From cb3fa089ea0cc9bca856453839f11fa5d773ee80 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 28 Apr 2022 15:30:46 +0200 Subject: [PATCH] cifs-utils: patch buffer-overflow in ip param handling https://www.openwall.com/lists/oss-security/2022/04/27/5 https://bugzilla.suse.com/show_bug.cgi?id=1197216 https://github.com/piastry/cifs-utils/pull/7 Fixes: CVE-2022-27239 --- pkgs/os-specific/linux/cifs-utils/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/cifs-utils/default.nix b/pkgs/os-specific/linux/cifs-utils/default.nix index d6dcf702110d..e7a4a7f1de51 100644 --- a/pkgs/os-specific/linux/cifs-utils/default.nix +++ b/pkgs/os-specific/linux/cifs-utils/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, autoreconfHook, docutils, pkg-config +{ stdenv, lib, fetchurl, fetchpatch, autoreconfHook, docutils, pkg-config , libkrb5, keyutils, pam, talloc, python3 }: stdenv.mkDerivation rec { @@ -10,6 +10,16 @@ stdenv.mkDerivation rec { sha256 = "sha256-ZgnoB0tUISlf8BKjHwLM2aBYQVxhnIE2Lrt4jb8HVrg="; }; + patches = [ + (fetchpatch { + # Fix buffer-overflow in handling of ip= parameter in mount.cifs + # https://www.openwall.com/lists/oss-security/2022/04/27/5 + name = "CVE-2022-27239.patch"; + url = "https://github.com/piastry/cifs-utils/commit/007c07fd91b6d42f8bd45187cf78ebb06801139d.patch"; + sha256 = "sha256-3uoHso2q17r2bcEW+ZjYUWsW4OIGYA7kxYZxQQy0JOg="; + }) + ]; + nativeBuildInputs = [ autoreconfHook docutils pkg-config ]; buildInputs = [ libkrb5 keyutils pam talloc python3 ];