Merge pull request #104385 from mweinelt/musl

musl: patch CVE-2020-28928
author: Andreas Rammhold <andreas@rammhold.de> 2020-11-30 16:32:12 +0100
committer: GitHub <noreply@github.com> 2020-11-30 16:32:12 +0100
commit: 13481f2a56eef5cddc5397349e22ff9bee39c8ab (patch)
tree: 57c14bfb475b59644b96eeaadccae8048d6accdf /pkgs/os-specific/linux
parent: 76587f2c1a32a5f364ca922b387e023043ede150 (diff)
parent: 138abad75727b7cdb364cdc15a50beaeeb6f824c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/musl/default.nix b/pkgs/os-specific/linux/musl/default.nix
index 67d08454a844..acc9fff5b482 100644
--- a/pkgs/os-specific/linux/musl/default.nix
+++ b/pkgs/os-specific/linux/musl/default.nix
@@ -62,6 +62,12 @@ stdenv.mkDerivation rec {
       url = "https://raw.githubusercontent.com/openwrt/openwrt/87606e25afac6776d1bbc67ed284434ec5a832b4/toolchain/musl/patches/300-relative.patch";
       sha256 = "0hfadrycb60sm6hb6by4ycgaqc9sgrhh42k39v8xpmcvdzxrsq2n";
     })
+    # wcsnrtombs destination buffer overflow, remove >= 1.2.2
+    (fetchurl {
+      name = "CVE-2020-28928.patch";
+      url = "https://www.openwall.com/lists/oss-security/2020/11/20/4/1";
+      sha256 = "077n2p165504nz9di6n8y5421591r3lsbcxgih8z26l6mvkhcs2h";
+    })
   ];
   CFLAGS = [ "-fstack-protector-strong" ]
     ++ lib.optional stdenv.hostPlatform.isPower "-mlong-double-64";
author	Andreas Rammhold <andreas@rammhold.de>	2020-11-30 16:32:12 +0100
committer	GitHub <noreply@github.com>	2020-11-30 16:32:12 +0100
commit	13481f2a56eef5cddc5397349e22ff9bee39c8ab (patch)
tree	57c14bfb475b59644b96eeaadccae8048d6accdf /pkgs/os-specific/linux
parent	76587f2c1a32a5f364ca922b387e023043ede150 (diff)
parent	138abad75727b7cdb364cdc15a50beaeeb6f824c (diff)