57ecb3a8f0
The CVE patches weren't previously applied because they depend on the enableCopyDevicesPatch parameter. The naming of the patches attribute in base.nix was misleading. The new rsync release now really fixes: * CVE-2017-15994 * CVE-2017-16548 * CVE-2017-17433 * CVE-2017-17434
30 lines
860 B
Nix
30 lines
860 B
Nix
{ stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt
|
|
, enableACLs ? true, acl ? null
|
|
, enableCopyDevicesPatch ? false
|
|
}:
|
|
|
|
assert enableACLs -> acl != null;
|
|
|
|
let
|
|
base = import ./base.nix { inherit stdenv fetchurl fetchpatch; };
|
|
in
|
|
stdenv.mkDerivation rec {
|
|
name = "rsync-${base.version}";
|
|
|
|
mainSrc = base.src;
|
|
|
|
patchesSrc = base.upstreamPatchTarball;
|
|
|
|
srcs = [mainSrc] ++ stdenv.lib.optional enableCopyDevicesPatch patchesSrc;
|
|
patches = stdenv.lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff";
|
|
|
|
buildInputs = [libiconv zlib popt] ++ stdenv.lib.optional enableACLs acl;
|
|
nativeBuildInputs = [perl];
|
|
|
|
configureFlags = ["--with-nobody-group=nogroup"];
|
|
|
|
meta = base.meta // {
|
|
description = "A fast incremental file transfer utility";
|
|
maintainers = with stdenv.lib.maintainers; [ peti ehmry kampfschlaefer ];
|
|
};
|
|
}
|