dovecot: fix CVE-2017-15132

2024-11-28 09:53:10 +00:00 · 2018-02-01 03:55:38 +01:00 · 2018-02-01 03:55:38 +01:00 · e27e026539
commit e27e026539
parent be4c6311f3
1 changed files with 11 additions and 1 deletions
--- a/pkgs/servers/mail/dovecot/default.nix
+++ b/pkgs/servers/mail/dovecot/default.nix
@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, perl, pkgconfig, systemd, openssl
+{ stdenv, lib, fetchurl, fetchpatch, perl, pkgconfig, systemd, openssl
 , bzip2, zlib, lz4, inotify-tools, pam, libcap
 , clucene_core_2, icu, openldap, libsodium, libstemmer
 # Auth modules
@ -47,6 +47,16 @@ stdenv.mkDerivation rec {
    # so we can symlink plugins from several packages there.
    # The symlinking needs to be done in NixOS.
    ./2.2.x-module_dir.patch
+    (fetchpatch {
+      name = "CVE-2017-14132_part1.patch";
+      url = https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch;
+      sha256 = "1pcfzxr8xlwbpa7z19grp7mlvdnan6ln8zw74dj4pdmynmlk4aw9";
+    })
+    (fetchpatch {
+      name = "CVE-2017-14132_part2.patch";
+      url = https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22.patch;
+      sha256 = "0082iid5rvjmh003xi9s09jld2rb31hbvni0yai1h1ggbmd5zf8l";
+    })
  ];

  configureFlags = [