dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #130545 from risicle/ris-rsync-CVE-2020-14387

Browse Source
This commit is contained in:
Sandro 2021-07-22 02:52:59 +02:00 committed by GitHub
commit cae8134ccb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkgs/applications/networking/sync/rsync/base.nix
View File

@ -1,4 +1,4 @@
{ lib, fetchurl }: { lib, fetchurl, fetchpatch }:
rec { rec {
version = "3.2.3"; version = "3.2.3";
@ -12,6 +12,13 @@ rec {
url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz";
sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny";
}; };
extraPatches = [
(fetchpatch {
name = "CVE-2020-14387.patch";
url = "https://git.samba.org/?p=rsync.git;a=patch;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd";
sha256 = "000lyx48lns84p53nsdlr45mb9558lrvnsz3yic0y3z6h2izv82x";
})
];
meta = with lib; { meta = with lib; {
description = "Fast incremental file transfer utility"; description = "Fast incremental file transfer utility";

7
pkgs/applications/networking/sync/rsync/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, perl, libiconv, zlib, popt { lib, stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt
, enableACLs ? lib.meta.availableOn stdenv.hostPlatform acl, acl ? null , enableACLs ? lib.meta.availableOn stdenv.hostPlatform acl, acl ? null
, enableLZ4 ? true, lz4 ? null , enableLZ4 ? true, lz4 ? null
, enableOpenSSL ? true, openssl ? null , enableOpenSSL ? true, openssl ? null
@ -15,7 +15,7 @@ assert enableXXHash -> xxHash != null;
assert enableZstd -> zstd != null; assert enableZstd -> zstd != null;
let let
base = import ./base.nix { inherit lib fetchurl; }; base = import ./base.nix { inherit lib fetchurl fetchpatch; };
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "rsync"; pname = "rsync";
@ -26,7 +26,8 @@ stdenv.mkDerivation rec {
patchesSrc = base.upstreamPatchTarball; patchesSrc = base.upstreamPatchTarball;
srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc; srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc;
patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"
++ base.extraPatches;
buildInputs = [libiconv zlib popt] buildInputs = [libiconv zlib popt]
++ lib.optional enableACLs acl ++ lib.optional enableACLs acl

6
pkgs/applications/networking/sync/rsync/rrsync.nix
View File

@ -1,7 +1,7 @@
{ lib, stdenv, fetchurl, perl, rsync }: { lib, stdenv, fetchurl, perl, rsync, fetchpatch }:
let let
base = import ./base.nix { inherit lib fetchurl; }; base = import ./base.nix { inherit lib fetchurl fetchpatch; };
in in
stdenv.mkDerivation { stdenv.mkDerivation {
pname = "rrsync"; pname = "rrsync";
@ -16,6 +16,8 @@ stdenv.mkDerivation {
dontConfigure = true; dontConfigure = true;
dontBuild = true; dontBuild = true;
patches = base.extraPatches;
postPatch = '' postPatch = ''
substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync
''; '';