nginxStable: add patch for CVE-2021-3618
This commit is contained in:
parent
5f7a31d62e
commit
6951ba02f4
2 changed files with 11 additions and 2 deletions
|
@ -18,6 +18,7 @@
|
|||
, sha256 ? null # when not specifying src
|
||||
, configureFlags ? []
|
||||
, buildInputs ? []
|
||||
, extraPatches ? []
|
||||
, fixPatch ? p: p
|
||||
, preConfigure ? ""
|
||||
, postInstall ? null
|
||||
|
@ -134,7 +135,8 @@ stdenv.mkDerivation {
|
|||
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/103-sys_nerr.patch";
|
||||
sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
|
||||
})
|
||||
] ++ mapModules "patches");
|
||||
] ++ mapModules "patches")
|
||||
++ extraPatches;
|
||||
|
||||
hardeningEnable = optional (!stdenv.isDarwin) "pie";
|
||||
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ callPackage, ... } @ args:
|
||||
{ callPackage, fetchpatch, ... } @ args:
|
||||
|
||||
callPackage ./generic.nix args {
|
||||
version = "1.20.2";
|
||||
sha256 = "0hjsyjzd35qyw49w210f67g678kvzinw4kg1acb0l6c2fxspd24m";
|
||||
extraPatches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2021-3618.patch";
|
||||
url = "https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a.patch";
|
||||
sha256 = "0cnxmbkp6ip61w7y1ihhnvziiwzz3p3wi2vpi5c7yaj5m964k5db";
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue