Skip to content

Commit

Permalink
pythonPackages.pyyaml: patch CVE-2020-14343
Browse files Browse the repository at this point in the history 
Apply patch from yaml/pyyaml#472.
  • Loading branch information
@dotlambda
dotlambda committed Mar 7, 2021
1 parent 39c4c97 commit 1f04d4b
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion pkgs/development/python-modules/pyyaml/default.nix
View file
@@ -1,4 +1,4 @@
{ lib, buildPythonPackage, fetchPypi, cython, libyaml, buildPackages }:
{ lib, buildPythonPackage, fetchPypi, fetchpatch, cython, libyaml, buildPackages }:

buildPythonPackage rec {
pname = "PyYAML";
Expand All @@ -9,6 +9,14 @@ buildPythonPackage rec {
sha256 = "0pb4zvkfxfijkpgd1b86xjsqql97ssf1knbd1v53wkg1qm9cgsmq";
};

patches = [
(fetchpatch {
name = "CVE-2020-14343.patch";
url = "https://github.com/yaml/pyyaml/pull/472/commits/7adc0db3f613a82669f2b168edd98379b83adb3c.patch";
sha256 = "0802zjbp84c7bvja60cv9r9d36x143c62rl01mv35s32r5fids2n";
})
];

# force regeneration using Cython
postPatch = ''
rm ext/_yaml.c
Expand Down

0 comments on commit 1f04d4b

Please sign in to comment.