b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

screen: patch CVE-2015-6806

Browse source 
Fixes a possible denial of service of the screen tool. Patch sourced
from upstream GIT repository.
This commit is contained in:
Robert Helgesson 2015-12-10 23:09:31 +01:00
parent b398371e80
commit c4ab553c92
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pkgs/tools/misc/screen/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, ncurses, pam ? null }:
{ stdenv, fetchurl, fetchpatch, ncurses, pam ? null }:
stdenv.mkDerivation rec {
name = "screen-4.3.1";
@ -13,8 +13,15 @@ stdenv.mkDerivation rec {
sed -i -e "s|/usr/local|/non-existent|g" -e "s|/usr|/non-existent|g" configure Makefile.in */Makefile.in
'';
# TODO: remove when updating the version of screen. Only a patch for 4.3.1
patches = stdenv.lib.optional stdenv.isDarwin (fetchurl {
# TODO: remove when updating the version of screen. Only patches for 4.3.1
patches = [
(fetchpatch {
name = "CVE-2015-6806.patch";
stripLen = 1;
url = "http://git.savannah.gnu.org/cgit/screen.git/patch/?id=b7484c224738247b510ed0d268cd577076958f1b";
sha256 = "160zhpzi80qkvwib78jdvx4jcm2c2h59q5ap7hgnbz4xbkb3k37l";
})
] ++ stdenv.lib.optional stdenv.isDarwin (fetchurl {
url = "http://savannah.gnu.org/file/screen-utmp.patch\?file_id=34815";
sha256 = "192dsa8hm1zw8m638avzhwhnrddgizhyrwaxgwa96zr9vwai2nvc";
});