varnish6: add patch for CVE-2019-15892

author: Robert Scott <code@humanleg.org.uk> 2019-11-08 20:37:26 +0000
committer: Robert Scott <code@humanleg.org.uk> 2019-11-08 20:37:26 +0000
commit: b795babe296aa7dbaf65828c47546cd0aad2842b (patch)
tree: 197d6a30f4c99a4b03e83c4e5a87a2c2ce5e54f7
parent: Merge pull request #73009 from risicle/ris-qemu-CVEs-r19.03 (diff)
download: nixpkgs-b795babe296aa7dbaf65828c47546cd0aad2842b.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/pkgs/servers/varnish/default.nix b/pkgs/servers/varnish/default.nix
index e447035e32aa..50b2b76fd13e 100644
--- a/pkgs/servers/varnish/default.nix
+++ b/pkgs/servers/varnish/default.nix
@@ -1,9 +1,10 @@
-{ stdenv, fetchurl, pcre, libxslt, groff, ncurses, pkgconfig, readline, libedit
+{ stdenv, fetchurl, fetchpatch, pcre, libxslt, groff, ncurses, pkgconfig, readline, libedit
 , python2, makeWrapper }:
 
 let
-  common = { version, sha256, extraBuildInputs ? [] }:
+  common = { version, sha256, extraBuildInputs ? [], patches ? null }:
     stdenv.mkDerivation rec {
+      inherit patches;
       name = "varnish-${version}";
 
       src = fetchurl {
@@ -50,5 +51,11 @@ in
     version = "6.1.1";
     sha256 = "0gf9hzzrr1lndbbqi8cwlfasi7l517cy3nbgna88i78lm247rvp0";
     extraBuildInputs = [ python2.pkgs.sphinx ];
+    patches = [
+      (fetchpatch {
+        url = "https://sources.debian.org/data/main/v/varnish/6.1.1-1+deb10u1/debian/patches/CVE-2019-15892.patch";
+        sha256 = "03jlflgry4j9f34kxni64j6583jqr828zgy68ywdmglpxkgpyma7";
+      })
+    ];
   };
 }
author	Robert Scott <code@humanleg.org.uk>	2019-11-08 20:37:26 +0000
committer	Robert Scott <code@humanleg.org.uk>	2019-11-08 20:37:26 +0000
commit	b795babe296aa7dbaf65828c47546cd0aad2842b (patch)
tree	197d6a30f4c99a4b03e83c4e5a87a2c2ce5e54f7
parent	Merge pull request #73009 from risicle/ris-qemu-CVEs-r19.03 (diff)
download	nixpkgs-b795babe296aa7dbaf65828c47546cd0aad2842b.tar.gz