From b28f663543e73d26b8ba87685fc080885c97208f Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Thu, 22 Jan 2026 00:39:49 +0100 Subject: [PATCH] inetutils: 2.6 -> 2.7, apply patches for CVE-2026-24061 https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html 2.7 release also seems to include another security fix: > syslogd: Fix a stack-based buffer overflow (CWE-121). Changes: https://codeberg.org/inetutils/inetutils/src/tag/v2.7/NEWS.md --- pkgs/by-name/in/inetutils/package.nix | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/in/inetutils/package.nix b/pkgs/by-name/in/inetutils/package.nix index ef53a01702c9a..4fcc9c952c69a 100644 --- a/pkgs/by-name/in/inetutils/package.nix +++ b/pkgs/by-name/in/inetutils/package.nix @@ -2,6 +2,7 @@ stdenv, lib, fetchurl, + fetchpatch, ncurses, perl, help2man, @@ -12,11 +13,11 @@ stdenv.mkDerivation rec { pname = "inetutils"; - version = "2.6"; + version = "2.7"; src = fetchurl { - url = "mirror://gnu/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-aL7b/q9z99hr4qfZm8+9QJPYKfUncIk5Ga4XTAsjV8o="; + url = "mirror://gnu/${pname}/${pname}-${version}.tar.gz"; + hash = "sha256-oVa+HN48XA/+/CYhgNk2mmBIQIeQeqVUxieH0vQOwIY="; }; outputs = [ @@ -29,6 +30,17 @@ stdenv.mkDerivation rec { ./inetutils-1_9-PATH_PROCNET_DEV.patch ./tests-libls.sh.patch + + (fetchpatch { + name = "CVE-2026-24061_1.patch"; + url = "https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b.patch"; + hash = "sha256-d/FdQyLD0gYr+erFqKDr8Okf04DFXknFaN03ls2aonQ="; + }) + (fetchpatch { + name = "CVE-2026-24061_2.patch"; + url = "https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc.patch"; + hash = "sha256-ws+ed5vb7kVMHEbqK7yj6FUT355pTv2RZEYuXs5M7Io="; + }) ]; strictDeps = true;