cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/pkgs/development/libraries/libtar/default.nix
Thomas Gerbet ed88344846 libtar: apply patches for CVE-2021-33640, CVE-2021-33643, CVE-2021-33644, CVE-2021-33645 and CVE-2021-33646 
https://nvd.nist.gov/vuln/detail/CVE-2021-33640
https://nvd.nist.gov/vuln/detail/CVE-2021-33643
https://nvd.nist.gov/vuln/detail/CVE-2021-33644
https://nvd.nist.gov/vuln/detail/CVE-2021-33645
https://nvd.nist.gov/vuln/detail/CVE-2021-33646

One of the existing patch that was pulled from Debian has been replaced
by the Fedora version to be able to apply the
CVE-2021-33645/CVE-2021-33646/CVE-2021-33640 patch without changes.
2023-01-15 14:46:16 +01:00

51 lines
2 KiB
Nix
Raw Blame History

{ lib, stdenv, fetchgit, fetchpatch, autoreconfHook }:
stdenv.mkDerivation rec {
version = "1.2.20";
pname = "libtar";
# Maintenance repo for libtar (Arch Linux uses this)
src = fetchgit {
url = "git://repo.or.cz/libtar.git";
rev = "refs/tags/v${version}";
sha256 = "1pjsqnqjaqgkzf1j8m6y5h76bwprffsjjj6gk8rh2fjsha14rqn9";
};
patches = let
fp = name: sha256:
fetchpatch {
url = "https://sources.debian.net/data/main/libt/libtar/1.2.20-4/debian/patches/${name}.patch";
inherit sha256;
};
in [
(fetchpatch {
name = "no_static_buffers.patch";
url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-no-static-buffer.patch";
sha256 = "sha256-QcWOgdkNlALb+YDVneT1zCNAMf4d8IUm2kUUUy2VvJs=";
})
(fp "no_maxpathlen" "11riv231wpbdb1cm4nbdwdsik97wny5sxcwdgknqbp61ibk572b7")
(fp "CVE-2013-4420" "0d010190bqgr2ggy02qwxvjaymy9a22jmyfwdfh4086v876cbxpq")
(fp "th_get_size-unsigned-int" "1ravbs5yrfac98mnkrzciw9hd2fxq4dc07xl3wx8y2pv1bzkwm41")
(fetchpatch {
name = "CVE-2021-33643_CVE-2021-33644.patch";
url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch";
sha256 = "sha256-HdjotTvKJNntkdcV+kR08Ht/MyNeB6qUT0qo67BBOVA=";
})
(fetchpatch {
name = "CVE-2021-33645_CVE-2021-33646_CVE-2021-33640.patch";
url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch";
sha256 = "sha256-p9DEFAL5Y+Ldy5c9Wj9h/BSg4TDxIxCjCQJD+wGQ7oI=";
})
];
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ ];
meta = with lib; {
description = "C library for manipulating POSIX tar files";
homepage = "https://repo.or.cz/libtar";
license = licenses.bsd3;
platforms = with platforms; linux ++ darwin;
maintainers = [ maintainers.bjornfor ];
};
}
Reference in a new issue View git blame Copy permalink