swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 04:19:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #288858 from LeSuisse/composer-CVE-2024-24821

Browse source 
phpPackages.composer: apply patch for CVE-2024-24821
This commit is contained in:
Pol Dellaiera 2024-02-14 22:16:09 +01:00 committed by GitHub
parent f7e8132dac 2ed28e8f2d
commit eba1ed6580
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
pkgs/development/php-packages/composer/default.nix
View file

@ -1,4 +1,4 @@
{ lib, callPackage, fetchFromGitHub, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }:
{ lib, callPackage, fetchFromGitHub, fetchpatch, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }:
php.buildComposerProject (finalAttrs: {
# Hash used by ../../../build-support/php/pkgs/composer-phar.nix to
@ -22,6 +22,18 @@ php.buildComposerProject (finalAttrs: {
hash = "sha256-KsTZi7dSlQcAxoen9rpofbptVdLYhK+bZeDSXQY7o5M=";
};
patches = [
(fetchpatch {
name = "CVE-2024-24821.patch";
url = "https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7.patch";
hash = "sha256-Q7gkPLf59+p++DpfJZeOrAOiWePuGkdGYRaS/rK+Nv4=";
excludes = [
# Skipping test files, they are not included in the source tarball
"tests/*"
];
})
];
nativeBuildInputs = [ makeBinaryWrapper ];
postInstall = ''