3
0
Fork 0
forked from mirrors/nixpkgs

Merge security fixes adapted from #31437

This commit is contained in:
Vladimír Čunát 2017-11-11 13:33:25 +01:00
commit cbfb586151
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
9 changed files with 64 additions and 19 deletions

View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, gettext }:
{ stdenv, fetchurl, fetchpatch, gettext }:
stdenv.mkDerivation rec {
name = "libexif-0.6.21";
@ -8,6 +8,15 @@ stdenv.mkDerivation rec {
sha256 = "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n";
};
patches = [
(fetchpatch {
name = "CVE-2017-7544.patch";
url = https://sourceforge.net/p/libexif/bugs/_discuss/thread/fc394c4b/489a/attachment/xx.pat;
sha256 = "1qgk8hgnxr8d63jsc4vljxz9yg33mbml280dq4a6050rmk9wq4la";
})
];
patchFlags = "-p0";
buildInputs = [ gettext ];
meta = {

View file

@ -7,11 +7,11 @@ assert gtkSupport -> glib != null && gtk3 != null;
assert videoSupport -> ffmpeg != null && libmpeg2 != null;
stdenv.mkDerivation rec {
name = "libextractor-1.4";
name = "libextractor-1.6";
src = fetchurl {
url = "mirror://gnu/libextractor/${name}.tar.gz";
sha256 = "0v7ns5jhsyp1wzvbaydfgxnva5zd63gkzm9djhckmam9liq824l4";
sha256 = "17gnpgspdhfgcr27j8sn9105vb4lw22yqdrhic62l79q5v5avm16";
};
preConfigure =

View file

@ -1,18 +1,18 @@
{ stdenv, fetchurl, pcre, zlib, perl }:
{ stdenv, fetchurl, libjpeg, zlib, perl }:
let version = "6.0.0";
let version = "7.0.0";
in
stdenv.mkDerivation rec {
name = "qpdf-${version}";
src = fetchurl {
url = "mirror://sourceforge/qpdf/qpdf/${version}/${name}.tar.gz";
sha256 = "0csj2p2gkxrc0rk8ykymlsdgfas96vzf1dip3y1x7z1q9plwgzd9";
sha256 = "0py6p27fx4qrwq9mvcybna42b0bdi359x38lzmggxl5a9khqvl7y";
};
nativeBuildInputs = [ perl ];
buildInputs = [ pcre zlib ];
buildInputs = [ zlib libjpeg ];
postPatch = ''
patchShebangs qpdf/fix-qdf
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
homepage = http://qpdf.sourceforge.net/;
description = "A C++ library and set of programs that inspect and manipulate the structure of PDF files";
license = licenses.artistic2;
license = licenses.asl20; # as of 7.0.0, people may stay at artistic2
maintainers = with maintainers; [ abbradar ];
platforms = platforms.all;
};

View file

@ -1,4 +1,4 @@
{stdenv, fetchFromGitHub, fetchurl, pkgconfig, libusb, readline, libewf, perl, zlib, openssl,
{stdenv, fetchFromGitHub, fetchurl, fetchpatch, pkgconfig, libusb, readline, libewf, perl, zlib, openssl,
gtk2 ? null, vte ? null, gtkdialog ? null,
python ? null,
ruby ? null,
@ -13,16 +13,24 @@ let
inherit (stdenv.lib) optional;
in
stdenv.mkDerivation rec {
version = "2.0.0";
version = "2.0.1";
name = "radare2-${version}";
src = fetchFromGitHub {
owner = "radare";
repo = "radare2";
rev = version;
sha256 = "1ahai9x6jc15wjzdbdkri3rc88ark2i5s8nv2pxcp0wwldvawlzi";
sha256 = "031ndvinsypagpkdszxjq0hj91ijq9zx4dzk53sz7il7s3zn65c7";
};
patches = [
(fetchpatch {
name = "CVE-2017-15385.patch";
url = https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4.patch;
sha256 = "19qg5j9yr5r62nrq2b6mscxsz0wyyfah2z5jz8dvj9kqxq186d43";
})
];
postPatch = let
cs_ver = "3.0.4"; # version from $sourceRoot/shlr/Makefile
capstone = fetchurl {

View file

@ -1,4 +1,4 @@
{ stdenv, lib, buildPackages, fetchurl
{ stdenv, lib, buildPackages, fetchurl, fetchpatch
, enableStatic ? false
, enableMinimal ? false
, useMusl ? false, musl
@ -39,7 +39,19 @@ stdenv.mkDerivation rec {
hardeningDisable = [ "format" ] ++ lib.optionals enableStatic [ "fortify" ];
patches = [ ./busybox-in-store.patch ];
patches = [
./busybox-in-store.patch
(fetchpatch {
name = "CVE-2017-15873.patch";
url = "https://git.busybox.net/busybox/patch/?id=0402cb32df015d9372578e3db27db47b33d5c7b0";
sha256 = "1s3xqifd0dww19mbnzrks0i1az0qwd884sxjzrx33d6a9jxv4dzn";
})
(fetchpatch {
name = "CVE-2017-15874.patch";
url = "https://git.busybox.net/busybox/patch/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b";
sha256 = "0169p4ylz9zd14ghhb39yfjvbdca2kb21pphylfh9ny7i484ahql";
})
];
configurePhase = ''
export KCONFIG_NOTIMESTAMP=1

View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, lua }:
{ stdenv, fetchurl, fetchpatch, lua }:
stdenv.mkDerivation rec {
version = "4.0.2";
@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
sha256 = "04s8cgvwjj1979s3hg8zkwc9pyn3jkjpz5zidp87kfcipifr385i";
};
patches = [
(fetchpatch {
name = "CVE-2017-15047.patch";
url = https://github.com/antirez/redis/commit/ffcf7d5ab1e98d84c28af9bea7be76c6737820ad.patch;
sha256 = "0cgx3lm0n7jxhsly8v9hdvy6vlamj3ck2jsid4fwyapz6907h64l";
})
];
buildInputs = [ lua ];
makeFlags = "PREFIX=$(out)";

View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
name = "partclone-${version}";
version = "0.2.89";
version = "0.3.11";
src = fetchFromGitHub {
owner = "Thomas-Tsai";
repo = "partclone";
rev = version;
sha256 = "0gw47pchqshhm00yf34qgxh6bh2jfryv0sm7ghwn77bv5gzwr481";
sha256 = "0bv15i0gxym4dv48rgaavh8p94waryn1l6viis6qh5zm9cd08skg";
};
nativeBuildInputs = [ autoreconfHook pkgconfig ];

View file

@ -1,4 +1,4 @@
{stdenv, fetchurl, bzip2}:
{stdenv, fetchurl, fetchpatch, bzip2}:
stdenv.mkDerivation {
name = "rzip-2.1";
@ -8,6 +8,14 @@ stdenv.mkDerivation {
};
buildInputs = [ bzip2 ];
patches = [
(fetchpatch {
name = "CVE-2017-8364-fill-buffer.patch";
url = https://sources.debian.net/data/main/r/rzip/2.1-4.1/debian/patches/80-CVE-2017-8364-fill-buffer.patch;
sha256 = "0jcjlx9ksdvxvjyxmyzscx9ar9992iy5icw0sc3n0p09qi4d6x1r";
})
];
meta = {
homepage = http://rzip.samba.org/;
description = "Compression program";

View file

@ -5,14 +5,14 @@
}:
stdenv.mkDerivation rec {
version = "3.6.0";
version = "3.6.3";
name = "yara-${version}";
src = fetchFromGitHub {
owner = "VirusTotal";
repo = "yara";
rev = "v${version}";
sha256 = "05nadqpvihdyxym11mn6n02rzv2ng8ga7j9l0g5gnjx366gcai42";
sha256 = "13znbdwin9lvql43wpms5hh13h8rk5x5wajgmphz18rxwp8h7j78";
};
# FIXME: this is probably not the right way to make it work