nixpkgs/pkgs/servers/corosync/default.nix
Red Davies 2ddb0c7400 corosync: 2.4.3 -> 2.4.5
Reason0: Changed name metadata to pname and version metadata.
Reason1: Fixes CVE-2018-1084

Corosync is prone to an integer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code
in the context of the affected application. Failed exploit
attempts will likely cause a denial-of-service condition.

Fixed in 2.4.4

See issue: #90784
2020-11-25 17:01:30 -05:00

74 lines
2.0 KiB
Nix

{ stdenv, fetchurl, makeWrapper, pkgconfig, nss, nspr, libqb
, dbus, rdma-core, libstatgrab, net-snmp
, enableDbus ? false
, enableInfiniBandRdma ? false
, enableMonitoring ? false
, enableSnmp ? false
}:
with stdenv.lib;
stdenv.mkDerivation rec {
pname = "corosync";
version = "2.4.5";
src = fetchurl {
url = "http://build.clusterlabs.org/corosync/releases/${pname}-${version}.tar.gz";
sha256 = "0pxs18vci9kq3qnqsg5i1h35jrxxiccwbm0mzja3g8j3izdsyvmb";
};
nativeBuildInputs = [ makeWrapper pkgconfig ];
buildInputs = [
nss nspr libqb
] ++ optional enableDbus dbus
++ optional enableInfiniBandRdma rdma-core
++ optional enableMonitoring libstatgrab
++ optional enableSnmp net-snmp;
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
"--with-logdir=/var/log/corosync"
"--enable-watchdog"
"--enable-qdevices"
] ++ optional enableDbus "--enable-dbus"
++ optional enableInfiniBandRdma "--enable-rdma"
++ optional enableMonitoring "--enable-monitoring"
++ optional enableSnmp "--enable-snmp";
installFlags = [
"sysconfdir=$(out)/etc"
"localstatedir=$(out)/var"
"COROSYSCONFDIR=$(out)/etc/corosync"
"INITDDIR=$(out)/etc/init.d"
"LOGROTATEDIR=$(out)/etc/logrotate.d"
];
preConfigure = optionalString enableInfiniBandRdma ''
# configure looks for the pkg-config files
# of librdmacm and libibverbs
# Howver, rmda-core does not provide a pkg-config file
# We give the flags manually here:
export rdmacm_LIBS=-lrdmacm
export rdmacm_CFLAGS=" "
export ibverbs_LIBS=-libverbs
export ibverbs_CFLAGS=" "
'';
postInstall = ''
wrapProgram $out/bin/corosync-blackbox \
--prefix PATH ":" "$out/sbin:${libqb}/sbin"
'';
enableParallelBuilding = true;
meta = {
homepage = "http://corosync.org/";
description = "A Group Communication System with features for implementing high availability within applications";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ montag451 ];
};
}