BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

dnscrypt-wrapper: disable fortify3 hardening flag

Browse source 
This was enabled by default in db3e94c3 and breaks the key generation,
specifically `dnscrypt-wrapper --gen-crypt-keypair` fails with:

    Generate crypt key pair... ok.
    Secret key stored in 2.dnscrypt-cert.server.key
    *** buffer overflow detected ***: terminated

FAQ:

  1. Is the buffer overflow real? Probably.

  2. Is it maintained? Is upstream going to fix it? Not really.

  3. Are you willing to investigate and patch it yourself? Nope.
This commit is contained in:
rnhmjoj 2023-07-20 13:26:33 +02:00
parent e1d36dfcb0
commit f65d93f9f8
No known key found for this signature in database
GPG key ID: BFBAF4C975F76450
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pkgs/tools/networking/dnscrypt-wrapper/default.nix
View file

@ -13,6 +13,9 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
# causes `dnscrypt-wrapper --gen-provider-keypair` to crash
hardeningDisable = [ "fortify3" ];
nativeBuildInputs = [ pkg-config autoreconfHook ];
buildInputs = [ libsodium libevent ];