re2c: fix CVE-2018-21232

It backports patches from 2.0 series to fix CVE-2018-21232. References: NixOS#88391 https://www.openwall.com/lists/oss-security/2020/04/27/2 skvadrik/re2c#219 Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com> (cherry picked from commit 5854bf0)
dotlambda · Mar 6, 2021 · e6aded5 · e6aded5
1 parent 1801b25
commit e6aded5
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/pkgs/development/tools/parsing/re2c/default.nix b/pkgs/development/tools/parsing/re2c/default.nix
@@ -12,6 +12,30 @@ stdenv.mkDerivation rec {
   };
 
   patches = [
+    (fetchpatch {
+      name = "CVE-2018-21232-part1.patch";
+      url = "https://github.com/skvadrik/re2c/commit/fd634998f813340768c333cdad638498602856e5.patch";
+      sha256 = "1blyg5lyhqd4ymisih65xl0g36ig71ijia4skkkd59rdvj78aiw6";
+    })
+
+    (fetchpatch {
+      name = "CVE-2018-21232-part2.patch";
+      url = "https://github.com/skvadrik/re2c/commit/7b5643476bd99c994c4f51b8143f942982d85521.patch";
+      sha256 = "0rhmgqrinpk49r9x75ygrs14lz72aw5ad5kr6qp9bdyl8gs082qp";
+    })
+
+    (fetchpatch {
+      name = "CVE-2018-21232-part3.patch";
+      url = "https://github.com/skvadrik/re2c/commit/4d9c809355b574f2a58eac119f5e076c48e4d1e2.patch";
+      sha256 = "0k86wg9icw1gkqpf7rq2w6xsq4caxw3rc0zfxf39liwa35027rai";
+    })
+
+    (fetchpatch {
+      name = "CVE-2018-21232-part4.patch";
+      url = "https://github.com/skvadrik/re2c/commit/89be91f3df00657261870adbc590209fdb2bc405.patch";
+      sha256 = "1aygy9va7jwby93chlskwg7z90fn07x5hym0gziwlkx8k900p3a3";
+    })
+
     (fetchpatch {
       name = "CVE-2020-11958.patch";
       url = "https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a.patch";