colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

curl-impersonate: patch knownVulnerabilities

Browse Source 
* SOCKS5 heap buffer overflow -
  https://curl.se/docs/CVE-2023-38545.html: Patched
* fopen TOCTOU race condition -
  https://curl.se/docs/CVE-2023-32001.html: Retracted
* HSTS bypass - https://curl.se/docs/CVE-2022-43551.html: Not affected in curl >= 7.87.0
* HSTS bypass - https://curl.se/docs/CVE-2022-42916.html: Not affected in curl >= 7.86.0
This commit is contained in:
Chuang Zhu 2024-05-06 07:31:39 +08:00
parent a05b336245
commit f409d2f9ae
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkgs/tools/networking/curl-impersonate/default.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, callPackage
, buildGoModule
, installShellFiles
@ -41,6 +42,12 @@ let
# Fix shebangs in the NSS build script
# (can't just patchShebangs since makefile unpacks it)
./curl-impersonate-0.5.2-fix-shebangs.patch
# SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
(fetchpatch {
url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.patch";
hash = "sha256-jFrz4Q+MJGfNmwwzHhThado4c9hTd/+b/bfRsr3FW5k=";
})
];
# Disable blanket -Werror to fix build on `gcc-13` related to minor
@ -159,12 +166,6 @@ let
license = with licenses; [ curl mit ];
maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ];
platforms = platforms.unix;
knownVulnerabilities = [
"CVE-2023-38545" # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
"CVE-2023-32001" # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html
"CVE-2022-43551" # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html
"CVE-2022-42916" # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html
];
};
};
in