commit bcc3c118bfaeb8e2c29945bfcebf1fb09206cd42

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

unbound: patch CVE-2019-16866 (DoS, minor one IMHO)

https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries
The patch should be available here but web is down ATM:
https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff

Vladimír Čunát 6 years ago bcc3c118 ec1070d4

+10 -1

1 changed file

expand all

unified split

pkgs

tools

networking

unbound

default.nix

+10 -1

pkgs/tools/networking/unbound/default.nix

··· 1 - { stdenv, fetchurl, openssl, nettle, expat, libevent, dns-root-data }: 1 + { stdenv, fetchurl, fetchpatch, openssl, nettle, expat, libevent, dns-root-data }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 name = "unbound-${version}"; ··· 8 8 url = "https://unbound.net/downloads/${name}.tar.gz"; 9 9 sha256 = "05xrb8havr2vgjsdy7n85kgnvk1mg7qwhjp4a8n6pg4jhd5zjnj1"; 10 10 }; 11 + 12 + patches = [ 13 + (fetchpatch { 14 + name = "cve-2019-16866.diff"; 15 + url = "https://github.com/NLnetLabs/unbound/commit/b60c4a472c8.diff"; 16 + includes = [ "util/data/msgparse.c" ]; 17 + sha256 = "0id0mac9413pbc3z6yjha1sg7syxnari1qinxv5dp5jl98n1752p"; 18 + }) 19 + ]; 11 20 12 21 outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB 13 22