ipsecTools: add patch to fix CVE-2016-10396

This commit is contained in:
Franz Pletz 2017-08-01 08:48:46 +02:00
parent 903d9daf0f
commit 4afb3f4ade
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, linuxHeaders, readline, openssl, flex, kerberos, pam }:
{ stdenv, fetchurl, fetchpatch, linuxHeaders, readline, openssl, flex, kerberos, pam }:
# TODO: These tools are supposed to work under NetBSD and FreeBSD as
# well, so I guess it's not appropriate to place this expression in
@ -16,8 +16,14 @@ stdenv.mkDerivation rec {
buildInputs = [ readline openssl flex kerberos pam ];
patches = [ ./dont-create-localstatedir-during-install.patch
./CVE-2015-4047.patch ];
patches = [
./dont-create-localstatedir-during-install.patch
./CVE-2015-4047.patch
(fetchpatch {
url = "https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b";
sha256 = "1kf7j2pf1blni52z7q41n0yisqb7gvk01lvldr319zaxxg7rm84a";
})
];
# fix build with newer gcc versions
preConfigure = ''substituteInPlace configure --replace "-Werror" "" '';