diff options
author | adisbladis <adis@blad.is> | 2018-04-20 02:07:16 +0800 |
---|---|---|
committer | adisbladis <adis@blad.is> | 2018-04-20 02:07:37 +0800 |
commit | 19bc90f91111f9d02e5e68fcdb4135913b9569eb (patch) | |
tree | c42f20839e124227ff20d537fd2e247bb39ed59f | |
parent | c826e15a98ed7886a389975f5f62dcb90285c2c3 (diff) | |
download | nixpkgs-19bc90f91111f9d02e5e68fcdb4135913b9569eb.tar nixpkgs-19bc90f91111f9d02e5e68fcdb4135913b9569eb.tar.gz nixpkgs-19bc90f91111f9d02e5e68fcdb4135913b9569eb.tar.bz2 nixpkgs-19bc90f91111f9d02e5e68fcdb4135913b9569eb.tar.lz nixpkgs-19bc90f91111f9d02e5e68fcdb4135913b9569eb.tar.xz nixpkgs-19bc90f91111f9d02e5e68fcdb4135913b9569eb.tar.zst nixpkgs-19bc90f91111f9d02e5e68fcdb4135913b9569eb.zip |
bazaar: Fix CVE-2017-14176
-rw-r--r-- | pkgs/applications/version-management/bazaar/default.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/pkgs/applications/version-management/bazaar/default.nix b/pkgs/applications/version-management/bazaar/default.nix index 47d667a0c06..72e010fd283 100644 --- a/pkgs/applications/version-management/bazaar/default.nix +++ b/pkgs/applications/version-management/bazaar/default.nix @@ -1,4 +1,5 @@ { stdenv, fetchurl, python2Packages +, fetchpatch , withSFTP ? true }: @@ -17,8 +18,15 @@ python2Packages.buildPythonApplication rec { propagatedBuildInputs = [] ++ stdenv.lib.optionals withSFTP [ python2Packages.paramiko ]; - # Bazaar can't find the certificates alone - patches = [ ./add_certificates.patch ]; + patches = [ + # Bazaar can't find the certificates alone + ./add_certificates.patch + (fetchpatch { + url = "https://bazaar.launchpad.net/~brz/brz/trunk/revision/6754"; + sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73"; + name = "CVE-2017-14176.patch"; + }) + ]; postPatch = '' substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \ --subst-var-by certPath /etc/ssl/certs/ca-certificates.crt |