apacheHttpd: fix CVE-2017-9798 (Optionsbleed)
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
This commit is contained in:
parent
2f9cb45bd4
commit
c9d11b8a1d
@ -5,6 +5,7 @@
|
|||||||
, ldapSupport ? true, openldap
|
, ldapSupport ? true, openldap
|
||||||
, libxml2Support ? true, libxml2
|
, libxml2Support ? true, libxml2
|
||||||
, luaSupport ? false, lua5
|
, luaSupport ? false, lua5
|
||||||
|
, fetchpatch
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let optional = stdenv.lib.optional;
|
let optional = stdenv.lib.optional;
|
||||||
@ -35,10 +36,19 @@ stdenv.mkDerivation rec {
|
|||||||
optional http2Support nghttp2 ++
|
optional http2Support nghttp2 ++
|
||||||
optional stdenv.isDarwin libiconv;
|
optional stdenv.isDarwin libiconv;
|
||||||
|
|
||||||
patchPhase = ''
|
prePatch = ''
|
||||||
sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
|
sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
(fetchpatch {
|
||||||
|
name = "CVE-2017-9798.patch";
|
||||||
|
url = "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch";
|
||||||
|
sha256 = "00hbq5szgav91kwsc30jdjvgd3vbgm8n198yna8bcs33p434v25k";
|
||||||
|
stripLen = 3;
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
# Required for ‘pthread_cancel’.
|
# Required for ‘pthread_cancel’.
|
||||||
NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.isDarwin) "-lgcc_s";
|
NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.isDarwin) "-lgcc_s";
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user