commit ede90bb8e12e26702efec3cc0e6f67745b6df67d · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

trafficserver: 9.1.3 -> 9.1.4

Fixes CVE-2022-32749 and CVE-2022-40743.

https://raw.githubusercontent.com/apache/trafficserver/9.1.x/CHANGELOG-9.1.4

Thomas Gerbet 3 years ago ede90bb8 91b47e16

+3 -9

2 changed files

expand all

unified split

nixos

tests

trafficserver.nix

pkgs

servers

http

trafficserver

default.nix

nixos/tests/trafficserver.nix

··· 172 assert re.fullmatch(expected, out) is not None, "no matching logs" 173 174 out = json.loads(ats.succeed(f"traffic_logstats -jf {access_log_path}")) 175 assert out["total"]["error.total"]["req"] == "0", "unexpected log stat" 176 ''; 177 })

··· 172 assert re.fullmatch(expected, out) is not None, "no matching logs" 173 174 out = json.loads(ats.succeed(f"traffic_logstats -jf {access_log_path}")) 175 + assert isinstance(out, dict) 176 assert out["total"]["error.total"]["req"] == "0", "unexpected log stat" 177 ''; 178 })

+2 -9

pkgs/servers/http/trafficserver/default.nix

··· 50 51 stdenv.mkDerivation rec { 52 pname = "trafficserver"; 53 - version = "9.1.3"; 54 55 src = fetchzip { 56 url = "mirror://apache/trafficserver/trafficserver-${version}.tar.bz2"; 57 - sha256 = "sha256-Ihhsbn4PvIjWskmbWKajThIwtuiEyldBpmtuQ8RdyHA="; 58 }; 59 60 patches = [ ··· 107 tools/check-unused-dependencies 108 109 substituteInPlace configure --replace '/usr/bin/file' '${file}/bin/file' 110 - 111 - # TODO: remove after the following change has been released 112 - # https://github.com/apache/trafficserver/pull/8683 113 - cp ${catch2}/include/catch2/catch.hpp tests/include/catch.hpp 114 '' + lib.optionalString stdenv.isLinux '' 115 substituteInPlace configure \ 116 --replace '/usr/include/linux' '${linuxHeaders}/include/linux' ··· 125 "--enable-experimental-plugins" 126 (lib.enableFeature enableWCCP "wccp") 127 128 - # the configure script can't auto-locate the following from buildInputs 129 - "--with-lzma=${xz.dev}" 130 - "--with-zlib=${zlib.dev}" 131 (lib.withFeatureAs withHiredis "hiredis" hiredis) 132 ]; 133

··· 50 51 stdenv.mkDerivation rec { 52 pname = "trafficserver"; 53 + version = "9.1.4"; 54 55 src = fetchzip { 56 url = "mirror://apache/trafficserver/trafficserver-${version}.tar.bz2"; 57 + sha256 = "sha256-+iq+z+1JE6JE6OLcUwRRAe2/EISqb6Ax6pNm8GcB7bc="; 58 }; 59 60 patches = [ ··· 107 tools/check-unused-dependencies 108 109 substituteInPlace configure --replace '/usr/bin/file' '${file}/bin/file' 110 '' + lib.optionalString stdenv.isLinux '' 111 substituteInPlace configure \ 112 --replace '/usr/include/linux' '${linuxHeaders}/include/linux' ··· 121 "--enable-experimental-plugins" 122 (lib.enableFeature enableWCCP "wccp") 123 124 (lib.withFeatureAs withHiredis "hiredis" hiredis) 125 ]; 126