diff --git a/pkgs/development/libraries/libimobiledevice/default.nix b/pkgs/development/libraries/libimobiledevice/default.nix index 40bb9a5a140d..cfc31c120b45 100644 --- a/pkgs/development/libraries/libimobiledevice/default.nix +++ b/pkgs/development/libraries/libimobiledevice/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, python, pkgconfig, usbmuxd, glib, libgcrypt, +{ stdenv, fetchurl, fetchpatch, python, pkgconfig, usbmuxd, glib, libgcrypt, libtasn1, libplist, readline, libusbmuxd, openssl }: stdenv.mkDerivation rec { @@ -8,7 +8,13 @@ stdenv.mkDerivation rec { buildInputs = [ readline ]; propagatedBuildInputs = [ libusbmuxd glib libgcrypt libtasn1 libplist openssl ]; - patches = [ ./disable_sslv3.patch ]; + patches = [ + ./disable_sslv3.patch + (fetchpatch { # CVE-2016-5104 + url = "https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e.patch"; + sha256 = "06ygb9aqcvm4v08wrldsddjgyqv5bkpq6lxzq2a1nwqp9mq4a4k1"; + }) + ]; postPatch = ''sed -e 's@1\.3\.21@@' -i configure''; passthru.swig = libplist.swig; diff --git a/pkgs/development/libraries/libusbmuxd/default.nix b/pkgs/development/libraries/libusbmuxd/default.nix index edc3d3df9cb4..458798f9382a 100644 --- a/pkgs/development/libraries/libusbmuxd/default.nix +++ b/pkgs/development/libraries/libusbmuxd/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, libplist }: +{ stdenv, fetchurl, fetchpatch, pkgconfig, libplist }: stdenv.mkDerivation rec { name = "libusbmuxd-1.0.10"; @@ -7,6 +7,13 @@ stdenv.mkDerivation rec { sha256 = "1wn9zq2224786mdr12c5hxad643d29wg4z6b7jn888jx4s8i78hs"; }; + patches = [ + (fetchpatch { # CVE-2016-5104 + url = "https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196.patch"; + sha256 = "0cl3vys7bkwbdzf64d0rz3zlqpfc30w4l7j49ljv01agh42ywhgk"; + }) + ]; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libplist ];