tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

libarchive: apply upstream CVE patches

Fixes #57150.

(cherry picked from commit 5767c18d99a035aa642286d1390698ff40d5d231)

Vladimír Čunát 939df4bc 6607b8e6

+15
unified split
+15
pkgs/development/libraries/libarchive/default.nix
··· 17 17 sha256 = "0bhfncid058p7n1n8v29l6wxm3mhdqfassscihbsxfwz3iwb2zms"; 18 18 }; 19 19 20 + patches = [ 21 + (fetchpatch { 22 + # details: https://github.com/libarchive/libarchive/pull/1105 23 + name = "cve-2018-1000877.diff"; # CVE-2018-1000877..80 24 + url = "https://github.com/libarchive/libarchive/pull/1105.diff"; 25 + sha256 = "0mxcawfdy9m40mykzwhkl39a6vnh4ypgy0ipcz74qm4bi72x0gyf"; 26 + }) 27 + (fetchpatch { 28 + # details: https://github.com/libarchive/libarchive/pull/1120 29 + name = "cve-2019-1000019_cve-2019-1000020.diff"; 30 + url = "https://github.com/libarchive/libarchive/pull/1120.diff"; 31 + sha256 = "1mgx92v8hm7hw9j34nbfriqfkxshh3cy25rhavr7kl7lz4x5a6g4"; 32 + }) 33 + ]; 34 + 20 35 outputs = [ "out" "lib" "dev" ]; 21 36 22 37 nativeBuildInputs = [ pkgconfig ];