commit 210b6509eda2a217adb8b2ec2eebe95c33ad146e · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

Merge pull request #108501 from Ma27/tcpdump-cve-2020-8037

tcpdump: fix CVE-2020-8037

authored by Sandro and committed by GitHub 5 years ago 210b6509 57135a33

+9 -1

1 changed file

expand all

unified split

pkgs

tools

networking

tcpdump

default.nix

+9 -1

pkgs/tools/networking/tcpdump/default.nix

··· 1 - { stdenv, fetchurl, libpcap, perl }: 1 + { stdenv, fetchurl, libpcap, perl, fetchpatch }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "tcpdump"; ··· 8 8 url = "http://www.tcpdump.org/release/${pname}-${version}.tar.gz"; 9 9 sha256 = "0434vdcnbqaia672rggjzdn4bb8p8dchz559yiszzdk0sjrprm1c"; 10 10 }; 11 + 12 + patches = [ 13 + # Patch for CVE-2020-8037 14 + (fetchpatch { 15 + url = "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231.patch"; 16 + sha256 = "sha256-bO3aV032ru9+M/9isBRjmH8jTZLKj9Zf9ha2rmOaZwc="; 17 + }) 18 + ]; 11 19 12 20 postPatch = '' 13 21 patchShebangs tests