diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-11-20 15:44:24 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-11-21 00:40:40 +0100 |
commit | 138abad75727b7cdb364cdc15a50beaeeb6f824c (patch) | |
tree | 09db012897b9b3c0501d157d9ee9a799d901fe84 | |
parent | 86233bdfddfc1cf8c302f68738205daab4df78db (diff) | |
download | nixpkgs-138abad75727b7cdb364cdc15a50beaeeb6f824c.tar nixpkgs-138abad75727b7cdb364cdc15a50beaeeb6f824c.tar.gz nixpkgs-138abad75727b7cdb364cdc15a50beaeeb6f824c.tar.bz2 nixpkgs-138abad75727b7cdb364cdc15a50beaeeb6f824c.tar.lz nixpkgs-138abad75727b7cdb364cdc15a50beaeeb6f824c.tar.xz nixpkgs-138abad75727b7cdb364cdc15a50beaeeb6f824c.tar.zst nixpkgs-138abad75727b7cdb364cdc15a50beaeeb6f824c.zip |
musl: patch CVE-2020-28928
Destination buffer overflow in wcsnrtombs. Fixes: CVE-2020-28928
-rw-r--r-- | pkgs/os-specific/linux/musl/default.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/musl/default.nix b/pkgs/os-specific/linux/musl/default.nix index 67d08454a84..acc9fff5b48 100644 --- a/pkgs/os-specific/linux/musl/default.nix +++ b/pkgs/os-specific/linux/musl/default.nix @@ -62,6 +62,12 @@ stdenv.mkDerivation rec { url = "https://raw.githubusercontent.com/openwrt/openwrt/87606e25afac6776d1bbc67ed284434ec5a832b4/toolchain/musl/patches/300-relative.patch"; sha256 = "0hfadrycb60sm6hb6by4ycgaqc9sgrhh42k39v8xpmcvdzxrsq2n"; }) + # wcsnrtombs destination buffer overflow, remove >= 1.2.2 + (fetchurl { + name = "CVE-2020-28928.patch"; + url = "https://www.openwall.com/lists/oss-security/2020/11/20/4/1"; + sha256 = "077n2p165504nz9di6n8y5421591r3lsbcxgih8z26l6mvkhcs2h"; + }) ]; CFLAGS = [ "-fstack-protector-strong" ] ++ lib.optional stdenv.hostPlatform.isPower "-mlong-double-64"; |