forked from mirrors/nixpkgs
Merge security fixes adapted from #31437
This commit is contained in:
commit
cbfb586151
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, fetchurl, gettext }:
|
||||
{ stdenv, fetchurl, fetchpatch, gettext }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "libexif-0.6.21";
|
||||
|
@ -8,6 +8,15 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-7544.patch";
|
||||
url = https://sourceforge.net/p/libexif/bugs/_discuss/thread/fc394c4b/489a/attachment/xx.pat;
|
||||
sha256 = "1qgk8hgnxr8d63jsc4vljxz9yg33mbml280dq4a6050rmk9wq4la";
|
||||
})
|
||||
];
|
||||
patchFlags = "-p0";
|
||||
|
||||
buildInputs = [ gettext ];
|
||||
|
||||
meta = {
|
||||
|
|
|
@ -7,11 +7,11 @@ assert gtkSupport -> glib != null && gtk3 != null;
|
|||
assert videoSupport -> ffmpeg != null && libmpeg2 != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "libextractor-1.4";
|
||||
name = "libextractor-1.6";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnu/libextractor/${name}.tar.gz";
|
||||
sha256 = "0v7ns5jhsyp1wzvbaydfgxnva5zd63gkzm9djhckmam9liq824l4";
|
||||
sha256 = "17gnpgspdhfgcr27j8sn9105vb4lw22yqdrhic62l79q5v5avm16";
|
||||
};
|
||||
|
||||
preConfigure =
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
{ stdenv, fetchurl, pcre, zlib, perl }:
|
||||
{ stdenv, fetchurl, libjpeg, zlib, perl }:
|
||||
|
||||
let version = "6.0.0";
|
||||
let version = "7.0.0";
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "qpdf-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/qpdf/qpdf/${version}/${name}.tar.gz";
|
||||
sha256 = "0csj2p2gkxrc0rk8ykymlsdgfas96vzf1dip3y1x7z1q9plwgzd9";
|
||||
sha256 = "0py6p27fx4qrwq9mvcybna42b0bdi359x38lzmggxl5a9khqvl7y";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ perl ];
|
||||
|
||||
buildInputs = [ pcre zlib ];
|
||||
buildInputs = [ zlib libjpeg ];
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs qpdf/fix-qdf
|
||||
|
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
|
|||
meta = with stdenv.lib; {
|
||||
homepage = http://qpdf.sourceforge.net/;
|
||||
description = "A C++ library and set of programs that inspect and manipulate the structure of PDF files";
|
||||
license = licenses.artistic2;
|
||||
license = licenses.asl20; # as of 7.0.0, people may stay at artistic2
|
||||
maintainers = with maintainers; [ abbradar ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{stdenv, fetchFromGitHub, fetchurl, pkgconfig, libusb, readline, libewf, perl, zlib, openssl,
|
||||
{stdenv, fetchFromGitHub, fetchurl, fetchpatch, pkgconfig, libusb, readline, libewf, perl, zlib, openssl,
|
||||
gtk2 ? null, vte ? null, gtkdialog ? null,
|
||||
python ? null,
|
||||
ruby ? null,
|
||||
|
@ -13,16 +13,24 @@ let
|
|||
inherit (stdenv.lib) optional;
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2.0.0";
|
||||
version = "2.0.1";
|
||||
name = "radare2-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "radare";
|
||||
repo = "radare2";
|
||||
rev = version;
|
||||
sha256 = "1ahai9x6jc15wjzdbdkri3rc88ark2i5s8nv2pxcp0wwldvawlzi";
|
||||
sha256 = "031ndvinsypagpkdszxjq0hj91ijq9zx4dzk53sz7il7s3zn65c7";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-15385.patch";
|
||||
url = https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4.patch;
|
||||
sha256 = "19qg5j9yr5r62nrq2b6mscxsz0wyyfah2z5jz8dvj9kqxq186d43";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = let
|
||||
cs_ver = "3.0.4"; # version from $sourceRoot/shlr/Makefile
|
||||
capstone = fetchurl {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, lib, buildPackages, fetchurl
|
||||
{ stdenv, lib, buildPackages, fetchurl, fetchpatch
|
||||
, enableStatic ? false
|
||||
, enableMinimal ? false
|
||||
, useMusl ? false, musl
|
||||
|
@ -39,7 +39,19 @@ stdenv.mkDerivation rec {
|
|||
|
||||
hardeningDisable = [ "format" ] ++ lib.optionals enableStatic [ "fortify" ];
|
||||
|
||||
patches = [ ./busybox-in-store.patch ];
|
||||
patches = [
|
||||
./busybox-in-store.patch
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-15873.patch";
|
||||
url = "https://git.busybox.net/busybox/patch/?id=0402cb32df015d9372578e3db27db47b33d5c7b0";
|
||||
sha256 = "1s3xqifd0dww19mbnzrks0i1az0qwd884sxjzrx33d6a9jxv4dzn";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-15874.patch";
|
||||
url = "https://git.busybox.net/busybox/patch/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b";
|
||||
sha256 = "0169p4ylz9zd14ghhb39yfjvbdca2kb21pphylfh9ny7i484ahql";
|
||||
})
|
||||
];
|
||||
|
||||
configurePhase = ''
|
||||
export KCONFIG_NOTIMESTAMP=1
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, fetchurl, lua }:
|
||||
{ stdenv, fetchurl, fetchpatch, lua }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "4.0.2";
|
||||
|
@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "04s8cgvwjj1979s3hg8zkwc9pyn3jkjpz5zidp87kfcipifr385i";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-15047.patch";
|
||||
url = https://github.com/antirez/redis/commit/ffcf7d5ab1e98d84c28af9bea7be76c6737820ad.patch;
|
||||
sha256 = "0cgx3lm0n7jxhsly8v9hdvy6vlamj3ck2jsid4fwyapz6907h64l";
|
||||
})
|
||||
];
|
||||
|
||||
buildInputs = [ lua ];
|
||||
makeFlags = "PREFIX=$(out)";
|
||||
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "partclone-${version}";
|
||||
version = "0.2.89";
|
||||
version = "0.3.11";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Thomas-Tsai";
|
||||
repo = "partclone";
|
||||
rev = version;
|
||||
sha256 = "0gw47pchqshhm00yf34qgxh6bh2jfryv0sm7ghwn77bv5gzwr481";
|
||||
sha256 = "0bv15i0gxym4dv48rgaavh8p94waryn1l6viis6qh5zm9cd08skg";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook pkgconfig ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{stdenv, fetchurl, bzip2}:
|
||||
{stdenv, fetchurl, fetchpatch, bzip2}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "rzip-2.1";
|
||||
|
@ -8,6 +8,14 @@ stdenv.mkDerivation {
|
|||
};
|
||||
buildInputs = [ bzip2 ];
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-8364-fill-buffer.patch";
|
||||
url = https://sources.debian.net/data/main/r/rzip/2.1-4.1/debian/patches/80-CVE-2017-8364-fill-buffer.patch;
|
||||
sha256 = "0jcjlx9ksdvxvjyxmyzscx9ar9992iy5icw0sc3n0p09qi4d6x1r";
|
||||
})
|
||||
];
|
||||
|
||||
meta = {
|
||||
homepage = http://rzip.samba.org/;
|
||||
description = "Compression program";
|
||||
|
|
|
@ -5,14 +5,14 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "3.6.0";
|
||||
version = "3.6.3";
|
||||
name = "yara-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "VirusTotal";
|
||||
repo = "yara";
|
||||
rev = "v${version}";
|
||||
sha256 = "05nadqpvihdyxym11mn6n02rzv2ng8ga7j9l0g5gnjx366gcai42";
|
||||
sha256 = "13znbdwin9lvql43wpms5hh13h8rk5x5wajgmphz18rxwp8h7j78";
|
||||
};
|
||||
|
||||
# FIXME: this is probably not the right way to make it work
|
||||
|
|
Loading…
Reference in a new issue