lol
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

ldns: security patches from upstream, /cc #32459

Also use sha256 instead of sha1 for the source.

+18 -3
+18 -3
pkgs/development/libraries/ldns/default.nix
··· 1 - {stdenv, fetchurl, openssl, perl, dns-root-data}: 1 + { stdenv, fetchurl, fetchpatch, openssl, perl, dns-root-data }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "ldns"; ··· 8 8 9 9 src = fetchurl { 10 10 url = "https://www.nlnetlabs.nl/downloads/ldns/${name}.tar.gz"; 11 - sha1 = "ceeeccf8a27e61a854762737f6ee02f44662c1b8"; 11 + sha256 = "1k56jw4hz8njspfxcfw0czf1smg0n48ylia89ziwyx5k9wdmp7y1"; 12 12 }; 13 13 14 - patchPhase = '' 14 + patches = [ 15 + (fetchpatch { 16 + name = "CVE-2017-1000231.patch"; 17 + url = "https://git.nlnetlabs.nl/ldns/patch/?id=c8391790"; 18 + sha256 = "1rprfh0y1c28dqiy3vgwvwdhn7b5rsylfzzblx5xdhwfqgdw8vn0"; 19 + excludes = [ "Changelog" ]; 20 + }) 21 + (fetchpatch { 22 + name = "CVE-2017-1000232.patch"; 23 + url = "https://git.nlnetlabs.nl/ldns/patch/?id=3bdeed02"; 24 + sha256 = "0bv0s5jjp0sswfg8da47d346iwp9yjhj9w7fa3bxh174br0zj07r"; 25 + excludes = [ "Changelog" ]; 26 + }) 27 + ]; 28 + 29 + postPatch = '' 15 30 patchShebangs doc/doxyparse.pl 16 31 ''; 17 32