From e6aded5aab0845eeda5eba44f88676ae1e740336 Mon Sep 17 00:00:00 2001 From: Masanori Ogino <167209+omasanori@users.noreply.github.com> Date: Fri, 26 Feb 2021 03:55:21 +0900 Subject: [PATCH] re2c: fix CVE-2018-21232 It backports patches from 2.0 series to fix CVE-2018-21232. References: https://github.com/NixOS/nixpkgs/issues/88391 https://www.openwall.com/lists/oss-security/2020/04/27/2 https://github.com/skvadrik/re2c/issues/219 Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com> (cherry picked from commit 5854bf0834009c12f238f569500c0132f74b2abf) --- .../tools/parsing/re2c/default.nix | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/pkgs/development/tools/parsing/re2c/default.nix b/pkgs/development/tools/parsing/re2c/default.nix index 482beeff12219d..f11153ec6df13e 100644 --- a/pkgs/development/tools/parsing/re2c/default.nix +++ b/pkgs/development/tools/parsing/re2c/default.nix @@ -12,6 +12,30 @@ stdenv.mkDerivation rec { }; patches = [ + (fetchpatch { + name = "CVE-2018-21232-part1.patch"; + url = "https://github.com/skvadrik/re2c/commit/fd634998f813340768c333cdad638498602856e5.patch"; + sha256 = "1blyg5lyhqd4ymisih65xl0g36ig71ijia4skkkd59rdvj78aiw6"; + }) + + (fetchpatch { + name = "CVE-2018-21232-part2.patch"; + url = "https://github.com/skvadrik/re2c/commit/7b5643476bd99c994c4f51b8143f942982d85521.patch"; + sha256 = "0rhmgqrinpk49r9x75ygrs14lz72aw5ad5kr6qp9bdyl8gs082qp"; + }) + + (fetchpatch { + name = "CVE-2018-21232-part3.patch"; + url = "https://github.com/skvadrik/re2c/commit/4d9c809355b574f2a58eac119f5e076c48e4d1e2.patch"; + sha256 = "0k86wg9icw1gkqpf7rq2w6xsq4caxw3rc0zfxf39liwa35027rai"; + }) + + (fetchpatch { + name = "CVE-2018-21232-part4.patch"; + url = "https://github.com/skvadrik/re2c/commit/89be91f3df00657261870adbc590209fdb2bc405.patch"; + sha256 = "1aygy9va7jwby93chlskwg7z90fn07x5hym0gziwlkx8k900p3a3"; + }) + (fetchpatch { name = "CVE-2020-11958.patch"; url = "https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a.patch";