cgit: add patch fixing remote DoS

issue assigned MGASA-2019-0203 by mageia https://www.openwall.com/lists/oss-security/2019/05/19/3
2019-07-07 16:55:08 +01:00 · 2019-07-07 16:55:08 +01:00 · 49283ed802
parent beff2f8d75
commit 49283ed802
1 changed files with 9 additions and 1 deletions
--- a/pkgs/applications/version-management/git-and-tools/cgit/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/cgit/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, openssl, zlib, asciidoc, libxml2, libxslt
+{ stdenv, fetchurl, fetchpatch, openssl, zlib, asciidoc, libxml2, libxslt
 , docbook_xsl, pkgconfig, luajit
 , coreutils, gnused, groff, docutils
 , gzip, bzip2, xz
@ -22,6 +22,14 @@ stdenv.mkDerivation rec {
    sha256 = "14hfwfkrci829a9316hnvkglnqqw1p03cw9k56p4fcb078wbwh4b";
  };

+  patches = [
+    (fetchpatch {
+      name = "prevent-dos-limit-path-length.patch";
+      url = "https://git.zx2c4.com/cgit/patch/?id=54c407a74a35d4ee9ffae94cc5bc9096c9f7f54a";
+      sha256 = "1qlbpqsc293lmc9hzwf1j4jr5qlv8cm1r249v3yij5s4wki1595j";
+    })
+  ];
+
  nativeBuildInputs = [ pkgconfig ] ++ [ python wrapPython ];
  buildInputs = [
    openssl zlib asciidoc libxml2 libxslt docbook_xsl luajit