3
0
Fork 0
forked from mirrors/nixpkgs

libspf2: Fix CVE-2021-20314

There is no new release yet (see mailing list post on oss-security), so
I'm picking the commit that fixes the CVE.

There is another security flaw (without a CVE number) that is also
mentioned in the oss-security announcement but it is not explained which
commit patches the problem.
This commit is contained in:
Janne Heß 2021-08-11 20:02:34 +02:00
parent 5059cdaa60
commit 46b7a5be1c
No known key found for this signature in database
GPG key ID: 69165158F05265DF

View file

@ -17,6 +17,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/shevek/libspf2/commit/5852828582f556e73751076ad092f72acf7fc8b6.patch";
sha256 = "1v6ashqzpr0xidxq0vpkjd8wd66cj8df01kyzj678ljzcrax35hk";
})
(fetchurl {
name = "0002-CVE-2021-20314.patch";
url = "https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef.patch";
sha256 = "190nnh7mlz6328829ba6jajad16s3md8kraspn81qnvhwh0nkiak";
})
];
postPatch = ''