libuv: add patch for CVE-2021-22918
> libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
> function which is used to convert strings to ASCII. This is called by
> the DNS resolution function and can lead to information disclosures or
> crashes.
b7466e31e4
Fixes: CVE-2021-22918
This commit is contained in:
parent
a28ba52cac
commit
742b8f71f7
1 changed files with 10 additions and 1 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, pkg-config, ApplicationServices, CoreServices }:
|
{ stdenv, lib, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, pkg-config, ApplicationServices, CoreServices }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
version = "1.41.0";
|
version = "1.41.0";
|
||||||
|
@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
|
||||||
sha256 = "sha256-i6AYD1Ony0L2+3yWK6bxOfwoZEvd9qCg33QSqA7bRXI=";
|
sha256 = "sha256-i6AYD1Ony0L2+3yWK6bxOfwoZEvd9qCg33QSqA7bRXI=";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
(fetchpatch {
|
||||||
|
# Fixes out-of-bounds read in uv__idna_toascii() function
|
||||||
|
name = "CVE-2021-22918.patch";
|
||||||
|
url = "https://github.com/libuv/libuv/commit/b7466e31e4bee160d82a68fca11b1f61d46debae.patch";
|
||||||
|
sha256 = "0fbjy0jh7r9nrd27ag1k6am6d8p5ih7p0ywvjn53nq4cyqdqxhi7";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
postPatch = let
|
postPatch = let
|
||||||
toDisable = [
|
toDisable = [
|
||||||
"getnameinfo_basic" "udp_send_hang_loop" # probably network-dependent
|
"getnameinfo_basic" "udp_send_hang_loop" # probably network-dependent
|
||||||
|
|
Loading…
Reference in a new issue