public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

corosync: 2.4.3 -> 2.4.5

Browse Source 
Reason0: Changed name metadata to pname and version metadata.
Reason1: Fixes CVE-2018-1084

Corosync is prone to an integer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code
in the context of the affected application. Failed exploit
attempts will likely cause a denial-of-service condition.

Fixed in 2.4.4

See issue: #90784
This commit is contained in:
Red Davies 2020-11-24 23:07:13 -05:00
parent 3b4fcbb5d1
commit 2ddb0c7400
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/servers/corosync/default.nix
View File

@ -9,11 +9,12 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "corosync-2.4.3"; pname = "corosync";
version = "2.4.5";
src = fetchurl { src = fetchurl {
url = "http://build.clusterlabs.org/corosync/releases/${name}.tar.gz"; url = "http://build.clusterlabs.org/corosync/releases/${pname}-${version}.tar.gz";
sha256 = "15y5la04qn2lh1gabyifygzpa4dx3ndk5yhmaf7azxyjx0if9rxi"; sha256 = "0pxs18vci9kq3qnqsg5i1h35jrxxiccwbm0mzja3g8j3izdsyvmb";
}; };
nativeBuildInputs = [ makeWrapper pkgconfig ]; nativeBuildInputs = [ makeWrapper pkgconfig ];