diff options
| author | Vladimír Čunát <v@cunat.cz> | 2019-10-04 10:03:15 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2019-10-04 10:03:15 +0200 |
| commit | bcc3c118bfaeb8e2c29945bfcebf1fb09206cd42 (patch) | |
| tree | f7ac2f2885fd37b3d72ee7681c08e2b9993eb0f8 | |
| parent | Merge pull request #70288 from ttuegel/security--release-19.03--CVE-2019-14744 (diff) | |
| download | nixpkgs-bcc3c118bfaeb8e2c29945bfcebf1fb09206cd42.tar.gz | |
unbound: patch CVE-2019-16866 (DoS, minor one IMHO)
https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries
The patch should be available here but web is down ATM:
https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
| -rw-r--r-- | pkgs/tools/networking/unbound/default.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix index 25e03d80369e..ec8df544aee5 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/tools/networking/unbound/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, openssl, nettle, expat, libevent, dns-root-data }: +{ stdenv, fetchurl, fetchpatch, openssl, nettle, expat, libevent, dns-root-data }: stdenv.mkDerivation rec { name = "unbound-${version}"; @@ -9,6 +9,15 @@ stdenv.mkDerivation rec { sha256 = "05xrb8havr2vgjsdy7n85kgnvk1mg7qwhjp4a8n6pg4jhd5zjnj1"; }; + patches = [ + (fetchpatch { + name = "cve-2019-16866.diff"; + url = "https://github.com/NLnetLabs/unbound/commit/b60c4a472c8.diff"; + includes = [ "util/data/msgparse.c" ]; + sha256 = "0id0mac9413pbc3z6yjha1sg7syxnari1qinxv5dp5jl98n1752p"; + }) + ]; + outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB buildInputs = [ openssl nettle expat libevent ]; |