public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

runc: add patches to fix CVE-2016-9962

Browse Source
This commit is contained in:
Franz Pletz 2017-01-11 12:10:44 +01:00
parent 2b17620d59
commit 260d97ca25
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pkgs/applications/virtualization/runc/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchFromGitHub, go-md2man { stdenv, lib, fetchFromGitHub, fetchpatch, go-md2man
, go, pkgconfig, libapparmor, apparmor-parser, libseccomp }: , go, pkgconfig, libapparmor, apparmor-parser, libseccomp }:
with lib; with lib;
@ -14,6 +14,21 @@ stdenv.mkDerivation rec {
sha256 = "06bxc4g3frh4i1lkzvwdcwmzmr0i52rz4a4pij39s15zaigm79wk"; sha256 = "06bxc4g3frh4i1lkzvwdcwmzmr0i52rz4a4pij39s15zaigm79wk";
}; };
patches = [
# Two patches to fix CVE-2016-9962
# From https://bugzilla.suse.com/show_bug.cgi?id=1012568
(fetchpatch {
name = "0001-libcontainer-nsenter-set-init-processes-as-non-dumpa.patch";
url = "https://bugzilla.suse.com/attachment.cgi?id=709048&action=diff&context=patch&collapsed=&headers=1&format=raw";
sha256 = "1cfsmsyhc45a2929825mdaql0mrhhbrgdm54ly0957j2f46072ck";
})
(fetchpatch {
name = "0002-libcontainer-init-only-pass-stateDirFd-when-creating.patch";
url = "https://bugzilla.suse.com/attachment.cgi?id=709049&action=diff&context=patch&collapsed=&headers=1&format=raw";
sha256 = "1ykwg1mbvsxsnsrk9a8i4iadma1g0rgdmaj19dvif457hsnn31wl";
})
];
outputs = [ "out" "man" ]; outputs = [ "out" "man" ];
hardeningDisable = ["fortify"]; hardeningDisable = ["fortify"];