nginxStable: add patch for CVE-2021-3618

This commit is contained in:
Robert Scott 2022-04-16 17:18:05 +01:00
parent 5f7a31d62e
commit 6951ba02f4
2 changed files with 11 additions and 2 deletions

View file

@ -18,6 +18,7 @@
, sha256 ? null # when not specifying src
, configureFlags ? []
, buildInputs ? []
, extraPatches ? []
, fixPatch ? p: p
, preConfigure ? ""
, postInstall ? null
@ -134,7 +135,8 @@ stdenv.mkDerivation {
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/103-sys_nerr.patch";
sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
})
] ++ mapModules "patches");
] ++ mapModules "patches")
++ extraPatches;
hardeningEnable = optional (!stdenv.isDarwin) "pie";

View file

@ -1,6 +1,13 @@
{ callPackage, ... } @ args:
{ callPackage, fetchpatch, ... } @ args:
callPackage ./generic.nix args {
version = "1.20.2";
sha256 = "0hjsyjzd35qyw49w210f67g678kvzinw4kg1acb0l6c2fxspd24m";
extraPatches = [
(fetchpatch {
name = "CVE-2021-3618.patch";
url = "https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a.patch";
sha256 = "0cnxmbkp6ip61w7y1ihhnvziiwzz3p3wi2vpi5c7yaj5m964k5db";
})
];
}