diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-09-05 13:07:11 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-09-05 13:10:13 +0200 |
commit | a46f2062718851ce93baab060149b896ef33c132 (patch) | |
tree | 27bf216f12d9449996a8895b8976d82a91a24e44 /pkgs | |
parent | f8ff9a783f7f4d86e49e0c98f5f6107fa08481b5 (diff) | |
download | nixpkgs-a46f2062718851ce93baab060149b896ef33c132.tar nixpkgs-a46f2062718851ce93baab060149b896ef33c132.tar.gz nixpkgs-a46f2062718851ce93baab060149b896ef33c132.tar.bz2 nixpkgs-a46f2062718851ce93baab060149b896ef33c132.tar.lz nixpkgs-a46f2062718851ce93baab060149b896ef33c132.tar.xz nixpkgs-a46f2062718851ce93baab060149b896ef33c132.tar.zst nixpkgs-a46f2062718851ce93baab060149b896ef33c132.zip |
tcpdump: fix multiple CVEs
Fixes CVE-2017-11541, CVE-2017-11542, CVE-2017-11543. Also fixes a segfault if built with openssl 1.1.
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/tools/networking/tcpdump/default.nix | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/pkgs/tools/networking/tcpdump/default.nix b/pkgs/tools/networking/tcpdump/default.nix index 77e74569ee5..69893f0a832 100644 --- a/pkgs/tools/networking/tcpdump/default.nix +++ b/pkgs/tools/networking/tcpdump/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, libpcap, enableStatic ? false +{ stdenv, fetchFromGitHub, fetchpatch, libpcap, enableStatic ? false , hostPlatform }: @@ -13,6 +13,25 @@ stdenv.mkDerivation rec { sha256 = "1vzrvn1q7x28h18yskqc390y357pzpg5xd3pzzj4xz3llnvsr64p"; }; + patches = [ + (fetchpatch { + url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11541.patch"; + sha256 = "1lqg4lbyddnv75wpj0rs2sxz4lb3d1vp8n385i27mrpcxw9qaxia"; + }) + (fetchpatch { + url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11542.patch"; + sha256 = "0vqgmw9i5vr3d4siyrh8mw60jdmp5r66rbjxfmbnwhlfjf4bwxz4"; + }) + (fetchpatch { + url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11543.patch"; + sha256 = "1vk9ncpx0qjja8l69xw5kkvgy9fkcii2n98diazv1yndln2cs26l"; + }) + (fetchpatch { + url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-OpenSSL-1.1-segfault.patch"; + sha256 = "0mw0jdj5nyg4sviqj7wxwf2492b2bdqmjrvf1k34ak417xfcvy1d"; + }) + ]; + buildInputs = [ libpcap ]; crossAttrs = { |