nixpkgs/pkgs/tools/networking/ppp/default.nix
Andreas Rammhold 142c3153f7
ppp: apply patch for CVE-2020-8597
This fixes a potential buffer overflow in the eap_{request,response}
functions.
2020-03-06 23:35:18 +01:00

76 lines
2.3 KiB
Nix

{ stdenv, fetchurl, fetchpatch, fetchFromGitHub, substituteAll, libpcap, openssl }:
stdenv.mkDerivation rec {
version = "2.4.8";
pname = "ppp";
src = fetchFromGitHub {
owner = "paulusmack";
repo = "ppp";
rev = "ppp-${version}";
sha256 = "1i88m79h6g3fzsb4yw3k8bq1grsx3hsyawm7id2vcaab0gfqzjjv";
};
patches =
[
( substituteAll {
src = ./nix-purity.patch;
inherit libpcap;
glibc = stdenv.cc.libc.dev or stdenv.cc.libc;
openssl = openssl.dev;
})
# Without nonpriv.patch, pppd --version doesn't work when not run as
# root.
./nonpriv.patch
(fetchpatch {
name = "CVE-2015-3310.patch";
url = "https://github.com/paulusmack/ppp/commit/858976b1fc3107f1261aae337831959b511b83c2.patch";
sha256 = "0wirmcis67xjwllqhz9lsz1b7dcvl8shvz78lxgybc70j2sv7ih4";
})
(fetchurl {
url = https://www.nikhef.nl/~janjust/ppp/ppp-2.4.7-eaptls-mppe-1.102.patch;
sha256 = "04war8l5szql53l36043hvzgfwqp3v76kj8brbz7wlf7vs2mlkia";
})
(fetchpatch {
name = "CVE-2020-8597.patch";
url = "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426.patch";
sha256 = "129wnhwxmzvr3y9gzxv82jnb5y8m4yg8vkpa0xl2rwkl8anbzgkh";
})
./musl-fix-headers.patch
];
buildInputs = [ libpcap openssl ];
postPatch = ''
# strip is not found when cross compiling with seemingly no way to point
# make to the right place, fixup phase will correctly strip
# everything anyway so we remove it from the Makefiles
for file in $(find -name Makefile.linux); do
substituteInPlace "$file" --replace '$(INSTALL) -s' '$(INSTALL)'
substituteInPlace "$file" --replace '-m 4550' '-m 550'
done
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
make install
install -D -m 755 scripts/{pon,poff,plog} $out/bin
runHook postInstall
'';
postFixup = ''
for tgt in pon poff plog; do
substituteInPlace "$out/bin/$tgt" --replace "/usr/sbin" "$out/bin"
done
'';
meta = with stdenv.lib; {
homepage = https://ppp.samba.org/;
description = "Point-to-point implementation for Linux and Solaris";
license = with licenses; [ bsdOriginal publicDomain gpl2 lgpl2 ];
platforms = platforms.linux;
maintainers = [ ];
};
}