libuv: add patch for CVE-2021-22918

> libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
> function which is used to convert strings to ASCII. This is called by
> the DNS resolution function and can lead to information disclosures or
> crashes.

b7466e31e4

Fixes: CVE-2021-22918
This commit is contained in:
Martin Weinelt 2021-07-05 21:15:43 +02:00
parent a28ba52cac
commit 742b8f71f7

View file

@ -1,4 +1,4 @@
{ stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, pkg-config, ApplicationServices, CoreServices }: { stdenv, lib, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, pkg-config, ApplicationServices, CoreServices }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "1.41.0"; version = "1.41.0";
@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
sha256 = "sha256-i6AYD1Ony0L2+3yWK6bxOfwoZEvd9qCg33QSqA7bRXI="; sha256 = "sha256-i6AYD1Ony0L2+3yWK6bxOfwoZEvd9qCg33QSqA7bRXI=";
}; };
patches = [
(fetchpatch {
# Fixes out-of-bounds read in uv__idna_toascii() function
name = "CVE-2021-22918.patch";
url = "https://github.com/libuv/libuv/commit/b7466e31e4bee160d82a68fca11b1f61d46debae.patch";
sha256 = "0fbjy0jh7r9nrd27ag1k6am6d8p5ih7p0ywvjn53nq4cyqdqxhi7";
})
];
postPatch = let postPatch = let
toDisable = [ toDisable = [
"getnameinfo_basic" "udp_send_hang_loop" # probably network-dependent "getnameinfo_basic" "udp_send_hang_loop" # probably network-dependent