diff options
| author | Robert Scott <code@humanleg.org.uk> | 2019-11-23 00:51:15 +0000 |
|---|---|---|
| committer | Robert Scott <code@humanleg.org.uk> | 2019-11-23 00:51:15 +0000 |
| commit | f87585abfe832a3b6865ab4b749ae9080ccdc7af (patch) | |
| tree | 61817362b6e7b7b1be6357278cbba52eec9a9383 | |
| parent | 99e96faee364924a08b4c8b7121292b81020a239 (diff) | |
slurm: add patch addressing CVE-2019-12838
including a prerequisite patch to allow the actual fix to apply cleanly
| -rw-r--r-- | pkgs/servers/computing/slurm/default.nix | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/pkgs/servers/computing/slurm/default.nix b/pkgs/servers/computing/slurm/default.nix index 5ae985ca0488a..ba1b3423098eb 100644 --- a/pkgs/servers/computing/slurm/default.nix +++ b/pkgs/servers/computing/slurm/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, pkgconfig, libtool, curl +{ stdenv, fetchFromGitHub, fetchpatch, pkgconfig, libtool, curl , python, munge, perl, pam, openssl, zlib , ncurses, mysql, gtk2, lua, hwloc, numactl , readline, freeipmi, libssh2, xorg, lz4 @@ -22,6 +22,21 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; + patches = [ + (fetchpatch { + name = "CVE-2019-12838-prerequisite-1.patch"; + url = "https://github.com/SchedMD/slurm/commit/e8567e06be57190825bff737e5523c307da51530.patch"; + sha256 = "1sxllghnc8j5sh4md1lv3hdj3h3xag3ylqv3v00nhxfximgc74d6"; + excludes = [ "NEWS" ]; + }) + (fetchpatch { + name = "CVE-2019-12838.patch"; + url = "https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5.patch"; + sha256 = "017zskjr2yyphij61zws391znghmnh7r7zr21kjngqaixpjaark9"; + excludes = [ "NEWS" ]; + }) + ]; + prePatch = stdenv.lib.optional enableX11 '' substituteInPlace src/common/x11_util.c \ --replace '"/usr/bin/xauth"' '"${xorg.xauth}/bin/xauth"' |