4fd6cb7abd
The vulnerability seems quite serious. It isn't practical to use fetchpatch here due to bootstrapping, so I just committed the small patch file.
45 lines
1.2 KiB
Nix
45 lines
1.2 KiB
Nix
{ stdenv, fetchurl
|
|
, linkStatic ? (stdenv.hostPlatform.system == "i686-cygwin")
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "bzip2-${version}";
|
|
version = "1.0.6.0.1";
|
|
|
|
/* We use versions patched to use autotools style properly,
|
|
saving lots of trouble. */
|
|
src = fetchurl {
|
|
urls = map
|
|
(prefix: prefix + "/people/sbrabec/bzip2/tarballs/${name}.tar.gz")
|
|
[
|
|
"http://ftp.uni-kl.de/pub/linux/suse"
|
|
"ftp://ftp.hs.uni-hamburg.de/pub/mirrors/suse"
|
|
"ftp://ftp.mplayerhq.hu/pub/linux/suse"
|
|
"http://ftp.suse.com/pub" # the original patched version but slow
|
|
];
|
|
sha256 = "0b5b5p8c7bslc6fslcr1nj9136412v3qcvbg6yxi9argq9g72v8c";
|
|
};
|
|
|
|
patches = [
|
|
./CVE-2016-3189.patch
|
|
./cve-2019-12900.patch
|
|
];
|
|
|
|
postPatch = ''
|
|
sed -i -e '/<sys\\stat\.h>/s|\\|/|' bzip2.c
|
|
'';
|
|
|
|
outputs = [ "bin" "dev" "out" "man" ];
|
|
|
|
configureFlags =
|
|
stdenv.lib.optionals linkStatic [ "--enable-static" "--disable-shared" ];
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "High-quality data compression program";
|
|
license = licenses.bsdOriginal;
|
|
platforms = platforms.all;
|
|
maintainers = [];
|
|
};
|
|
}
|