From 7e40e89273df9ed15dc563401cd7c1343bcd0188 Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Wed, 30 Nov 2016 19:18:08 -0500
Subject: rpcbind: patch for CVE-2015-7236

---
 pkgs/servers/rpcbind/default.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'pkgs/servers/rpcbind/default.nix')

diff --git a/pkgs/servers/rpcbind/default.nix b/pkgs/servers/rpcbind/default.nix
index ba2e1447ffe..744763c43f1 100644
--- a/pkgs/servers/rpcbind/default.nix
+++ b/pkgs/servers/rpcbind/default.nix
@@ -1,10 +1,10 @@
-{ fetchurl, stdenv, pkgconfig, libtirpc
+{ fetchurl, fetchpatch, stdenv, pkgconfig, libtirpc
 , useSystemd ? true, systemd }:
 
 let version = "0.2.3";
 in stdenv.mkDerivation rec {
   name = "rpcbind-${version}";
-  
+
   src = fetchurl {
     url = "mirror://sourceforge/rpcbind/${version}/${name}.tar.bz2";
     sha256 = "0yyjzv4161rqxrgjcijkrawnk55rb96ha0pav48s03l2klx855wq";
@@ -13,6 +13,10 @@ in stdenv.mkDerivation rec {
   patches = [
     ./sunrpc.patch
     ./0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/r/rpcbind/0.2.3-0.5/debian/patches/CVE-2015-7236.patch";
+      sha256 = "1wsv5j8f5djzxr11n4027x107cam1avmx9w34g6l5d9s61j763wq";
+    })
   ];
 
   buildInputs = [ libtirpc ]
-- 
cgit 1.4.1