pyrox.dev
strongswan: add patch for CVE-2017-11185
+5
-1
pkgs/tools/networking/strongswan/default.nix
+5
-1
pkgs/tools/networking/strongswan/default.nix
···
1
-
{ stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook
2
, curl, trousers, sqlite, iptables, libxml2, openresolv
3
, ldns, unbound, pcsclite, openssl, systemd, pam
4
, enableTNC ? false }:
···
21
++ stdenv.lib.optionals stdenv.isLinux [ systemd.dev pam ];
22
23
patches = [
24
./ext_auth-path.patch
25
./firewall_defaults.patch
26
./updown-path.patch
···
1
+
{ stdenv, fetchurl, fetchpatch, gmp, pkgconfig, python, autoreconfHook
2
, curl, trousers, sqlite, iptables, libxml2, openresolv
3
, ldns, unbound, pcsclite, openssl, systemd, pam
4
, enableTNC ? false }:
···
21
++ stdenv.lib.optionals stdenv.isLinux [ systemd.dev pam ];
22
23
patches = [
24
+
(fetchpatch {
25
+
url = "https://download.strongswan.org/security/CVE-2017-11185/strongswan-4.4.0-5.5.3_gmp_mpz_export.patch";
26
+
sha256 = "1vqf077dq71wai7ma3bpzv55i76b48gp2cf6507chgy4wj04gi73";
27
+
})
28
./ext_auth-path.patch
29
./firewall_defaults.patch
30
./updown-path.patch