apr: add patch for CVE-2021-35940

3 years ago · c6c39b5944
parent 0c8415335f
commit c6c39b5944
1 changed files with 10 additions and 2 deletions
--- a/pkgs/development/libraries/apr/default.nix
+++ b/pkgs/development/libraries/apr/default.nix
@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, autoreconfHook }:
+{ lib, stdenv, fetchurl, fetchpatch, autoreconfHook }:

 stdenv.mkDerivation rec {
  pname = "apr";
@ -9,7 +9,15 @@ stdenv.mkDerivation rec {
    sha256 = "1spp6r2a3xcl5yajm9safhzyilsdzgagc2dadif8x6z9nbq4iqg2";
  };

-  patches = lib.optionals stdenv.isDarwin [ ./is-this-a-compiler-bug.patch ];
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-35940.patch";
+      url = "https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch";
+      sha256 = "1qd511dyqa1b7bj89iihrlbaavbzl6yyblqginghmcnhw8adymbs";
+      # convince fetchpatch to restore missing `a/`, `b/` to paths
+      extraPrefix = "";
+    })
+  ] ++ lib.optionals stdenv.isDarwin [ ./is-this-a-compiler-bug.patch ];

  # This test needs the net
  postPatch = ''