diff options
author | lethalman <lucabru@src.gnome.org> | 2015-01-30 11:31:06 +0100 |
---|---|---|
committer | lethalman <lucabru@src.gnome.org> | 2015-01-30 11:31:06 +0100 |
commit | d4e7fada66b983fde84fee5e1be27d39c1c5c5c1 (patch) | |
tree | c44bc85e95e616beb7974f216eee1c62c504d700 /pkgs | |
parent | 9576ff49d8c8c21b1cb5d458dd2c014a552dffcc (diff) | |
parent | 7a7e59d2a973458c4eab0d1b52590966a478d825 (diff) | |
download | nixlib-d4e7fada66b983fde84fee5e1be27d39c1c5c5c1.tar nixlib-d4e7fada66b983fde84fee5e1be27d39c1c5c5c1.tar.gz nixlib-d4e7fada66b983fde84fee5e1be27d39c1c5c5c1.tar.bz2 nixlib-d4e7fada66b983fde84fee5e1be27d39c1c5c5c1.tar.lz nixlib-d4e7fada66b983fde84fee5e1be27d39c1c5c5c1.tar.xz nixlib-d4e7fada66b983fde84fee5e1be27d39c1c5c5c1.tar.zst nixlib-d4e7fada66b983fde84fee5e1be27d39c1c5c5c1.zip |
Merge pull request #5951 from arno01/socat
socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/tools/networking/socat/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/networking/socat/enable-ecdhe.patch | 19 |
2 files changed, 23 insertions, 2 deletions
diff --git a/pkgs/tools/networking/socat/default.nix b/pkgs/tools/networking/socat/default.nix index e33edaa32da9..65d3b01e89cf 100644 --- a/pkgs/tools/networking/socat/default.nix +++ b/pkgs/tools/networking/socat/default.nix @@ -1,15 +1,17 @@ { stdenv, fetchurl, openssl }: stdenv.mkDerivation rec { - name = "socat-1.7.2.4"; + name = "socat-1.7.3.0"; src = fetchurl { url = "http://www.dest-unreach.org/socat/download/${name}.tar.bz2"; - sha256 = "028yjka2zr6j1i8pmfmvzqki8ajczdl1hnry1x31xbbg3j83jxsb"; + sha256 = "011ydc0x8camplf8l6mshs3v5fswarld8v0wf7grz6rjq18fhrq7"; }; buildInputs = [ openssl ]; + patches = [ ./enable-ecdhe.patch ]; + meta = { description = "A utility for bidirectional data transfer between two independent data channels"; homepage = http://www.dest-unreach.org/socat/; diff --git a/pkgs/tools/networking/socat/enable-ecdhe.patch b/pkgs/tools/networking/socat/enable-ecdhe.patch new file mode 100644 index 000000000000..ad63ec287bcf --- /dev/null +++ b/pkgs/tools/networking/socat/enable-ecdhe.patch @@ -0,0 +1,19 @@ +--- socat-1.7.3.0/xio-openssl.c 2015-01-24 15:33:42.000000000 +0100 ++++ socat-1.7.3.0-ecdhe/xio-openssl.c 2015-01-25 13:38:54.353641097 +0100 +@@ -960,7 +960,6 @@ + } + } + +-#if defined(EC_KEY) /* not on Openindiana 5.11 */ + { + /* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */ + int nid; +@@ -982,7 +981,6 @@ + + SSL_CTX_set_tmp_ecdh(*ctx, ecdh); + } +-#endif /* !defined(EC_KEY) */ + + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + if (opt_compress) { + |