pyrox.dev
tcpdump: fix multiple CVEs
Fixes CVE-2017-11541, CVE-2017-11542, CVE-2017-11543.
Also fixes a segfault if built with openssl 1.1.
+20
-1
pkgs/tools/networking/tcpdump/default.nix
+20
-1
pkgs/tools/networking/tcpdump/default.nix
···
1
+
{ stdenv, fetchFromGitHub, fetchpatch, libpcap, enableStatic ? false
2
, hostPlatform
3
}:
4
···
12
rev = "${repo}-${version}";
13
sha256 = "1vzrvn1q7x28h18yskqc390y357pzpg5xd3pzzj4xz3llnvsr64p";
14
};
15
+
16
+
patches = [
17
+
(fetchpatch {
18
+
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11541.patch";
19
+
sha256 = "1lqg4lbyddnv75wpj0rs2sxz4lb3d1vp8n385i27mrpcxw9qaxia";
20
+
})
21
+
(fetchpatch {
22
+
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11542.patch";
23
+
sha256 = "0vqgmw9i5vr3d4siyrh8mw60jdmp5r66rbjxfmbnwhlfjf4bwxz4";
24
+
})
25
+
(fetchpatch {
26
+
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11543.patch";
27
+
sha256 = "1vk9ncpx0qjja8l69xw5kkvgy9fkcii2n98diazv1yndln2cs26l";
28
+
})
29
+
(fetchpatch {
30
+
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-OpenSSL-1.1-segfault.patch";
31
+
sha256 = "0mw0jdj5nyg4sviqj7wxwf2492b2bdqmjrvf1k34ak417xfcvy1d";
32
+
})
33
+
];
34
35
buildInputs = [ libpcap ];
36