tjh.dev
shellinabox: fix CVE-2018-16789
(#72620)
+11
-4
pkgs/servers/shellinabox/default.nix
+11
-4
pkgs/servers/shellinabox/default.nix
···
1
-
{ stdenv, fetchFromGitHub, autoreconfHook, pam, openssl, openssh, shadow, makeWrapper }:
1
+
{ stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pam, openssl, openssh, shadow, makeWrapper }:
2
2
3
3
stdenv.mkDerivation rec {
4
4
version = "2.20";
···
11
11
sha256 = "1hmfayh21cks2lyj572944ll0mmgsxbnj981b3hq3nhdg8ywzjfr";
12
12
};
13
13
14
-
patches = [ ./shellinabox-minus.patch ];
14
+
patches = [
15
+
./shellinabox-minus.patch
16
+
(fetchpatch {
17
+
name = "CVE-2018-16789.patch";
18
+
url = "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361.patch";
19
+
sha256 = "1mpm6acxdb0fms9pa2b88fx6hp07ph87ahxi82yyqj2m7p79jx7a";
20
+
})
21
+
];
15
22
16
-
nativeBuildInputs = [ autoreconfHook ];
17
-
buildInputs = [ pam openssl openssh makeWrapper ];
23
+
nativeBuildInputs = [ autoreconfHook makeWrapper ];
24
+
buildInputs = [ pam openssl openssh ];
18
25
19
26
# Disable GSSAPIAuthentication errors. Also, paths in certain source files are
20
27
# hardcoded. Replace the hardcoded paths with correct paths.