Merge pull request #87139 from mweinelt/pr/security-patch-names
treewide: add CVE identifiers to patches
This commit is contained in:
commit
38d043b116
12 changed files with 32 additions and 21 deletions
|
@ -16,7 +16,7 @@ stdenv.mkDerivation {
|
|||
substituteInPlace Makefile --replace "gcc" "cc"
|
||||
'';
|
||||
|
||||
patches = [ ./10_fix_buffer_overflow_wordole_c.patch ];
|
||||
patches = [ ./10_fix_buffer_overflow_wordole_c_CVE-2014-8123.patch ];
|
||||
|
||||
installTargets = [ "global_install" ];
|
||||
|
||||
|
|
|
@ -12,8 +12,8 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [ perl cups dbus enscript ];
|
||||
|
||||
patches = [
|
||||
# for CVE-2015-8327 & CVE-2015-8560
|
||||
(fetchpatch {
|
||||
name = "CVE-2015-8327+CVE-2015-8560.patch";
|
||||
url = "https://salsa.debian.org/debian/foomatic-filters/raw/a3abbef2d2f8c7e62d2fe64f64afe294563fdf8f/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch";
|
||||
sha256 = "055nwi3sjf578nk40bqsch3wx8m2h65hdih0wmxflb6l0hwkq4p4";
|
||||
})
|
||||
|
|
|
@ -13,6 +13,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2018-14348.patch";
|
||||
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch?id=33e9f4c81de754bbf76b893ea1133ed023f2a0e5";
|
||||
sha256 = "1x0x29ld0cgmfwq4qy13s6d5c8sym1frfh1j2q47d8gfw6qaxka5";
|
||||
})
|
||||
|
|
|
@ -13,10 +13,12 @@ stdenv.mkDerivation rec {
|
|||
./12-CVE-2016-9296.patch
|
||||
./13-CVE-2017-17969.patch
|
||||
(fetchpatch {
|
||||
name = "3-CVE-2018-5996.patch";
|
||||
url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch";
|
||||
sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "4-CVE-2018-10115.patch";
|
||||
url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch";
|
||||
sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6";
|
||||
})
|
||||
|
|
|
@ -9,27 +9,27 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "127xql52dcdhmh7s5m9xc6q39jdlj3zhbjar1j821kb6gl3jw94b";
|
||||
};
|
||||
|
||||
patches = map (p:
|
||||
fetchpatch {
|
||||
inherit (p) name sha256;
|
||||
url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/${p.name}";
|
||||
}) [
|
||||
{
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "00-support_large_iso.patch";
|
||||
url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/00-support_large_iso.patch";
|
||||
sha256 = "1lmclb1qwzz5f4wlq693g83bblwnjjl73qhgfxbsaac5hnn2shjw";
|
||||
}
|
||||
{
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "01-fix_typo.patch";
|
||||
url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/01-fix_typo.patch";
|
||||
sha256 = "14rpxp0yylzsgqv0r19l4wx1h5hvqp617gpv1yg0w48amr9drasa";
|
||||
}
|
||||
{ # CVE-2015-8837
|
||||
name = "02-prevent-buffer-overflow.patch";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "02-prevent-buffer-overflow_CVE-2015-8837.patch";
|
||||
url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/02-prevent-buffer-overflow.patch";
|
||||
sha256 = "1ls2pp3mh91pdb51qz1fsd8pwhbky6988bpd156bn7wgfxqzh8ig";
|
||||
}
|
||||
{ # CVE-2015-8836
|
||||
name = "03-prevent-integer-overflow.patch";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "03-prevent-integer-overflow_CVE-2015-8836.patch";
|
||||
url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/03-prevent-integer-overflow.patch";
|
||||
sha256 = "100cw07fk4sa3hl7a1gk2hgz4qsxdw99y20r7wpidwwwzy463zcv";
|
||||
}
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook pkgconfig ];
|
||||
|
|
|
@ -9,7 +9,12 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "5145aa844e54cca89ddab6fb7dd9e5952811d8d787c4f4bf27eb261e6c182098";
|
||||
};
|
||||
|
||||
patches = [ ./format-string.patch ./overflow.patch ./segv.patch ./sprintf.patch ];
|
||||
patches = [
|
||||
./format-string_CVE-2012-4426.patch
|
||||
./overflow_CVE-2012-4409.patch
|
||||
./segv.patch
|
||||
./sprintf_CVE-2012-4527.patch
|
||||
];
|
||||
|
||||
buildInputs = [ libmcrypt libmhash ];
|
||||
|
||||
|
|
|
@ -17,9 +17,11 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
patches = [
|
||||
(fetchpatch { url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch";
|
||||
sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2014-0470.patch";
|
||||
url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch";
|
||||
sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh";
|
||||
})
|
||||
];
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE";
|
||||
|
|
|
@ -17,6 +17,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "0grqqsc3m45niac56m19m5gx7gc0m8zvia5iman1l4rlq31shf8s";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2015-8107.patch";
|
||||
url = "https://sources.debian.net/data/main/a/a2ps/1:4.14-1.3/debian/patches/fix-format-security.diff";
|
||||
sha256 = "0pq7zl41gf2kc6ahwyjnzn93vbxb4jc2c5g8j20isp4vw6dqrnwv";
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue