Merge pull request #303024 from wegank/guix-cve

guix: add patch for CVE-2024-27297
NixOS · Apr 10, 2024 · 0a57592 · 0a57592
2 parents a4fa45d + b081623
commit 0a57592
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/pkgs/by-name/gu/guix/package.nix b/pkgs/by-name/gu/guix/package.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, fetchpatch
 , autoreconfHook
 , disarchive
 , git
@@ -43,6 +44,19 @@ stdenv.mkDerivation rec {
     hash = "sha256-Q8dpy/Yy7wVEmsH6SMG6FSwzSUxqvH5HE3u6eyFJ+KQ=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-27297_1.patch";
+      url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143";
+      hash = "sha256-xKo1h2uckC2pYHt+memekagfL6dWcF8gOnTOOW/wJUU=";
+    })
+    (fetchpatch {
+      name = "CVE-2024-27297_2.patch";
+      url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=ff1251de0bc327ec478fc66a562430fbf35aef42";
+      hash = "sha256-f4KWDVrvO/oI+4SCUHU5GandkGtHrlaM1BWygM/Qlao=";
+    })
+  ];
+
   postPatch = ''
     sed nix/local.mk -i -E \
       -e "s|^sysvinitservicedir = .*$|sysvinitservicedir = $out/etc/init.d|" \