rpm: 4.12.0 -> 4.13.0-rc1 for CVEs

Null pointer deref & out of bound reads. See: https://lwn.net/Vulnerabilities/685287/

Fedora is shipping the rc1 as well.

re: https://github.com/NixOS/nixpkgs/pull/18975

1 files changed, 3 insertions, 3 deletions

diff --git a/pkgs/tools/package-management/rpm/default.nix b/pkgs/tools/package-management/rpm/default.nix
index dee408e1d65..6c3a63119b0 100644
--- a/pkgs/tools/package-management/rpm/default.nix
+++ b/pkgs/tools/package-management/rpm/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, cpio, zlib, bzip2, file, elfutils, libarchive, nspr, nss, popt, db, xz, python, lua, pkgconfig, autoreconfHook }:
 
 stdenv.mkDerivation rec {
-  name = "rpm-4.12.0";
+  name = "rpm-4.13.0-rc1";
 
   src = fetchurl {
-    url = "http://rpm.org/releases/rpm-4.12.x/${name}.tar.bz2";
-    sha256 = "18hk47hc755nslvb7xkq4jb095z7va0nlcyxdpxayc4lmb8mq3bp";
+    url = "http://www.rpm.org/releases/testing/rpm-4.13.0-rc1.tar.bz2";
+    sha256 = "097mc0kkrf09c01hrgi71df7maahmvayfgsvspnxigvl3xysv8hp";
   };
 
   outputs = [ "out" "dev" "man" ];