diff options
author | Christian Kauhaus <kc@flyingcircus.io> | 2020-02-10 16:39:24 +0100 |
---|---|---|
committer | Christian Kauhaus <kc@flyingcircus.io> | 2020-02-10 16:39:24 +0100 |
commit | 4682b29aad054b4ead15135c1d59db063497eafb (patch) | |
tree | 77490a289b3e7bc2aba5184a75c09da6a0c1411b /pkgs/development/libraries/libssh2 | |
parent | d9eb897edd8dfb7c65d8069197e3db5eeb537d69 (diff) | |
download | nixpkgs-4682b29aad054b4ead15135c1d59db063497eafb.tar nixpkgs-4682b29aad054b4ead15135c1d59db063497eafb.tar.gz nixpkgs-4682b29aad054b4ead15135c1d59db063497eafb.tar.bz2 nixpkgs-4682b29aad054b4ead15135c1d59db063497eafb.tar.lz nixpkgs-4682b29aad054b4ead15135c1d59db063497eafb.tar.xz nixpkgs-4682b29aad054b4ead15135c1d59db063497eafb.tar.zst nixpkgs-4682b29aad054b4ead15135c1d59db063497eafb.zip |
libssh2-1.9.0: apply patch for CVE-2019-17498
No upstream release yet, but https://github.com/libssh2/libssh2/pull/402 has been accepted by upstream devs. Original advisory: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ Re #73662
Diffstat (limited to 'pkgs/development/libraries/libssh2')
-rw-r--r-- | pkgs/development/libraries/libssh2/default.nix | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libssh2/default.nix b/pkgs/development/libraries/libssh2/default.nix index d4205981499..365c836c9fd 100644 --- a/pkgs/development/libraries/libssh2/default.nix +++ b/pkgs/development/libraries/libssh2/default.nix @@ -14,6 +14,15 @@ stdenv.mkDerivation rec { buildInputs = [ openssl zlib ] ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW windows.mingw_w64; + patches = [ + # not able to use fetchpatch here: infinite recursion + (fetchurl { + name = "CVE-2019-17498.patch"; + url = "https://github.com/libssh2/libssh2/pull/402.patch"; + sha256 = "1n9s2mcz5dkw0xpm3c5x4hzj8bar4i6z0pr1rmqjplhfg888vdvc"; + }) + ]; + meta = with stdenv.lib; { description = "A client-side C library implementing the SSH2 protocol"; homepage = https://www.libssh2.org; |