diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2019-03-22 13:17:07 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-22 13:17:07 +0100 |
| commit | 77166e7636a9867a23d9b48d4ac97e5c64758265 (patch) | |
| tree | d95cad14c29b0ab4af06cdbab05ee1594e1e97f1 | |
| parent | 69e23dcc666fea13b04307bc44972aa05d4b2821 (diff) | |
| parent | 5acc543233d990abeff543b8c99d97068ef7a37b (diff) | |
| download | nixlib-77166e7636a9867a23d9b48d4ac97e5c64758265.tar nixlib-77166e7636a9867a23d9b48d4ac97e5c64758265.tar.gz nixlib-77166e7636a9867a23d9b48d4ac97e5c64758265.tar.bz2 nixlib-77166e7636a9867a23d9b48d4ac97e5c64758265.tar.lz nixlib-77166e7636a9867a23d9b48d4ac97e5c64758265.tar.xz nixlib-77166e7636a9867a23d9b48d4ac97e5c64758265.tar.zst nixlib-77166e7636a9867a23d9b48d4ac97e5c64758265.zip | |
Merge pull request #57963 from andir/samba
samba/ldb: fix CVE-2019-3824
| -rw-r--r-- | pkgs/development/libraries/ldb/default.nix | 11 | ||||
| -rw-r--r-- | pkgs/servers/samba/4.x.nix | 8 |
2 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/development/libraries/ldb/default.nix b/pkgs/development/libraries/ldb/default.nix index 5566b1f4f0e2..12f7b176bb7b 100644 --- a/pkgs/development/libraries/ldb/default.nix +++ b/pkgs/development/libraries/ldb/default.nix @@ -19,6 +19,17 @@ stdenv.mkDerivation rec { cmocka ]; + patches = [ + # CVE-2019-3824 + # downloading the patch from debian as they have ported the patch from samba to ldb but otherwise is identical to + # https://bugzilla.samba.org/attachment.cgi?id=14857 + (fetchurl { + name = "CVE-2019-3824.patch"; + url = "https://sources.debian.org/data/main/l/ldb/2:1.1.27-1+deb9u1/debian/patches/CVE-2019-3824-master-v4-5-02.patch"; + sha256 = "1idnqckvjh18rh9sbq90rr4sxfviha9nd1ca9pd6lai0y6r6q4yd"; + }) + ]; + preConfigure = '' sed -i 's,#!/usr/bin/env python,#!${python}/bin/python,g' buildtools/bin/waf ''; diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix index 4da3ae362c4d..53bfa6df8dc3 100644 --- a/pkgs/servers/samba/4.x.nix +++ b/pkgs/servers/samba/4.x.nix @@ -33,10 +33,18 @@ stdenv.mkDerivation rec { [ ./4.x-no-persistent-install.patch ./patch-source3__libads__kerberos_keytab.c.patch ./4.x-no-persistent-install-dynconfig.patch + + # conditionall disable MacOS incompatible tests (fetchpatch { url = "https://patch-diff.githubusercontent.com/raw/samba-team/samba/pull/107.patch"; sha256 = "0r6q34vjj0bdzmcbnrkad9rww58k4krbwicv4gs1g3dj49skpvd6"; }) + + (fetchpatch { + name = "CVE-2019-3824.patch"; + url = "https://attachments.samba.org/attachment.cgi?id=14859"; + sha256 = "02qf3zr55mzbimqdv01k3b22jjb084vfr5zabapyr5h1f588mw0q"; + }) ]; buildInputs = |