diff options
| author | Robert Scott <code@humanleg.org.uk> | 2021-07-18 00:08:00 +0100 |
|---|---|---|
| committer | Robert Scott <code@humanleg.org.uk> | 2021-07-18 14:18:28 +0100 |
| commit | a08ee2292caa8a676332c695d7d46bd38c235931 (patch) | |
| tree | 613145c36cff082f7908bb9bf36c670dd361a381 /pkgs/applications/networking | |
| parent | 09be4e7750385071130d8c08413afbff792ca53b (diff) | |
| download | nixpkgs-a08ee2292caa8a676332c695d7d46bd38c235931.tar nixpkgs-a08ee2292caa8a676332c695d7d46bd38c235931.tar.gz nixpkgs-a08ee2292caa8a676332c695d7d46bd38c235931.tar.bz2 nixpkgs-a08ee2292caa8a676332c695d7d46bd38c235931.tar.lz nixpkgs-a08ee2292caa8a676332c695d7d46bd38c235931.tar.xz nixpkgs-a08ee2292caa8a676332c695d7d46bd38c235931.tar.zst nixpkgs-a08ee2292caa8a676332c695d7d46bd38c235931.zip | |
rsync: add patch for CVE-2020-14387
Diffstat (limited to 'pkgs/applications/networking')
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/base.nix | 9 | ||||
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/default.nix | 7 | ||||
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/rrsync.nix | 6 |
3 files changed, 16 insertions, 6 deletions
diff --git a/pkgs/applications/networking/sync/rsync/base.nix b/pkgs/applications/networking/sync/rsync/base.nix index 3479458088e..39ce5d3a7ea 100644 --- a/pkgs/applications/networking/sync/rsync/base.nix +++ b/pkgs/applications/networking/sync/rsync/base.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl }: +{ lib, fetchurl, fetchpatch }: rec { version = "3.2.3"; @@ -12,6 +12,13 @@ rec { url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; }; + extraPatches = [ + (fetchpatch { + name = "CVE-2020-14387.patch"; + url = "https://git.samba.org/?p=rsync.git;a=patch;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd"; + sha256 = "000lyx48lns84p53nsdlr45mb9558lrvnsz3yic0y3z6h2izv82x"; + }) + ]; meta = with lib; { description = "Fast incremental file transfer utility"; diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 54417e6ef4b..0aa250ca265 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, perl, libiconv, zlib, popt +{ lib, stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt , enableACLs ? lib.meta.availableOn stdenv.hostPlatform acl, acl ? null , enableLZ4 ? true, lz4 ? null , enableOpenSSL ? true, openssl ? null @@ -15,7 +15,7 @@ assert enableXXHash -> xxHash != null; assert enableZstd -> zstd != null; let - base = import ./base.nix { inherit lib fetchurl; }; + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; in stdenv.mkDerivation rec { name = "rsync-${base.version}"; @@ -25,7 +25,8 @@ stdenv.mkDerivation rec { patchesSrc = base.upstreamPatchTarball; srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc; - patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; + patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff" + ++ base.extraPatches; buildInputs = [libiconv zlib popt] ++ lib.optional enableACLs acl diff --git a/pkgs/applications/networking/sync/rsync/rrsync.nix b/pkgs/applications/networking/sync/rsync/rrsync.nix index 83eb4658d2f..8ed09c190af 100644 --- a/pkgs/applications/networking/sync/rsync/rrsync.nix +++ b/pkgs/applications/networking/sync/rsync/rrsync.nix @@ -1,7 +1,7 @@ -{ lib, stdenv, fetchurl, perl, rsync }: +{ lib, stdenv, fetchurl, perl, rsync, fetchpatch }: let - base = import ./base.nix { inherit lib fetchurl; }; + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; in stdenv.mkDerivation { name = "rrsync-${base.version}"; @@ -15,6 +15,8 @@ stdenv.mkDerivation { dontConfigure = true; dontBuild = true; + patches = base.extraPatches; + postPatch = '' substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync ''; |