libsass: Fix CVE-2018-11693

See https://github.com/sass/libsass/pull/2676 For https://github.com/NixOS/nixpkgs/issues/43846
2018-07-20 17:43:03 +02:00 · 2018-07-20 17:43:03 +02:00 · b5b23b39be
commit b5b23b39be
parent 7981d0ee6f
1 changed files with 10 additions and 2 deletions
--- a/pkgs/development/libraries/libsass/default.nix
+++ b/pkgs/development/libraries/libsass/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoreconfHook }:
+{ stdenv, fetchurl, fetchpatch, autoreconfHook }:

 stdenv.mkDerivation rec {
  name = "libsass-${version}";
@ -9,7 +9,15 @@ stdenv.mkDerivation rec {
    sha256 = "0w47hvzmbdpbjx8j83wn8dwcvglpab8abkszf9xfzrpqvb6wnqaz";
  };

-  patchPhase = ''
+  patches = [
+    # CVE-2018-11693, is in master but no release yet
+    (fetchpatch {
+      url = "https://github.com/sass/libsass/commit/af0e12cdf09d43dbd1fc11e3f64b244277cc1a1e.patch";
+      sha256 = "1y8yvjvvz91lcr1kpq2pw8729xhdgp15mbldcw392pfzdlliwdyl";
+    })
+  ];
+
+  preConfigure = ''
    export LIBSASS_VERSION=${version}
  '';