diff options
| author | Robert Scott <code@humanleg.org.uk> | 2021-05-31 16:09:50 +0100 |
|---|---|---|
| committer | Robert Scott <code@humanleg.org.uk> | 2021-06-09 19:57:36 +0100 |
| commit | a1446cc63db75aadf0bb1bb156b706d395163e06 (patch) | |
| tree | a0325dc461dd1d18e5e56ad8d7ba2ac7789df956 | |
| parent | Merge pull request #125385 from mweinelt/21.05/lasso (diff) | |
| download | nixpkgs-a1446cc63db75aadf0bb1bb156b706d395163e06.tar.gz | |
python3Packages.websockets: add patch for CVE-2021-33880
this is a reintroduction of CVE-2018-1000518 which i had been calling
CVE-2018-1000518-redux before it got its own CVE assigned
(cherry picked from commit aba83e7f878d6c48e781a3934a79f98b072bb659)
(yes, a forward cherry-pick because i fully expected the websockets
9.1 to make it into 21.05)
| -rw-r--r-- | pkgs/development/python-modules/websockets/default.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkgs/development/python-modules/websockets/default.nix b/pkgs/development/python-modules/websockets/default.nix index eeb12bd5b75b..c979b97be695 100644 --- a/pkgs/development/python-modules/websockets/default.nix +++ b/pkgs/development/python-modules/websockets/default.nix @@ -1,5 +1,6 @@ { lib , fetchFromGitHub +, fetchpatch , buildPythonPackage , pythonOlder , pytest @@ -17,6 +18,15 @@ buildPythonPackage rec { sha256 = "05jbqcbjg50ydwl0fijhdlqcq7fl6v99kjva66kmmzzza7vwa872"; }; + patches = [ + (fetchpatch { + name = "CVE-2021-33880.patch"; + url = "https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0.patch"; + excludes = [ "docs/changelog.rst" ]; + sha256 = "1wgsvza53ga8ldrylb3rqc17yxcrchwsihbq6i6ldpycq83q5akq"; + }) + ]; + disabled = pythonOlder "3.3"; # Tests fail on Darwin with `OSError: AF_UNIX path too long` |