curl: apply patches for CVE-2020-8169 and CVE-2020-8177

NixOS · Jun 24, 2020 · 039c3c9 · 039c3c9
1 parent f1693d6
commit 039c3c9
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
@@ -39,6 +39,22 @@ stdenv.mkDerivation rec {
     sha256 = "1l19b2xmzwjl2fqlbv46kwlz1823miaxczyx2a5lz8k7mmigw2x5";
   };
 
+  patches = [
+    # remove these two patches for cURL >= 7.71.0
+    (fetchurl {
+      # https://www.openwall.com/lists/oss-security/2020/06/24/1
+      name = "CVE-2020-8169.patch";
+      url = "https://github.com/curl/curl/commit/600a8cded447cd.patch";
+      sha256 = "10qdh995mgaxza3va7r7gl1xkyfidbhk09i5srm9h59ml4fqm36r";
+    })
+    (fetchurl {
+      # https://www.openwall.com/lists/oss-security/2020/06/24/2
+      name = "CVE-2020-8177.patch";
+      url = "https://github.com/curl/curl/commit/8236aba58542c5f.patch";
+      sha256 = "08zwizkbwy2blcqza4681099cd13z3ww2lq5ypnf2c5zsysnv48a";
+    })
+  ];
+
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
   separateDebugInfo = stdenv.isLinux;