Skip to content

Commit

Permalink
minizip: apply patch for CVE-2023-45853
Browse files Browse the repository at this point in the history 
Upstream PR: madler/zlib#843
  • Loading branch information
@LeSuisse
LeSuisse committed Oct 22, 2023
1 parent 6b4e457 commit 282d9cd
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion pkgs/development/libraries/minizip/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,19 @@
{ lib, stdenv, zlib, autoreconfHook }:
{ lib, stdenv, zlib, autoreconfHook, fetchpatch }:

stdenv.mkDerivation {
pname = "minizip";
inherit (zlib) src version;

patches = [
(fetchpatch {
name = "CVE-2023-45853.patch";
url = "https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patch";
hash = "sha256-yayfe1g9HsvgMN28WF/MYkH7dGMX4PsK53FcnfL3InM=";
})
];

patchFlags = [ "-p3" ];

nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ zlib ];

Expand Down

2 comments on commit 282d9cd

@Neustradamus
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Linked to:

@nixos-discourse
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/fixing-zlib-cve-2023-45853-in-a-nix-fied-java-app-docker-container/51949/2

Please sign in to comment.