From 5d3e86447d71bc1e45a3924a968e7e21df2ccc24 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Tue, 31 Aug 2021 19:58:02 +0100 Subject: [PATCH 1/5] fossil: 2.14 -> 2.14.2 --- .../applications/version-management/fossil/default.nix | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/pkgs/applications/version-management/fossil/default.nix b/pkgs/applications/version-management/fossil/default.nix index af2ed175ac8..07be7f16bde 100644 --- a/pkgs/applications/version-management/fossil/default.nix +++ b/pkgs/applications/version-management/fossil/default.nix @@ -15,15 +15,11 @@ stdenv.mkDerivation rec { pname = "fossil"; - version = "2.14"; + version = "2.14.2"; src = fetchurl { - urls = - [ - "https://www.fossil-scm.org/index.html/uv/fossil-src-${version}.tar.gz" - ]; - name = "${pname}-${version}.tar.gz"; - sha256 = "sha256-uNDJIBlt2K4pFS+nRI5ROh+nxYiHG3heP7/Ae0KgX7k="; + url = "https://www.fossil-scm.org/home/tarball/version-${version}/fossil-${version}.tar.gz"; + sha256 = "1611xyy70vwymj1wa8hpanyd903dv9gw07r74vrzi5myn0r8kr7z"; }; nativeBuildInputs = [ installShellFiles tcl ]; From 319068cc94bad06df8d5645aad1bdc57de2eac17 Mon Sep 17 00:00:00 2001 From: Mikael Heino Date: Thu, 2 Sep 2021 13:26:47 +0300 Subject: [PATCH 2/5] ntfs-3g: 2017.3.23 -> 2021.8.22 New version has important security fixes. (cherry picked from commit 0c35c72ed4d85da1fa3f953aa2882716bb8d6332) --- pkgs/tools/filesystems/ntfs-3g/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/filesystems/ntfs-3g/default.nix b/pkgs/tools/filesystems/ntfs-3g/default.nix index 89ef27827a1..cc46161a3d8 100644 --- a/pkgs/tools/filesystems/ntfs-3g/default.nix +++ b/pkgs/tools/filesystems/ntfs-3g/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { pname = "ntfs3g"; - version = "2017.3.23"; + version = "2021.8.22"; outputs = [ "out" "dev" "man" "doc" ]; @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://tuxera.com/opensource/ntfs-3g_ntfsprogs-${version}.tgz"; - sha256 = "1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy"; + sha256 = "55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"; }; patchPhase = '' From 6647b720f7fda32f9eaa5f6ce83e84731b908ee8 Mon Sep 17 00:00:00 2001 From: Mikael Heino Date: Thu, 2 Sep 2021 13:27:51 +0300 Subject: [PATCH 3/5] ntfs-3g: update homepage (cherry picked from commit 7ca49a701a7b6a9b90738af132f6b57e4160facd) --- pkgs/tools/filesystems/ntfs-3g/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/filesystems/ntfs-3g/default.nix b/pkgs/tools/filesystems/ntfs-3g/default.nix index cc46161a3d8..de110f61dd8 100644 --- a/pkgs/tools/filesystems/ntfs-3g/default.nix +++ b/pkgs/tools/filesystems/ntfs-3g/default.nix @@ -43,7 +43,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "https://www.tuxera.com/community/open-source-ntfs-3g/"; + homepage = "https://github.com/tuxera/ntfs-3g"; description = "FUSE-based NTFS driver with full write support"; maintainers = with maintainers; [ dezgeg ]; platforms = with platforms; darwin ++ linux; From 67cacbf02e02315004f43ede8afca802160d684b Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 4 Sep 2021 22:00:18 +0100 Subject: [PATCH 4/5] inetutils: add patch for CVE-2021-40491 --- pkgs/tools/networking/inetutils/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/networking/inetutils/default.nix b/pkgs/tools/networking/inetutils/default.nix index 285031aaca5..317be059d6a 100644 --- a/pkgs/tools/networking/inetutils/default.nix +++ b/pkgs/tools/networking/inetutils/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, ncurses, perl, help2man +{ stdenv, lib, fetchurl, fetchpatch, ncurses, perl, help2man , apparmorRulesFromClosure }: @@ -13,6 +13,12 @@ stdenv.mkDerivation rec { outputs = ["out" "apparmor"]; patches = [ + (fetchpatch { + name = "CVE-2021-40491.patch"; + url = "https://git.savannah.gnu.org/cgit/inetutils.git/patch/?id=58cb043b190fd04effdaea7c9403416b436e50dd"; + excludes = [ "NEWS" ]; + sha256 = "0001ij7493x14f05zfjk11x1x0363sbbxh08nnfv226pmbaxzbkn"; + }) ./whois-Update-Canadian-TLD-server.patch ./service-name.patch # https://git.congatec.com/yocto/meta-openembedded/commit/3402bfac6b595c622e4590a8ff5eaaa854e2a2a3 From 66fad9ba442fc4f9992274c7451253633d7856c3 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 1 Sep 2021 12:11:44 +0200 Subject: [PATCH 5/5] fig2dev: 3.2.8a -> 3.2.8b This appears to fix a serie of buffer overflow. https://sourceforge.net/p/mcj/fig2dev/ci/8f11139e53174e90e5132cc7633327ae92b65322/ (cherry picked from commit 4cacbf474659a9bb5af4ad8a8474f2dfda2067cf) --- pkgs/applications/graphics/fig2dev/default.nix | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/pkgs/applications/graphics/fig2dev/default.nix b/pkgs/applications/graphics/fig2dev/default.nix index 31d14185dcd..8fa85803bfd 100644 --- a/pkgs/applications/graphics/fig2dev/default.nix +++ b/pkgs/applications/graphics/fig2dev/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , ghostscript , libpng , makeWrapper @@ -14,22 +13,13 @@ stdenv.mkDerivation rec { pname = "fig2dev"; - version = "3.2.8a"; + version = "3.2.8b"; src = fetchurl { url = "mirror://sourceforge/mcj/fig2dev-${version}.tar.xz"; - sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3"; + sha256 = "1jv8rg71dsy00lpg434r5zqs5qrg8mxqvv2gpcjjvmzsm551d2j1"; }; - patches = [ - (fetchpatch { - name = "CVE-2021-3561.patch"; - # Using Debian patch since it is not possible to download it directly from Sourceforge - url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch"; - sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs"; - }) - ]; - nativeBuildInputs = [ makeWrapper ]; buildInputs = [ libpng ];