diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2021-07-22 02:52:59 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-22 02:52:59 +0200 |
commit | cae8134ccb29c4d319e0339762137297eb72af63 (patch) | |
tree | 2e360dbb35c2a11cc620268a28b7912fccf2cd94 /pkgs/applications/networking/sync | |
parent | 9f3ace4591752351eed2a2d640d5366b72751c4d (diff) | |
parent | a08ee2292caa8a676332c695d7d46bd38c235931 (diff) | |
download | nixpkgs-cae8134ccb29c4d319e0339762137297eb72af63.tar nixpkgs-cae8134ccb29c4d319e0339762137297eb72af63.tar.gz nixpkgs-cae8134ccb29c4d319e0339762137297eb72af63.tar.bz2 nixpkgs-cae8134ccb29c4d319e0339762137297eb72af63.tar.lz nixpkgs-cae8134ccb29c4d319e0339762137297eb72af63.tar.xz nixpkgs-cae8134ccb29c4d319e0339762137297eb72af63.tar.zst nixpkgs-cae8134ccb29c4d319e0339762137297eb72af63.zip |
Merge pull request #130545 from risicle/ris-rsync-CVE-2020-14387
Diffstat (limited to 'pkgs/applications/networking/sync')
-rw-r--r-- | pkgs/applications/networking/sync/rsync/base.nix | 9 | ||||
-rw-r--r-- | pkgs/applications/networking/sync/rsync/default.nix | 7 | ||||
-rw-r--r-- | pkgs/applications/networking/sync/rsync/rrsync.nix | 6 |
3 files changed, 16 insertions, 6 deletions
diff --git a/pkgs/applications/networking/sync/rsync/base.nix b/pkgs/applications/networking/sync/rsync/base.nix index 3479458088e..39ce5d3a7ea 100644 --- a/pkgs/applications/networking/sync/rsync/base.nix +++ b/pkgs/applications/networking/sync/rsync/base.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl }: +{ lib, fetchurl, fetchpatch }: rec { version = "3.2.3"; @@ -12,6 +12,13 @@ rec { url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; }; + extraPatches = [ + (fetchpatch { + name = "CVE-2020-14387.patch"; + url = "https://git.samba.org/?p=rsync.git;a=patch;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd"; + sha256 = "000lyx48lns84p53nsdlr45mb9558lrvnsz3yic0y3z6h2izv82x"; + }) + ]; meta = with lib; { description = "Fast incremental file transfer utility"; diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 239ea651854..7ce0ffb6089 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, perl, libiconv, zlib, popt +{ lib, stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt , enableACLs ? lib.meta.availableOn stdenv.hostPlatform acl, acl ? null , enableLZ4 ? true, lz4 ? null , enableOpenSSL ? true, openssl ? null @@ -15,7 +15,7 @@ assert enableXXHash -> xxHash != null; assert enableZstd -> zstd != null; let - base = import ./base.nix { inherit lib fetchurl; }; + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; in stdenv.mkDerivation rec { pname = "rsync"; @@ -26,7 +26,8 @@ stdenv.mkDerivation rec { patchesSrc = base.upstreamPatchTarball; srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc; - patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; + patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff" + ++ base.extraPatches; buildInputs = [libiconv zlib popt] ++ lib.optional enableACLs acl diff --git a/pkgs/applications/networking/sync/rsync/rrsync.nix b/pkgs/applications/networking/sync/rsync/rrsync.nix index d904794d948..e55f7fc1fba 100644 --- a/pkgs/applications/networking/sync/rsync/rrsync.nix +++ b/pkgs/applications/networking/sync/rsync/rrsync.nix @@ -1,7 +1,7 @@ -{ lib, stdenv, fetchurl, perl, rsync }: +{ lib, stdenv, fetchurl, perl, rsync, fetchpatch }: let - base = import ./base.nix { inherit lib fetchurl; }; + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; in stdenv.mkDerivation { pname = "rrsync"; @@ -16,6 +16,8 @@ stdenv.mkDerivation { dontConfigure = true; dontBuild = true; + patches = base.extraPatches; + postPatch = '' substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync ''; |