Merge security fixes adapted from #31437

2017-11-11 13:33:25 +01:00
parent 57f5e2aa76 17fae2499a
commit cbfb586151
9 changed files with 64 additions and 19 deletions
--- a/pkgs/tools/backup/partclone/default.nix
+++ b/pkgs/tools/backup/partclone/default.nix
@@ -4,13 +4,13 @@

 stdenv.mkDerivation rec {
  name = "partclone-${version}";
-  version = "0.2.89";
+  version = "0.3.11";

  src = fetchFromGitHub {
    owner = "Thomas-Tsai";
    repo = "partclone";
    rev = version;
-    sha256 = "0gw47pchqshhm00yf34qgxh6bh2jfryv0sm7ghwn77bv5gzwr481";
+    sha256 = "0bv15i0gxym4dv48rgaavh8p94waryn1l6viis6qh5zm9cd08skg";
  };

  nativeBuildInputs = [ autoreconfHook pkgconfig ];
--- a/pkgs/tools/compression/rzip/default.nix
+++ b/pkgs/tools/compression/rzip/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, bzip2}:
+{stdenv, fetchurl, fetchpatch, bzip2}:

 stdenv.mkDerivation {
  name = "rzip-2.1";
@@ -8,6 +8,14 @@ stdenv.mkDerivation {
  };
  buildInputs = [ bzip2 ];

+  patches = [
+    (fetchpatch {
+      name = "CVE-2017-8364-fill-buffer.patch";
+      url = https://sources.debian.net/data/main/r/rzip/2.1-4.1/debian/patches/80-CVE-2017-8364-fill-buffer.patch;
+      sha256 = "0jcjlx9ksdvxvjyxmyzscx9ar9992iy5icw0sc3n0p09qi4d6x1r";
+    })
+  ];
+
  meta = {
    homepage = http://rzip.samba.org/;
    description = "Compression program";
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -5,14 +5,14 @@
 }:

 stdenv.mkDerivation rec {
-  version = "3.6.0";
+  version = "3.6.3";
  name = "yara-${version}";

  src = fetchFromGitHub {
    owner = "VirusTotal";
    repo = "yara";
    rev = "v${version}";
-    sha256 = "05nadqpvihdyxym11mn6n02rzv2ng8ga7j9l0g5gnjx366gcai42";
+    sha256 = "13znbdwin9lvql43wpms5hh13h8rk5x5wajgmphz18rxwp8h7j78";
  };

  # FIXME: this is probably not the right way to make it work