Merge pull request #170778 from mweinelt/cifs-utils

cifs-utils: fix two security issues
This commit is contained in:
Sandro 2022-04-30 00:36:35 +02:00 committed by GitHub
commit 834b2caf0a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,4 +1,4 @@
{ stdenv, lib, fetchurl, autoreconfHook, docutils, pkg-config
{ stdenv, lib, fetchurl, fetchpatch, autoreconfHook, docutils, pkg-config
, libkrb5, keyutils, pam, talloc, python3 }:
stdenv.mkDerivation rec {
@ -10,6 +10,22 @@ stdenv.mkDerivation rec {
sha256 = "sha256-ZgnoB0tUISlf8BKjHwLM2aBYQVxhnIE2Lrt4jb8HVrg=";
};
patches = [
(fetchpatch {
# Fix buffer-overflow in handling of ip= parameter in mount.cifs
# https://www.openwall.com/lists/oss-security/2022/04/27/5
name = "CVE-2022-27239.patch";
url = "https://github.com/piastry/cifs-utils/commit/007c07fd91b6d42f8bd45187cf78ebb06801139d.patch";
sha256 = "sha256-3uoHso2q17r2bcEW+ZjYUWsW4OIGYA7kxYZxQQy0JOg=";
})
(fetchpatch {
# Fix disclosure of invalid credential configuration in verbose mode
name = "CVE-2022-29869.patch";
url = "https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379.patch";
sha256 = "sha256-MjfreeL1ME550EYK9LPOUAAjIk1BoMGfb+pQe3A1bz8=";
})
];
nativeBuildInputs = [ autoreconfHook docutils pkg-config ];
buildInputs = [ libkrb5 keyutils pam talloc python3 ];