diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2015-09-01 20:33:27 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2015-09-02 05:23:55 +0200 |
commit | 2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f (patch) | |
tree | 0bf11c16c74322caa953847597c099c64690cffd /pkgs/development/libraries | |
parent | 54c4aab6621662e7d8f386c1da53107d56813e32 (diff) | |
download | nixpkgs-2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f.tar nixpkgs-2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f.tar.gz nixpkgs-2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f.tar.bz2 nixpkgs-2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f.tar.lz nixpkgs-2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f.tar.xz nixpkgs-2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f.tar.zst nixpkgs-2dccca399c9a6d96c4d5344c1f0af29d8d8a2c9f.zip |
libunwind: security fix for CVE-2015-3239
Thanks to the monitor. Low security and high rebuild impact, but still...
Diffstat (limited to 'pkgs/development/libraries')
-rw-r--r-- | pkgs/development/libraries/libunwind/cve-2015-3239.patch | 15 | ||||
-rw-r--r-- | pkgs/development/libraries/libunwind/default.nix | 6 |
2 files changed, 18 insertions, 3 deletions
diff --git a/pkgs/development/libraries/libunwind/cve-2015-3239.patch b/pkgs/development/libraries/libunwind/cve-2015-3239.patch new file mode 100644 index 00000000000..247b2dab44f --- /dev/null +++ b/pkgs/development/libraries/libunwind/cve-2015-3239.patch @@ -0,0 +1,15 @@ +http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1 + +diff --git a/include/dwarf_i.h b/include/dwarf_i.h +index 0e72845..86dcdb8 100644 +--- a/include/dwarf_i.h ++++ b/include/dwarf_i.h +@@ -20,7 +20,7 @@ + extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH]; + /* REG is evaluated multiple times; it better be side-effects free! */ + # define dwarf_to_unw_regnum(reg) \ +- (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) ++ (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) + #endif + + #ifdef UNW_LOCAL_ONLY diff --git a/pkgs/development/libraries/libunwind/default.nix b/pkgs/development/libraries/libunwind/default.nix index 91895114ea0..ecaa643b143 100644 --- a/pkgs/development/libraries/libunwind/default.nix +++ b/pkgs/development/libraries/libunwind/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "libunwind-1.1"; - + src = fetchurl { url = "mirror://savannah/libunwind/${name}.tar.gz"; sha256 = "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx"; }; - patches = [ ./libunwind-1.1-lzma.patch ]; + patches = [ ./libunwind-1.1-lzma.patch ./cve-2015-3239.patch ]; postPatch = '' sed -i -e '/LIBLZMA/s:-lzma:-llzma:' configure @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { sed -i 's,-llzma,${xz}/lib/liblzma.la,' $file done ''; - + meta = with stdenv.lib; { homepage = http://www.nongnu.org/libunwind; description = "A portable and efficient API to determine the call-chain of a program"; |