diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-04-28 15:30:46 +0200 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-04-28 15:37:03 +0200 |
commit | cb3fa089ea0cc9bca856453839f11fa5d773ee80 (patch) | |
tree | 52f819d106bcb9eb51ef5b24f3fc71f4e22da9c1 /pkgs/os-specific/linux/cifs-utils | |
parent | dfc8b32edb2698bc6303d87b967b969ca16da021 (diff) | |
download | nixpkgs-cb3fa089ea0cc9bca856453839f11fa5d773ee80.tar nixpkgs-cb3fa089ea0cc9bca856453839f11fa5d773ee80.tar.gz nixpkgs-cb3fa089ea0cc9bca856453839f11fa5d773ee80.tar.bz2 nixpkgs-cb3fa089ea0cc9bca856453839f11fa5d773ee80.tar.lz nixpkgs-cb3fa089ea0cc9bca856453839f11fa5d773ee80.tar.xz nixpkgs-cb3fa089ea0cc9bca856453839f11fa5d773ee80.tar.zst nixpkgs-cb3fa089ea0cc9bca856453839f11fa5d773ee80.zip |
cifs-utils: patch buffer-overflow in ip param handling
https://www.openwall.com/lists/oss-security/2022/04/27/5 https://bugzilla.suse.com/show_bug.cgi?id=1197216 https://github.com/piastry/cifs-utils/pull/7 Fixes: CVE-2022-27239
Diffstat (limited to 'pkgs/os-specific/linux/cifs-utils')
-rw-r--r-- | pkgs/os-specific/linux/cifs-utils/default.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/cifs-utils/default.nix b/pkgs/os-specific/linux/cifs-utils/default.nix index d6dcf702110..e7a4a7f1de5 100644 --- a/pkgs/os-specific/linux/cifs-utils/default.nix +++ b/pkgs/os-specific/linux/cifs-utils/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, autoreconfHook, docutils, pkg-config +{ stdenv, lib, fetchurl, fetchpatch, autoreconfHook, docutils, pkg-config , libkrb5, keyutils, pam, talloc, python3 }: stdenv.mkDerivation rec { @@ -10,6 +10,16 @@ stdenv.mkDerivation rec { sha256 = "sha256-ZgnoB0tUISlf8BKjHwLM2aBYQVxhnIE2Lrt4jb8HVrg="; }; + patches = [ + (fetchpatch { + # Fix buffer-overflow in handling of ip= parameter in mount.cifs + # https://www.openwall.com/lists/oss-security/2022/04/27/5 + name = "CVE-2022-27239.patch"; + url = "https://github.com/piastry/cifs-utils/commit/007c07fd91b6d42f8bd45187cf78ebb06801139d.patch"; + sha256 = "sha256-3uoHso2q17r2bcEW+ZjYUWsW4OIGYA7kxYZxQQy0JOg="; + }) + ]; + nativeBuildInputs = [ autoreconfHook docutils pkg-config ]; buildInputs = [ libkrb5 keyutils pam talloc python3 ]; |