diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2018-01-15 00:11:07 +0100 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2018-01-15 00:22:31 +0100 |
commit | 50f48fce0957211b2c703dd91e444f05e3203546 (patch) | |
tree | ddb8c7938373e7d6524b0203601830a12df2eb47 /pkgs/applications/networking/p2p | |
parent | 890c8047edd4d9674cfadb046f442679a5859ea8 (diff) | |
download | nixlib-50f48fce0957211b2c703dd91e444f05e3203546.tar nixlib-50f48fce0957211b2c703dd91e444f05e3203546.tar.gz nixlib-50f48fce0957211b2c703dd91e444f05e3203546.tar.bz2 nixlib-50f48fce0957211b2c703dd91e444f05e3203546.tar.lz nixlib-50f48fce0957211b2c703dd91e444f05e3203546.tar.xz nixlib-50f48fce0957211b2c703dd91e444f05e3203546.tar.zst nixlib-50f48fce0957211b2c703dd91e444f05e3203546.zip |
transmission: fix RCE via dns rebinding attach
For further details see [1] & [2]. [1] https://github.com/transmission/transmission/pull/468 [2] http://www.openwall.com/lists/oss-security/2018/01/12/1
Diffstat (limited to 'pkgs/applications/networking/p2p')
-rw-r--r-- | pkgs/applications/networking/p2p/transmission/default.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/pkgs/applications/networking/p2p/transmission/default.nix b/pkgs/applications/networking/p2p/transmission/default.nix index d2bbef7f581f..3c5fb499a8bd 100644 --- a/pkgs/applications/networking/p2p/transmission/default.nix +++ b/pkgs/applications/networking/p2p/transmission/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, intltool, file, wrapGAppsHook +{ stdenv, fetchurl, fetchpatch, pkgconfig, intltool, file, wrapGAppsHook , openssl, curl, libevent, inotify-tools, systemd, zlib , enableGTK3 ? false, gtk3 , enableSystemd ? stdenv.isLinux @@ -27,6 +27,16 @@ stdenv.mkDerivation rec { ++ optionals enableSystemd [ systemd ] ++ optionals stdenv.isLinux [ inotify-tools ]; + patches = [ + (fetchpatch { + # See https://github.com/transmission/transmission/pull/468 + # Patch from: https://github.com/transmission/transmission/pull/468#issuecomment-357098126 + name = "transmission-fix-dns-rebinding-vuln.patch"; + url = https://github.com/transmission/transmission/files/1624507/transmission-fix-dns-rebinding-vuln.patch.txt; + sha256 = "1p9m20kp4kdyp5jjr3yp5px627n8cfa29mg5n3wzsdfv0qzk9gy4"; + }) + ]; + postPatch = '' substituteInPlace ./configure \ --replace "libsystemd-daemon" "libsystemd" \ |