Merge pull request #86468 from tokudan/20.03/p7zip-cve

p7zip: fix two CVEs
NixOS · May 1, 2020 · cff5440 · cff5440
2 parents 53a1ae1 + de316f9
commit cff5440
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/pkgs/tools/archivers/p7zip/default.nix b/pkgs/tools/archivers/p7zip/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, lib, enableUnfree ? false }:
+{ stdenv, fetchurl, fetchpatch, lib, enableUnfree ? false }:
 
 stdenv.mkDerivation rec {
   pname = "p7zip";
@@ -12,6 +12,14 @@ stdenv.mkDerivation rec {
   patches = [
     ./12-CVE-2016-9296.patch
     ./13-CVE-2017-17969.patch
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch";
+      sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp";
+    })
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch";
+      sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6";
+    })
   ];
 
   # Default makefile is full of impurities on Darwin. The patch doesn't hurt Linux so I'm leaving it unconditional