haproxy: fix CVE-2018-11469

author: Andreas Rammhold <andreas@rammhold.de> 2018-06-04 22:10:16 +0200
committer: Andreas Rammhold <andreas@rammhold.de> 2018-06-04 22:11:09 +0200
commit: ea8b37c1c849b9c953f4beadb84cb061d75de40d (patch)
tree: 15f228ae9ca8eb7646cda6f3e258a1c455983f9f /pkgs/tools/networking/haproxy/default.nix
parent: 6d03390d12dc5c2adb76028d736690eb8bfa5867 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/networking/haproxy/default.nix b/pkgs/tools/networking/haproxy/default.nix
index d327c109dc2c..e01b62b54f1c 100644
--- a/pkgs/tools/networking/haproxy/default.nix
+++ b/pkgs/tools/networking/haproxy/default.nix
@@ -1,6 +1,6 @@
 { useLua ? !stdenv.isDarwin
 , usePcre ? true
-, stdenv, fetchurl
+, stdenv, fetchurl, fetchpatch
 , openssl, zlib, lua5_3 ? null, pcre ? null
 }:
 
@@ -17,6 +17,14 @@ stdenv.mkDerivation rec {
     sha256 = "00miblgwll3mycsgmp3gd3cn4lwsagxzgjxk5i6csnyqgj97fss3";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-11469.patch";
+      url = "https://git.haproxy.org/?p=haproxy-1.8.git;a=patch;h=17514045e5d934dede62116216c1b016fe23dd06";
+      sha256 = "0hzcvghg8qz45n3mrcgsjgvrvicvbvm52cc4hs5jbk1yb50qvls7";
+    })
+  ];
+
   buildInputs = [ openssl zlib ]
     ++ stdenv.lib.optional useLua lua5_3
     ++ stdenv.lib.optional usePcre pcre;
author	Andreas Rammhold <andreas@rammhold.de>	2018-06-04 22:10:16 +0200
committer	Andreas Rammhold <andreas@rammhold.de>	2018-06-04 22:11:09 +0200
commit	ea8b37c1c849b9c953f4beadb84cb061d75de40d (patch)
tree	15f228ae9ca8eb7646cda6f3e258a1c455983f9f /pkgs/tools/networking/haproxy/default.nix
parent	6d03390d12dc5c2adb76028d736690eb8bfa5867 (diff)