diff options
Diffstat (limited to 'pkgs/development/libraries/libvirt/default.nix')
-rw-r--r-- | pkgs/development/libraries/libvirt/default.nix | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/pkgs/development/libraries/libvirt/default.nix b/pkgs/development/libraries/libvirt/default.nix index 85b8b128d20..c559d3f8407 100644 --- a/pkgs/development/libraries/libvirt/default.nix +++ b/pkgs/development/libraries/libvirt/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, fetchgit -, pkgconfig, makeWrapper, libtool, autoconf, automake +, pkgconfig, makeWrapper, libtool, autoconf, automake, fetchpatch , coreutils, libxml2, gnutls, perl, python2, attr , iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext , libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor @@ -17,22 +17,46 @@ let buildFromTarball = stdenv.isDarwin; in stdenv.mkDerivation rec { name = "libvirt-${version}"; - version = "4.10.0"; + version = "5.4.0"; src = if buildFromTarball then fetchurl { url = "http://libvirt.org/sources/${name}.tar.xz"; - sha256 = "0v17zzyyb25nn9l18v5244myg7590dp6ppwgi8xysipifc0q77bz"; + sha256 = "0ywf8m9yz2hxnic7fylzlmgy4m353r4vv5zsvp89zq5yh4h81yhw"; } else fetchgit { url = git://libvirt.org/libvirt.git; rev = "v${version}"; - sha256 = "0dlpv3v6jpbmgvhpn29ryp0w2a1xny8ciqid8hnlf3klahz9kwz9"; + sha256 = "1dja1mf295w0sl83zag62c4j55cfbzzfbhdxpkyv2zm3zv0mwdyc"; fetchSubmodules = true; }; + patches = optionals (!stdenv.isDarwin) [ + (fetchpatch { + name = "5.4.0-CVE-2019-10161.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=aed6a032cead4386472afb24b16196579e239580"; + sha256 = "19k9z9xx68nf03igbgy1imxnlp5ppj7cgdbq9kri3s834hkjcygs"; + }) + ] ++ [ + (fetchpatch { + name = "5.4.0-CVE-2019-10166.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=db0b78457f183e4c7ac45bc94de86044a1e2056a"; + sha256 = "17pd1rab2mxj4q0vg30vi2gh78mf52ik1p5l12wrghb0wjf7swml"; + }) + (fetchpatch { + name = "5.4.0-CVE-2019-10167.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26"; + sha256 = "0hgbwk0y2n6ihzjk8vqabhw914axjqgzcb7c5xx893r86c54c0ml"; + }) + (fetchpatch { + name = "5.4.0-CVE-2019-10168.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=bf6c2830b6c338b1f5699b095df36f374777b291"; + sha256 = "0s4hc3hsjncx1852ndjas1nng9v23pxf4mi1jxcajsqvhw89la0g"; + }) + ]; + nativeBuildInputs = [ makeWrapper pkgconfig ]; buildInputs = [ libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl @@ -76,13 +100,14 @@ in stdenv.mkDerivation rec { "--with-esx" "--with-remote" ] ++ optionals stdenv.isLinux [ + "QEMU_BRIDGE_HELPER=/run/wrappers/bin/qemu-bridge-helper" + "QEMU_PR_HELPER=/run/libvirt/nix-helpers/qemu-pr-helper" "--with-attr" "--with-apparmor" "--with-secdriver-apparmor" "--with-numad" "--with-macvtap" "--with-virtualport" - "--with-init-script=systemd+redhat" "--with-storage-disk" ] ++ optionals (stdenv.isLinux && zfs != null) [ "--with-storage-zfs" |