Merge pull request #73078 from risicle/ris-varnish-CVE-2019-15892-r19.03

[r19.03] varnish6: add patch for CVE-2019-15892
author: Silvan Mosberger <contact@infinisil.com> 2019-11-08 23:59:51 +0100
committer: GitHub <noreply@github.com> 2019-11-08 23:59:51 +0100
commit: 675884ffb1d9caafcc8ef88523d9e4d5e5c654d7 (patch)
tree: 197d6a30f4c99a4b03e83c4e5a87a2c2ce5e54f7
parent: 78e1f59812b144fa1a28d4d3b70ff7667519f3ae (diff)
parent: b795babe296aa7dbaf65828c47546cd0aad2842b (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/pkgs/servers/varnish/default.nix b/pkgs/servers/varnish/default.nix
index e447035e32aa4..50b2b76fd13ec 100644
--- a/pkgs/servers/varnish/default.nix
+++ b/pkgs/servers/varnish/default.nix
@@ -1,9 +1,10 @@
-{ stdenv, fetchurl, pcre, libxslt, groff, ncurses, pkgconfig, readline, libedit
+{ stdenv, fetchurl, fetchpatch, pcre, libxslt, groff, ncurses, pkgconfig, readline, libedit
 , python2, makeWrapper }:
 
 let
-  common = { version, sha256, extraBuildInputs ? [] }:
+  common = { version, sha256, extraBuildInputs ? [], patches ? null }:
     stdenv.mkDerivation rec {
+      inherit patches;
       name = "varnish-${version}";
 
       src = fetchurl {
@@ -50,5 +51,11 @@ in
     version = "6.1.1";
     sha256 = "0gf9hzzrr1lndbbqi8cwlfasi7l517cy3nbgna88i78lm247rvp0";
     extraBuildInputs = [ python2.pkgs.sphinx ];
+    patches = [
+      (fetchpatch {
+        url = "https://sources.debian.org/data/main/v/varnish/6.1.1-1+deb10u1/debian/patches/CVE-2019-15892.patch";
+        sha256 = "03jlflgry4j9f34kxni64j6583jqr828zgy68ywdmglpxkgpyma7";
+      })
+    ];
   };
 }
author	Silvan Mosberger <contact@infinisil.com>	2019-11-08 23:59:51 +0100
committer	GitHub <noreply@github.com>	2019-11-08 23:59:51 +0100
commit	675884ffb1d9caafcc8ef88523d9e4d5e5c654d7 (patch)
tree	197d6a30f4c99a4b03e83c4e5a87a2c2ce5e54f7
parent	78e1f59812b144fa1a28d4d3b70ff7667519f3ae (diff)
parent	b795babe296aa7dbaf65828c47546cd0aad2842b (diff)