diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-01-05 01:00:13 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-01-05 01:01:02 +0100 |
| commit | 57fc4d21b717410d0c044609e3182a0df96acfa8 (patch) | |
| tree | 4dc906d7a2ec2473badd7ec1aa4e043d2eeeaa0d /pkgs/shells/bash | |
| parent | 6f2840c158e93d4d40bd6557078c2f539cb39cbb (diff) | |
| download | nixpkgs-57fc4d21b717410d0c044609e3182a0df96acfa8.tar nixpkgs-57fc4d21b717410d0c044609e3182a0df96acfa8.tar.gz nixpkgs-57fc4d21b717410d0c044609e3182a0df96acfa8.tar.bz2 nixpkgs-57fc4d21b717410d0c044609e3182a0df96acfa8.tar.lz nixpkgs-57fc4d21b717410d0c044609e3182a0df96acfa8.tar.xz nixpkgs-57fc4d21b717410d0c044609e3182a0df96acfa8.tar.zst nixpkgs-57fc4d21b717410d0c044609e3182a0df96acfa8.zip | |
bash-4.4: p0 -> p5 + a security patch from Gentoo
Diffstat (limited to 'pkgs/shells/bash')
| -rw-r--r-- | pkgs/shells/bash/4.4.nix | 29 | ||||
| -rw-r--r-- | pkgs/shells/bash/bash-4.4-patches.nix | 5 |
2 files changed, 24 insertions, 10 deletions
diff --git a/pkgs/shells/bash/4.4.nix b/pkgs/shells/bash/4.4.nix index 406ca4d08fd..7dbb1832497 100644 --- a/pkgs/shells/bash/4.4.nix +++ b/pkgs/shells/bash/4.4.nix @@ -12,11 +12,21 @@ let baseConfigureFlags = if interactive then "--with-installed-readline" else "--disable-readline"; sha256 = "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq"; + upstreamPatches = + let + patch = nr: sha256: + fetchurl { + url = "mirror://gnu/bash/${realName}-patches/${shortName}-${nr}"; + inherit sha256; + }; + in + import ./bash-4.4-patches.nix patch; + inherit (stdenv.lib) optional optionalString; in stdenv.mkDerivation rec { - name = "${realName}-p${toString (builtins.length patches)}"; + name = "${realName}-p${toString (builtins.length upstreamPatches)}"; src = fetchurl { url = "mirror://gnu/bash/${realName}.tar.gz"; @@ -41,15 +51,14 @@ stdenv.mkDerivation rec { patchFlags = "-p0"; - patches = - (let - patch = nr: sha256: - fetchurl { - url = "mirror://gnu/bash/${realName}-patches/${shortName}-${nr}"; - inherit sha256; - }; - in - import ./bash-4.4-patches.nix patch) + patches = upstreamPatches + ++ [ (fetchurl { + # https://security.gentoo.org/glsa/201701-02 + url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells" + + "/bash/files/bash-4.4-popd-offset-overflow.patch" + + "?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682"; + sha256 = "02n08lw5spvsc2b1bll0gr6mg4qxcg7pzfjkw7ji5w7bjcikccbm"; + }) ] ++ optional stdenv.isCygwin ./cygwin-bash-4.3.33-1.src.patch; crossAttrs = { diff --git a/pkgs/shells/bash/bash-4.4-patches.nix b/pkgs/shells/bash/bash-4.4-patches.nix index b8019fb3350..c3ef5470aeb 100644 --- a/pkgs/shells/bash/bash-4.4-patches.nix +++ b/pkgs/shells/bash/bash-4.4-patches.nix @@ -1,4 +1,9 @@ # Automatically generated by `update-patch-set.sh'; do not edit. patch: [ +(patch "001" "03vzy7qwjdd5qvl3ydg99naazas2qmyd0yhnrflgjbbm64axja1y") +(patch "002" "0lrwq6vyqism3yqv9s7kzaf3dsl4q5w9r5svcqz279qp7qca083h") +(patch "003" "1chqww2rj6g42b8s60q5zlzy0jzp684jkpsbrbfy1vzxja8mmpsi") +(patch "004" "1cy8abf96hkrjhw921ndr0shlcnc52bg45rn6xri4v5clhq0l25d") +(patch "005" "0a8515kyk4zsgmvlqvlganjfr7pq0j6kzpr4d6xx02kpbdr4n7i2") ] |