tcpdump: fix multiple CVEs

Fixes CVE-2017-11541, CVE-2017-11542, CVE-2017-11543.

Also fixes a segfault if built with openssl 1.1.
This commit is contained in:
Franz Pletz 2017-09-05 13:07:11 +02:00
parent f8ff9a783f
commit a46f206271
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4

View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, libpcap, enableStatic ? false
{ stdenv, fetchFromGitHub, fetchpatch, libpcap, enableStatic ? false
, hostPlatform
}:
@ -13,6 +13,25 @@ stdenv.mkDerivation rec {
sha256 = "1vzrvn1q7x28h18yskqc390y357pzpg5xd3pzzj4xz3llnvsr64p";
};
patches = [
(fetchpatch {
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11541.patch";
sha256 = "1lqg4lbyddnv75wpj0rs2sxz4lb3d1vp8n385i27mrpcxw9qaxia";
})
(fetchpatch {
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11542.patch";
sha256 = "0vqgmw9i5vr3d4siyrh8mw60jdmp5r66rbjxfmbnwhlfjf4bwxz4";
})
(fetchpatch {
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11543.patch";
sha256 = "1vk9ncpx0qjja8l69xw5kkvgy9fkcii2n98diazv1yndln2cs26l";
})
(fetchpatch {
url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-OpenSSL-1.1-segfault.patch";
sha256 = "0mw0jdj5nyg4sviqj7wxwf2492b2bdqmjrvf1k34ak417xfcvy1d";
})
];
buildInputs = [ libpcap ];
crossAttrs = {