treewide: add CVE identifiers to patches

This allows tools like broken.sh to correctly identify the patched status.
2020-05-06 23:18:09 +02:00
parent f46cbbc540
commit e24f5eab66
12 changed files with 32 additions and 21 deletions
--- a/pkgs/tools/filesystems/fuseiso/default.nix
+++ b/pkgs/tools/filesystems/fuseiso/default.nix
@@ -9,27 +9,27 @@ stdenv.mkDerivation rec {
    sha256 = "127xql52dcdhmh7s5m9xc6q39jdlj3zhbjar1j821kb6gl3jw94b";
  };

-  patches = map (p:
-    fetchpatch {
-      inherit (p) name sha256;
-      url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/${p.name}";
-    }) [
-    {
+  patches = [
+    (fetchpatch {
      name = "00-support_large_iso.patch";
+      url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/00-support_large_iso.patch";
      sha256 = "1lmclb1qwzz5f4wlq693g83bblwnjjl73qhgfxbsaac5hnn2shjw";
-    }
-    {
+    })
+    (fetchpatch {
      name = "01-fix_typo.patch";
+      url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/01-fix_typo.patch";
      sha256 = "14rpxp0yylzsgqv0r19l4wx1h5hvqp617gpv1yg0w48amr9drasa";
-    }
-    { # CVE-2015-8837
-      name = "02-prevent-buffer-overflow.patch";
+    })
+    (fetchpatch {
+      name = "02-prevent-buffer-overflow_CVE-2015-8837.patch";
+      url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/02-prevent-buffer-overflow.patch";
      sha256 = "1ls2pp3mh91pdb51qz1fsd8pwhbky6988bpd156bn7wgfxqzh8ig";
-    }
-    { # CVE-2015-8836
-      name = "03-prevent-integer-overflow.patch";
+    })
+    (fetchpatch {
+      name = "03-prevent-integer-overflow_CVE-2015-8836.patch";
+      url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/03-prevent-integer-overflow.patch";
      sha256 = "100cw07fk4sa3hl7a1gk2hgz4qsxdw99y20r7wpidwwwzy463zcv";
-    }
+    })
  ];

  nativeBuildInputs = [ autoreconfHook pkgconfig ];