colin
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #309400 from chuangzhu/curl-impersonate-patch-vulns 

curl-impersonate: patch knownVulnerabilities
This commit is contained in:
Lily Foster 2024-05-08 10:33:48 -04:00 committed by GitHub
parent bd8d932ecd f409d2f9ae
commit 0b76e6184e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkgs/tools/networking/curl-impersonate/default.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, callPackage
, buildGoModule
, installShellFiles
@ -41,6 +42,12 @@ let
# Fix shebangs in the NSS build script
# (can't just patchShebangs since makefile unpacks it)
./curl-impersonate-0.5.2-fix-shebangs.patch
# SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
(fetchpatch {
url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.patch";
hash = "sha256-jFrz4Q+MJGfNmwwzHhThado4c9hTd/+b/bfRsr3FW5k=";
})
];
# Disable blanket -Werror to fix build on `gcc-13` related to minor
@ -159,12 +166,6 @@ let
license = with licenses; [ curl mit ];
maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ];
platforms = platforms.unix;
knownVulnerabilities = [
"CVE-2023-38545" # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
"CVE-2023-32001" # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html
"CVE-2022-43551" # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html
"CVE-2022-42916" # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html
];
};
};
in