python: 2.7.14 -> 2.7.15 (bugfix + security)

Fixes CVE-2018-1000030, /cc #38993. The ncurses patch no longer applied, and it appears the problems have been resolved upstream https://bugs.python.org/issue25720 python/cpython@6ba0b583d67 (cherry picked from commit 59beaf7)
NixOS · May 27, 2018 · 30ff9ca · 30ff9ca · xeji · May 28, 2018
1 parent fd72137
commit 30ff9ca
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 120 deletions.
diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix
@@ -31,7 +31,7 @@ with stdenv.lib;
 
 let
   majorVersion = "2.7";
-  minorVersion = "14";
+  minorVersion = "15";
   minorVersionSuffix = "";
   pythonVersion = majorVersion;
   version = "${majorVersion}.${minorVersion}${minorVersionSuffix}";
@@ -40,7 +40,7 @@ let
 
   src = fetchurl {
     url = "https://www.python.org/ftp/python/${majorVersion}.${minorVersion}/Python-${version}.tar.xz";
-    sha256 = "0rka541ys16jwzcnnvjp2v12m4cwgd2jp6wj4kj511p715pb5zvi";
+    sha256 = "0x2mvz9dp11wj7p5ccvmk9s0hzjk2fa1m462p395l4r6bfnb3n92";
   };
 
   hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false);
@@ -58,8 +58,6 @@ let
       # if DETERMINISTIC_BUILD env var is set
       ./deterministic-build.patch
 
-      ./properly-detect-curses.patch
-
     ] ++ optionals (x11Support && stdenv.isDarwin) [
       ./use-correct-tcl-tk-on-darwin.patch
     ] ++ optionals stdenv.isLinux [

diff --git a/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch b/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch