rpm: 4.12.0 -> 4.13.0-rc1 for CVEs

Null pointer deref & out of bound reads. See: https://lwn.net/Vulnerabilities/685287/ Fedora is shipping the rc1 as well. re: #18975
NixOS · Sep 28, 2016 · dad5651 · dad5651
1 parent b5ab13a
commit dad5651
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/pkgs/tools/package-management/rpm/default.nix b/pkgs/tools/package-management/rpm/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, cpio, zlib, bzip2, file, elfutils, libarchive, nspr, nss, popt, db, xz, python, lua, pkgconfig, autoreconfHook }:
 
 stdenv.mkDerivation rec {
-  name = "rpm-4.12.0";
+  name = "rpm-4.13.0-rc1";
 
   src = fetchurl {
-    url = "http://rpm.org/releases/rpm-4.12.x/${name}.tar.bz2";
-    sha256 = "18hk47hc755nslvb7xkq4jb095z7va0nlcyxdpxayc4lmb8mq3bp";
+    url = "http://www.rpm.org/releases/testing/rpm-4.13.0-rc1.tar.bz2";
+    sha256 = "097mc0kkrf09c01hrgi71df7maahmvayfgsvspnxigvl3xysv8hp";
   };
 
   outputs = [ "out" "dev" "man" ];