public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

icu: patch for multiple CVEs

Browse Source 
- CVE-2014-6585
 - CVE-2015-4760
 - CVE-2016-0494
 - CVE-2016-6293
 - CVE-2016-7415
This commit is contained in:
Graham Christensen 2016-11-30 19:05:52 -05:00
parent 9c71508c95
commit 892a9b1f0f
No known key found for this signature in database
GPG Key ID: ACA1C1D120C83D5C
2 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkgs/development/libraries/icu/54.1.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchurl, fixDarwinDylibNames }: { stdenv, fetchurl, fetchpatch, fixDarwinDylibNames }:
let let
icu = import ./default.nix { inherit stdenv fetchurl fixDarwinDylibNames; }; icu = import ./default.nix { inherit stdenv fetchurl fetchpatch fixDarwinDylibNames; };
in in
stdenv.lib.overrideDerivation icu (attrs: { stdenv.lib.overrideDerivation icu (attrs: {
src = fetchurl { src = fetchurl {
@ -9,4 +9,3 @@ in
sha256 = "1cwapgjmvrcv1n2wjspj3vahidg596gjfp4jn1gcb4baralcjayl"; sha256 = "1cwapgjmvrcv1n2wjspj3vahidg596gjfp4jn1gcb4baralcjayl";
}; };
}) })

34
pkgs/development/libraries/icu/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, fixDarwinDylibNames }: { stdenv, fetchurl, fetchpatch, fixDarwinDylibNames }:
let let
pname = "icu4c"; pname = "icu4c";
@ -25,6 +25,38 @@ stdenv.mkDerivation ({
echo Source root reset to ''${sourceRoot} echo Source root reset to ''${sourceRoot}
''; '';
# This pre/postPatch shenanigans is to handle that the patches expect
# to be outside of `source`.
prePatch = ''
pushd ..
'';
postPatch = ''
popd
'';
patches = [
(fetchpatch {
url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2014-6585.patch";
sha256 = "1s8kqax444pqf5chwxvgsx1n1dx7v74h34fqh08fyq57mcjnpj4d";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2015-4760.patch";
sha256 = "08gawyqbylk28i9pxv9vsw2drdpd6i97q0aml4nmv2xyb1ala0wp";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2016-0494.patch";
sha256 = "1741s8lpmnizjprzk3xb7zkm5fznzgk8hhlrs8a338c18nalvxay";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2016-6293.patch";
sha256 = "01h4xcss1vmsr60ijkv4lxsgvspwimyss61zp9nq4xd5i3kk1f4b";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/i/icu/57.1-5/debian/patches/CVE-2016-7415.patch";
sha256 = "01d070h8d7rkj55ac8isr64m999bv5znc8vnxa7aajglsfidzs2r";
})
];
preConfigure = '' preConfigure = ''
sed -i -e "s|/bin/sh|${stdenv.shell}|" configure sed -i -e "s|/bin/sh|${stdenv.shell}|" configure
''; '';