From edc01d05a925369f518b0f3cef6f3689e561011e Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 24 Jul 2021 20:07:43 +0100 Subject: [PATCH] lrzsz: add patch for CVE-2018-10195 provide gettext because modifying source files triggers localization regeneration --- pkgs/tools/misc/lrzsz/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/misc/lrzsz/default.nix b/pkgs/tools/misc/lrzsz/default.nix index 55c11b00c93c..09e90ca07940 100644 --- a/pkgs/tools/misc/lrzsz/default.nix +++ b/pkgs/tools/misc/lrzsz/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, gettext, fetchurl, fetchpatch }: stdenv.mkDerivation rec { name = "lrzsz-0.12.20"; @@ -8,6 +8,16 @@ stdenv.mkDerivation rec { sha256 = "1wcgfa9fsigf1gri74gq0pa7pyajk12m4z69x7ci9c6x9fqkd2y2"; }; + patches = [ + (fetchpatch { + name = "CVE-2018-10195.patch"; + url = "https://bugzilla.redhat.com/attachment.cgi?id=79507"; + sha256 = "0jlh8w0cjaz6k56f0h3a0h4wgc51axmrdn3mdspk7apjfzqcvx3c"; + }) + ]; + + nativeBuildInputs = [ gettext ]; + hardeningDisable = [ "format" ]; configureFlags = [ "--program-transform-name=s/^l//" ];