Merge pull request #58997 from ctheune/gettext-security-update

gettext: apply patch for CVE 2018-18751
This commit is contained in:
Andreas Rammhold 2019-04-05 18:11:14 +00:00 committed by GitHub
commit f93e176475
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 55 additions and 3 deletions

View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchurl, libiconv, xz }:
{ stdenv, lib, fetchurl, libiconv, xz, bison, automake115x, autoconf }:
stdenv.mkDerivation rec {
name = "gettext-${version}";
@ -8,7 +8,14 @@ stdenv.mkDerivation rec {
url = "mirror://gnu/gettext/${name}.tar.gz";
sha256 = "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z";
};
patches = [ ./absolute-paths.diff ];
patches = [
./absolute-paths.diff
(fetchurl {
name = "CVE-2018-18751.patch";
url = "https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=patch;h=dce3a16e5e9368245735e29bf498dcd5e3e474a4";
sha256 = "1lpjwwcjr1sb879faj0xyzw02kma0ivab6xwn3qciy13qy6fq5xn";
})
];
outputs = [ "out" "man" "doc" "info" ];
@ -40,7 +47,7 @@ stdenv.mkDerivation rec {
sed -i -e "s/\(libgettextsrc_la_LDFLAGS = \)/\\1..\/gnulib-lib\/libxml_rpl.la /" gettext-tools/src/Makefile.in
'';
nativeBuildInputs = [ xz xz.bin ];
nativeBuildInputs = [ xz xz.bin bison automake115x autoconf];
# HACK, see #10874 (and 14664)
buildInputs = stdenv.lib.optional (!stdenv.isLinux && !stdenv.hostPlatform.isCygwin) libiconv;

View File

@ -0,0 +1,43 @@
{ stdenv, fetchurl, perl, autoconf }:
stdenv.mkDerivation rec {
name = "automake-1.15";
src = fetchurl {
url = "mirror://gnu/automake/${name}.tar.xz";
sha256 = "0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r";
};
nativeBuildInputs = [ autoconf perl ];
buildInputs = [ autoconf ];
setupHook = ./setup-hook.sh;
# Disable indented log output from Make, otherwise "make.test" will
# fail.
preCheck = "unset NIX_INDENT_MAKE";
doCheck = false; # takes _a lot_ of time, fails 3 out of 2698 tests, all seem to be related to paths
doInstallCheck = false; # runs the same thing, fails the same tests
# The test suite can run in parallel.
enableParallelBuilding = true;
# Don't fixup "#! /bin/sh" in Libtool, otherwise it will use the
# "fixed" path in generated files!
dontPatchShebangs = true;
meta = {
branch = "1.15";
homepage = https://www.gnu.org/software/automake/;
description = "GNU standard-compliant makefile generator";
license = stdenv.lib.licenses.gpl2Plus;
longDescription = ''
GNU Automake is a tool for automatically generating
`Makefile.in' files compliant with the GNU Coding
Standards. Automake requires the use of Autoconf.
'';
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -8519,6 +8519,8 @@ in
automake111x = callPackage ../development/tools/misc/automake/automake-1.11.x.nix { };
automake115x = callPackage ../development/tools/misc/automake/automake-1.15.x.nix { };
automake116x = callPackage ../development/tools/misc/automake/automake-1.16.x.nix { };
automoc4 = callPackage ../development/tools/misc/automoc4 { };