Skip to content

Commit

Permalink
libtar: fix CVE-2013-4420 by Debian patches
Browse files Browse the repository at this point in the history 
CC maintainer @bjornfor.
  • Loading branch information
@vcunat
vcunat committed Aug 21, 2014
1 parent d2539c6 commit 380ba43
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions pkgs/development/libraries/libtar/default.nix
View file
@@ -1,16 +1,29 @@
{ stdenv, fetchgit, autoreconfHook }:
{ stdenv, fetchgit, fetchpatch, autoreconfHook }:

stdenv.mkDerivation rec {
version = "1.2.20";
name = "libtar-${version}";

# Maintenance repo for libtar (Arch Linux uses this)
src = fetchgit {
url = "git://repo.or.cz/libtar.git";
rev = "refs/tags/v${version}";
sha256 = "1pjsqnqjaqgkzf1j8m6y5h76bwprffsjjj6gk8rh2fjsha14rqn9";
};

patches = let
fp = name: sha256:
fetchpatch {
url = "http://sources.debian.net/data/main/libt/libtar/1.2.20-4/debian/patches/${name}.patch";
inherit sha256;
};
in [
(fp "no_static_buffers" "0yv90bhvqjj0v650gzn8fbzhdhzx5z0r1lh5h9nv39wnww435bd0")
(fp "no_maxpathlen" "11riv231wpbdb1cm4nbdwdsik97wny5sxcwdgknqbp61ibk572b7")
(fp "CVE-2013-4420" "0d010190bqgr2ggy02qwxvjaymy9a22jmyfwdfh4086v876cbxpq")
(fp "th_get_size-unsigned-int" "1ravbs5yrfac98mnkrzciw9hd2fxq4dc07xl3wx8y2pv1bzkwm41")
];

buildInputs = [ autoreconfHook ];

meta = with stdenv.lib; {
Expand Down

1 comment on commit 380ba43

@bjornfor
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vcunat, Thanks!

Please sign in to comment.