Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

shellinabox: fix CVE-2018-16789

(#72620)

authored by

Renaud and committed by
GitHub
73523e02 7153c484

+11 -4
+11 -4
pkgs/servers/shellinabox/default.nix
··· 1 - { stdenv, fetchFromGitHub, autoreconfHook, pam, openssl, openssh, shadow, makeWrapper }: 1 + { stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pam, openssl, openssh, shadow, makeWrapper }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 version = "2.20"; ··· 11 11 sha256 = "1hmfayh21cks2lyj572944ll0mmgsxbnj981b3hq3nhdg8ywzjfr"; 12 12 }; 13 13 14 - patches = [ ./shellinabox-minus.patch ]; 14 + patches = [ 15 + ./shellinabox-minus.patch 16 + (fetchpatch { 17 + name = "CVE-2018-16789.patch"; 18 + url = "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361.patch"; 19 + sha256 = "1mpm6acxdb0fms9pa2b88fx6hp07ph87ahxi82yyqj2m7p79jx7a"; 20 + }) 21 + ]; 15 22 16 - nativeBuildInputs = [ autoreconfHook ]; 17 - buildInputs = [ pam openssl openssh makeWrapper ]; 23 + nativeBuildInputs = [ autoreconfHook makeWrapper ]; 24 + buildInputs = [ pam openssl openssh ]; 18 25 19 26 # Disable GSSAPIAuthentication errors. Also, paths in certain source files are 20 27 # hardcoded. Replace the hardcoded paths with correct paths.