diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-08-01 08:48:46 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-08-01 10:26:19 +0200 |
commit | 4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b (patch) | |
tree | 44c016612efc469951af3958dd3c7391ac06b412 /pkgs/os-specific/linux/ipsec-tools/default.nix | |
parent | 903d9daf0faa205d43dd75ea42ce8b05f2f7e565 (diff) | |
download | nixpkgs-4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b.tar nixpkgs-4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b.tar.gz nixpkgs-4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b.tar.bz2 nixpkgs-4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b.tar.lz nixpkgs-4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b.tar.xz nixpkgs-4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b.tar.zst nixpkgs-4afb3f4ade6f7811f8ef762b5c7ae24c6e4b4d9b.zip |
ipsecTools: add patch to fix CVE-2016-10396
Diffstat (limited to 'pkgs/os-specific/linux/ipsec-tools/default.nix')
-rw-r--r-- | pkgs/os-specific/linux/ipsec-tools/default.nix | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/pkgs/os-specific/linux/ipsec-tools/default.nix b/pkgs/os-specific/linux/ipsec-tools/default.nix index 466ecb1efee..30bd51473b5 100644 --- a/pkgs/os-specific/linux/ipsec-tools/default.nix +++ b/pkgs/os-specific/linux/ipsec-tools/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, linuxHeaders, readline, openssl, flex, kerberos, pam }: +{ stdenv, fetchurl, fetchpatch, linuxHeaders, readline, openssl, flex, kerberos, pam }: # TODO: These tools are supposed to work under NetBSD and FreeBSD as # well, so I guess it's not appropriate to place this expression in @@ -16,8 +16,14 @@ stdenv.mkDerivation rec { buildInputs = [ readline openssl flex kerberos pam ]; - patches = [ ./dont-create-localstatedir-during-install.patch - ./CVE-2015-4047.patch ]; + patches = [ + ./dont-create-localstatedir-during-install.patch + ./CVE-2015-4047.patch + (fetchpatch { + url = "https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b"; + sha256 = "1kf7j2pf1blni52z7q41n0yisqb7gvk01lvldr319zaxxg7rm84a"; + }) + ]; # fix build with newer gcc versions preConfigure = ''substituteInPlace configure --replace "-Werror" "" ''; |