Unverified Commit f0fd6ed2 authored by Thomas Gerbet's avatar Thomas Gerbet Committed by GitHub
Browse files

Merge pull request #293035 from risicle/ris-uamqp-CVE-2024-25110-CVE-2024-27099 

python311Packages.uamqp: add patches for CVE-2024-25110 & CVE-2024-27099
parents 39327e4c 5b1f8af2

pkgs/development/python-modules/uamqp/default.nix

+18 −0
Original line number Diff line number Diff line
@@ -2,6 +2,7 @@ 
, stdenv

, buildPythonPackage

, fetchFromGitHub

, fetchpatch

, cython

, certifi

, CFNetwork
@@ -29,6 +30,23 @@ buildPythonPackage rec { 
  patches = lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [

    ./darwin-azure-c-shared-utility-corefoundation.patch

  ] ++ [

    (fetchpatch {

      name = "CVE-2024-25110.patch";

      url = "https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695.patch";

      stripLen = 1;

      extraPrefix = "src/vendor/azure-uamqp-c/";

      hash = "sha256-igzZqTLUUyuNcpCUbYHI4RXmWxg+7EC/yyD4DBurR2M=";

    })

    (fetchpatch {

      name = "CVE-2024-27099.patch";

      url = "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987.patch";

      stripLen = 1;

      extraPrefix = "src/vendor/azure-uamqp-c/";

      # other files are just tests which aren't run from the python

      # builder anyway

      includes = [ "src/vendor/azure-uamqp-c/src/link.c" ];

      hash = "sha256-EqDfG1xAz5CG8MssSSrz8Yrje5qwF8ri1Kdw+UUu5ms=";

    })

    # Fix incompatible function pointer conversion error with clang 16.

    ./clang-fix-incompatible-function-pointer-conversion.patch

  ];