pyrox.dev
lol
ldns: security patches from upstream, /cc #32459
Also use sha256 instead of sha1 for the source.
+18
-3
+18
-3
pkgs/development/libraries/ldns/default.nix
+18
-3
pkgs/development/libraries/ldns/default.nix
···
1
-
{stdenv, fetchurl, openssl, perl, dns-root-data}:
1
+
{ stdenv, fetchurl, fetchpatch, openssl, perl, dns-root-data }:
2
2
3
3
stdenv.mkDerivation rec {
4
4
pname = "ldns";
···
8
8
9
9
src = fetchurl {
10
10
url = "https://www.nlnetlabs.nl/downloads/ldns/${name}.tar.gz";
11
-
sha1 = "ceeeccf8a27e61a854762737f6ee02f44662c1b8";
11
+
sha256 = "1k56jw4hz8njspfxcfw0czf1smg0n48ylia89ziwyx5k9wdmp7y1";
12
12
};
13
13
14
-
patchPhase = ''
14
+
patches = [
15
+
(fetchpatch {
16
+
name = "CVE-2017-1000231.patch";
17
+
url = "https://git.nlnetlabs.nl/ldns/patch/?id=c8391790";
18
+
sha256 = "1rprfh0y1c28dqiy3vgwvwdhn7b5rsylfzzblx5xdhwfqgdw8vn0";
19
+
excludes = [ "Changelog" ];
20
+
})
21
+
(fetchpatch {
22
+
name = "CVE-2017-1000232.patch";
23
+
url = "https://git.nlnetlabs.nl/ldns/patch/?id=3bdeed02";
24
+
sha256 = "0bv0s5jjp0sswfg8da47d346iwp9yjhj9w7fa3bxh174br0zj07r";
25
+
excludes = [ "Changelog" ];
26
+
})
27
+
];
28
+
29
+
postPatch = ''
15
30
patchShebangs doc/doxyparse.pl
16
31
'';
17
32