a2ps: fix CVE-2001-1593 & CVE-2014-0466

8 years ago · c39195d699
parent e8cc095b70
commit c39195d699
1 changed files with 18 additions and 4 deletions
--- a/pkgs/tools/text/a2ps/default.nix
+++ b/pkgs/tools/text/a2ps/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libpaper, gperf, file }:
+{ stdenv, fetchurl, fetchpatch, libpaper, gperf, file, perl }:

 stdenv.mkDerivation rec {
  name = "a2ps-4.14";
@ -7,14 +7,28 @@ stdenv.mkDerivation rec {
    sha256 = "195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk";
  };

+  patches = [
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/a/a2ps/1:4.14-1.3/debian/patches/09_CVE-2001-1593.diff";
+      sha256 = "1hrfmvb21zlklmg2fqikgywhqgc4qnvbhx517w87faafrhzhlnh0";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/a/a2ps/1:4.14-1.3/debian/patches/CVE-2014-0466.diff";
+      sha256 = "0grqqsc3m45niac56m19m5gx7gc0m8zvia5iman1l4rlq31shf8s";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/a/a2ps/1:4.14-1.3/debian/patches/fix-format-security.diff";
+      sha256 = "0pq7zl41gf2kc6ahwyjnzn93vbxb4jc2c5g8j20isp4vw6dqrnwv";
+    })
+  ];
+
  postPatch = ''
    substituteInPlace afm/make_fonts_map.sh --replace "/bin/rm" "rm"
    substituteInPlace tests/defs.in --replace "/bin/rm" "rm"
  '';

-  buildInputs = [ libpaper gperf file ];
-
-  hardeningDisable = [ "format" ];
+  nativeBuildInputs = [ file perl ];
+  buildInputs = [ libpaper gperf ];

  meta = with stdenv.lib; {
    description = "An Anything to PostScript converter and pretty-printer";