-
10
+
11
+
# fix CVE-2015-2331 taken from Debian patch:
12
+
# https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=libzip-0.11.2-1.2-nmu.diff;att=1;bug=780756
13
+
postPatch = ''
14
+
substituteInPlace lib/zip_dirent.c --replace \
15
+
'else if ((cd->entry=(struct zip_entry *)' \
16
+
'else if (nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)'
17
+
cat lib/zip_dirent.c
18
+
'';
19
+
11
20
propagatedBuildInputs = [ zlib ];
12
21
13
22
# At least mysqlWorkbench cannot find zipconf.h; I think also openoffice