Merge pull request #138171 from NixOS/backport-136194-to-release-21.05

[Backport release-21.05] apr: add patch for CVE-2021-35940
2021-09-16 21:06:57 +01:00 · 2021-09-16 21:06:57 +01:00 · 6ffcbaf54d
commit 6ffcbaf54d
parent b9e98053fe ef698f793f
1 changed files with 10 additions and 2 deletions
--- a/pkgs/development/libraries/apr/default.nix
+++ b/pkgs/development/libraries/apr/default.nix
@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, autoreconfHook }:
+{ lib, stdenv, fetchurl, fetchpatch, autoreconfHook }:

 stdenv.mkDerivation rec {
  name = "apr-1.7.0";
@ -8,7 +8,15 @@ stdenv.mkDerivation rec {
    sha256 = "1spp6r2a3xcl5yajm9safhzyilsdzgagc2dadif8x6z9nbq4iqg2";
  };

-  patches = lib.optionals stdenv.isDarwin [ ./is-this-a-compiler-bug.patch ];
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-35940.patch";
+      url = "https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch";
+      sha256 = "1qd511dyqa1b7bj89iihrlbaavbzl6yyblqginghmcnhw8adymbs";
+      # convince fetchpatch to restore missing `a/`, `b/` to paths
+      extraPrefix = "";
+    })
+  ] ++ lib.optionals stdenv.isDarwin [ ./is-this-a-compiler-bug.patch ];

  # This test needs the net
  postPatch = ''