Revert "Revert "bzip2: patch for CVE-2016-3189""

This reverts commit 6393ca650eb9ef5f045905600c4256a0d0bf20b7.
2016-11-30 19:30:52 -05:00 · 2016-11-30 19:30:52 -05:00 · 390f6a985b
commit 390f6a985b
parent ea07ad6bd9
2 changed files with 19 additions and 1 deletions
--- a/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
+++ b/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
@ -0,0 +1,12 @@
+diff --git a/bzip2recover.c b/bzip2recover.c
+index f9de049..252c1b7 100644
+--- a/bzip2recover.c
+++ b/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
+            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
--- a/pkgs/tools/compression/bzip2/default.nix
+++ b/pkgs/tools/compression/bzip2/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl
+{ stdenv, fetchurl, fetchpatch
 , linkStatic ? (stdenv.system == "i686-cygwin")
 }:

@ -20,10 +20,16 @@ stdenv.mkDerivation rec {
    sha256 = "0b5b5p8c7bslc6fslcr1nj9136412v3qcvbg6yxi9argq9g72v8c";
  };

+  patches = [
+    ./CVE-2016-3189.patch
+  ];
+
+
  postPatch = ''
    sed -i -e '/<sys\\stat\.h>/s|\\|/|' bzip2.c
  '';

+
  outputs = [ "bin" "dev" "out" "man" ];

  configureFlags =