wget: 1.19.1 -> 1.19.2 for multiple CVEs

Fixes CVE-2017-13089, CVE-2017-13090. (cherry picked from commit 3e29dd0)
NixOS · Oct 27, 2017 · ac2bb56 · ac2bb56
1 parent 5ce1732
commit ac2bb56
Showing 1 changed file with 5 additions and 10 deletions.
diff --git a/pkgs/tools/networking/wget/default.nix b/pkgs/tools/networking/wget/default.nix
@@ -1,24 +1,19 @@
 { stdenv, fetchurl, gettext, pkgconfig, perl
 , libidn2, zlib, pcre, libuuid, libiconv
-, IOSocketSSL, LWP, python3
+, IOSocketSSL, LWP, python3, lzip
 , libpsl ? null
 , openssl ? null }:
 
 stdenv.mkDerivation rec {
-  name = "wget-1.19.1";
+  name = "wget-1.19.2";
 
   src = fetchurl {
-    url = "mirror://gnu/wget/${name}.tar.xz";
-    sha256 = "1ljcfhbkdsd0zjfm520rbl1ai62fc34i7c45sfj244l8f6b0p58c";
+    url = "mirror://gnu/wget/${name}.tar.lz";
+    sha256 = "01yzal7xm85543x02bij3capnigr063d6c5vc039f8n5s9d796nm";
   };
 
   patches = [
     ./remove-runtime-dep-on-openssl-headers.patch
-    (fetchurl {
-      name = "CVE-2017-6508";
-      url = "http://git.savannah.gnu.org/cgit/wget.git/patch/?id=4d729e322fae359a1aefaafec1144764a54e8ad4";
-      sha256 = "14r0c5y3w3gavxp2d9yq8xji82izi5sx0sjv6jpmk6zp6cnr7cjf";
-    })
   ];
 
   preConfigure = ''
@@ -34,7 +29,7 @@ stdenv.mkDerivation rec {
     export LIBS="-liconv -lintl"
   '';
 
-  nativeBuildInputs = [ gettext pkgconfig perl ];
+  nativeBuildInputs = [ gettext pkgconfig perl lzip ];
   buildInputs = [ libidn2 libiconv zlib pcre libuuid ]
     ++ stdenv.lib.optionals doCheck [ IOSocketSSL LWP python3 ]
     ++ stdenv.lib.optional (openssl != null) openssl