rpm: 4.12.0 -> 4.13.0-rc1 for CVEs

Null pointer deref & out of bound reads. See: https://lwn.net/Vulnerabilities/685287/ Fedora is shipping the rc1 as well. re: https://github.com/NixOS/nixpkgs/pull/18975
2024-11-23 06:01:15 +00:00 · 2016-09-27 21:06:42 -04:00 · 2016-09-27 21:06:42 -04:00 · dad5651bd4
parent b5ab13a5ff
commit dad5651bd4
1 changed files with 3 additions and 3 deletions
--- a/pkgs/tools/package-management/rpm/default.nix
+++ b/pkgs/tools/package-management/rpm/default.nix
@ -1,11 +1,11 @@
 { stdenv, fetchurl, cpio, zlib, bzip2, file, elfutils, libarchive, nspr, nss, popt, db, xz, python, lua, pkgconfig, autoreconfHook }:

 stdenv.mkDerivation rec {
-  name = "rpm-4.12.0";
+  name = "rpm-4.13.0-rc1";

  src = fetchurl {
-    url = "http://rpm.org/releases/rpm-4.12.x/${name}.tar.bz2";
-    sha256 = "18hk47hc755nslvb7xkq4jb095z7va0nlcyxdpxayc4lmb8mq3bp";
+    url = "http://www.rpm.org/releases/testing/rpm-4.13.0-rc1.tar.bz2";
+    sha256 = "097mc0kkrf09c01hrgi71df7maahmvayfgsvspnxigvl3xysv8hp";
  };

  outputs = [ "out" "dev" "man" ];