nixpkgs/pkgs/applications/networking/sync/rsync/default.nix
Franz Pletz 57ecb3a8f0
rsync: 3.1.2 -> 3.1.3
The CVE patches weren't previously applied because they depend on the
enableCopyDevicesPatch parameter. The naming of the patches attribute in
base.nix was misleading.

The new rsync release now really fixes:

  * CVE-2017-15994
  * CVE-2017-16548
  * CVE-2017-17433
  * CVE-2017-17434
2018-01-29 13:54:47 +01:00

30 lines
860 B
Nix

{ stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt
, enableACLs ? true, acl ? null
, enableCopyDevicesPatch ? false
}:
assert enableACLs -> acl != null;
let
base = import ./base.nix { inherit stdenv fetchurl fetchpatch; };
in
stdenv.mkDerivation rec {
name = "rsync-${base.version}";
mainSrc = base.src;
patchesSrc = base.upstreamPatchTarball;
srcs = [mainSrc] ++ stdenv.lib.optional enableCopyDevicesPatch patchesSrc;
patches = stdenv.lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff";
buildInputs = [libiconv zlib popt] ++ stdenv.lib.optional enableACLs acl;
nativeBuildInputs = [perl];
configureFlags = ["--with-nobody-group=nogroup"];
meta = base.meta // {
description = "A fast incremental file transfer utility";
maintainers = with stdenv.lib.maintainers; [ peti ehmry kampfschlaefer ];
};
}