pyrox.dev
strongswan: add patch for CVE-2017-11185
+5
-1
pkgs/tools/networking/strongswan/default.nix
+5
-1
pkgs/tools/networking/strongswan/default.nix
···
1
-
{ stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook
1
+
{ stdenv, fetchurl, fetchpatch, gmp, pkgconfig, python, autoreconfHook
2
2
, curl, trousers, sqlite, iptables, libxml2, openresolv
3
3
, ldns, unbound, pcsclite, openssl, systemd, pam
4
4
, enableTNC ? false }:
···
21
21
++ stdenv.lib.optionals stdenv.isLinux [ systemd.dev pam ];
22
22
23
23
patches = [
24
+
(fetchpatch {
25
+
url = "https://download.strongswan.org/security/CVE-2017-11185/strongswan-4.4.0-5.5.3_gmp_mpz_export.patch";
26
+
sha256 = "1vqf077dq71wai7ma3bpzv55i76b48gp2cf6507chgy4wj04gi73";
27
+
})
24
28
./ext_auth-path.patch
25
29
./firewall_defaults.patch
26
30
./updown-path.patch