transmission: fix RCE via dns rebinding attach

For further details see [1] & [2]. [1] https://github.com/transmission/transmission/pull/468 [2] http://www.openwall.com/lists/oss-security/2018/01/12/1
2018-01-15 00:11:07 +01:00 · 2018-01-15 00:11:07 +01:00 · 50f48fce09
commit 50f48fce09
parent 890c8047ed
1 changed files with 11 additions and 1 deletions
--- a/pkgs/applications/networking/p2p/transmission/default.nix
+++ b/pkgs/applications/networking/p2p/transmission/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, intltool, file, wrapGAppsHook
+{ stdenv, fetchurl, fetchpatch, pkgconfig, intltool, file, wrapGAppsHook
 , openssl, curl, libevent, inotify-tools, systemd, zlib
 , enableGTK3 ? false, gtk3
 , enableSystemd ? stdenv.isLinux
@ -27,6 +27,16 @@ stdenv.mkDerivation rec {
    ++ optionals enableSystemd [ systemd ]
    ++ optionals stdenv.isLinux [ inotify-tools ];

+  patches = [
+    (fetchpatch {
+      # See https://github.com/transmission/transmission/pull/468
+      # Patch from: https://github.com/transmission/transmission/pull/468#issuecomment-357098126
+      name = "transmission-fix-dns-rebinding-vuln.patch";
+      url = https://github.com/transmission/transmission/files/1624507/transmission-fix-dns-rebinding-vuln.patch.txt;
+      sha256 = "1p9m20kp4kdyp5jjr3yp5px627n8cfa29mg5n3wzsdfv0qzk9gy4";
+    })
+  ];
+
  postPatch = ''
    substituteInPlace ./configure \
      --replace "libsystemd-daemon" "libsystemd" \