tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

libexosip: 4.1.0 -> 5.2.0

Fix CVE-2014-10375.

sipwitch is marked as broken as it does compile with libexosip > 5.0.0
and the upstream project appears to be stalled/abandoned.

Thomas Gerbet fdafac8b 59863dc3

+5 -11
unified split
+4 -11
pkgs/development/libraries/exosip/default.nix
··· 1 - { lib, stdenv, fetchurl, libosip, openssl, pkg-config, fetchpatch }: 1 + { lib, stdenv, fetchurl, libosip, openssl, pkg-config }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "libexosip2"; 5 - version = "4.1.0"; 5 + version = "5.2.0"; 6 6 7 7 src = fetchurl { 8 - url = "mirror://savannah/exosip/libeXosip2-${version}.tar.gz"; 9 - sha256 = "17cna8kpc8nk1si419vgr6r42k2lda0rdk50vlxrw8rzg0xp2xrw"; 8 + url = "mirror://savannah/exosip/${pname}-${version}.tar.gz"; 9 + sha256 = "09bj7cm6mk8yr68y5a09a625x10ql6an3zi4pj6y1jbkhpgqibp3"; 10 10 }; 11 11 12 12 nativeBuildInputs = [ pkg-config ]; 13 13 buildInputs = [ libosip openssl ]; 14 - 15 - patches = [ 16 - (fetchpatch { 17 - url = "https://sources.debian.net/data/main/libe/libexosip2/4.1.0-2.1/debian/patches/openssl110.patch"; 18 - sha256 = "01q2dax7pwh197mn18r22y38mrsky85mvs9vbkn9fpcilrdayal6"; 19 - }) 20 - ]; 21 14 22 15 meta = with lib; { 23 16 license = licenses.gpl2Plus;
+1
pkgs/servers/sip/sipwitch/default.nix
··· 23 23 license = lib.licenses.gpl3Plus; 24 24 maintainers = with lib.maintainers; [ ]; 25 25 platforms = with lib.platforms; linux; 26 + broken = true; # Require libexosip2 < 5.0.0 which is vulnerable to CVE-2014-10375. 26 27 }; 27 28 }