diff options
| author | Graham Christensen <graham@grahamc.com> | 2016-11-30 19:29:51 -0500 |
|---|---|---|
| committer | Graham Christensen <graham@grahamc.com> | 2016-11-30 19:29:51 -0500 |
| commit | ea07ad6bd9e3144248864a21b4999f32b78c2857 (patch) | |
| tree | 28cda1a7ad228978394ce11b28e15bce3a80a495 /pkgs/development/libraries/icu | |
| parent | 96393560d0072696ca4720d859ef6f7abf3b94ae (diff) | |
| download | nixpkgs-ea07ad6bd9e3144248864a21b4999f32b78c2857.tar nixpkgs-ea07ad6bd9e3144248864a21b4999f32b78c2857.tar.gz nixpkgs-ea07ad6bd9e3144248864a21b4999f32b78c2857.tar.bz2 nixpkgs-ea07ad6bd9e3144248864a21b4999f32b78c2857.tar.lz nixpkgs-ea07ad6bd9e3144248864a21b4999f32b78c2857.tar.xz nixpkgs-ea07ad6bd9e3144248864a21b4999f32b78c2857.tar.zst nixpkgs-ea07ad6bd9e3144248864a21b4999f32b78c2857.zip | |
Revert "Revert "icu: patch for multiple CVEs""
icu: patch for multiple CVEs - CVE-2014-6585 - CVE-2015-4760 - CVE-2016-0494 - CVE-2016-6293 - CVE-2016-7415
Diffstat (limited to 'pkgs/development/libraries/icu')
| -rw-r--r-- | pkgs/development/libraries/icu/54.1.nix | 5 | ||||
| -rw-r--r-- | pkgs/development/libraries/icu/default.nix | 34 |
2 files changed, 35 insertions, 4 deletions
diff --git a/pkgs/development/libraries/icu/54.1.nix b/pkgs/development/libraries/icu/54.1.nix index cd4398b3cc0..a2465ce930f 100644 --- a/pkgs/development/libraries/icu/54.1.nix +++ b/pkgs/development/libraries/icu/54.1.nix @@ -1,7 +1,7 @@ -{ stdenv, fetchurl, fixDarwinDylibNames }: +{ stdenv, fetchurl, fetchpatch, fixDarwinDylibNames }: let - icu = import ./default.nix { inherit stdenv fetchurl fixDarwinDylibNames; }; + icu = import ./default.nix { inherit stdenv fetchurl fetchpatch fixDarwinDylibNames; }; in stdenv.lib.overrideDerivation icu (attrs: { src = fetchurl { @@ -9,4 +9,3 @@ in sha256 = "1cwapgjmvrcv1n2wjspj3vahidg596gjfp4jn1gcb4baralcjayl"; }; }) - diff --git a/pkgs/development/libraries/icu/default.nix b/pkgs/development/libraries/icu/default.nix index ba8fe038ffa..d4a4c2a500c 100644 --- a/pkgs/development/libraries/icu/default.nix +++ b/pkgs/development/libraries/icu/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, fixDarwinDylibNames }: +{ stdenv, fetchurl, fetchpatch, fixDarwinDylibNames }: let pname = "icu4c"; @@ -25,6 +25,38 @@ stdenv.mkDerivation ({ echo Source root reset to ''${sourceRoot} ''; + # This pre/postPatch shenanigans is to handle that the patches expect + # to be outside of `source`. + prePatch = '' + pushd .. + ''; + postPatch = '' + popd + ''; + + patches = [ + (fetchpatch { + url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2014-6585.patch"; + sha256 = "1s8kqax444pqf5chwxvgsx1n1dx7v74h34fqh08fyq57mcjnpj4d"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2015-4760.patch"; + sha256 = "08gawyqbylk28i9pxv9vsw2drdpd6i97q0aml4nmv2xyb1ala0wp"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2016-0494.patch"; + sha256 = "1741s8lpmnizjprzk3xb7zkm5fznzgk8hhlrs8a338c18nalvxay"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2016-6293.patch"; + sha256 = "01h4xcss1vmsr60ijkv4lxsgvspwimyss61zp9nq4xd5i3kk1f4b"; + }) + (fetchpatch { + url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2016-7415.patch"; + sha256 = "01d070h8d7rkj55ac8isr64m999bv5znc8vnxa7aajglsfidzs2r"; + }) + ]; + preConfigure = '' sed -i -e "s|/bin/sh|${stdenv.shell}|" configure ''; |