diff options
author | Robert Scott <code@humanleg.org.uk> | 2024-04-13 18:59:44 +0100 |
---|---|---|
committer | Robert Scott <code@humanleg.org.uk> | 2024-04-13 18:59:44 +0100 |
commit | de9919537ef431ad1b1a6f277d43df3ebb71cbde (patch) | |
tree | d0e082be9df42880f063e39689045f6e101659f7 /pkgs/development | |
parent | 29386c74722ff5133ea94f8001063c6355e56688 (diff) |
mbedtls: add patch for CVE-2024-28755
Diffstat (limited to 'pkgs/development')
-rw-r--r-- | pkgs/development/libraries/mbedtls/3.nix | 10 | ||||
-rw-r--r-- | pkgs/development/libraries/mbedtls/generic.nix | 3 |
2 files changed, 12 insertions, 1 deletions
diff --git a/pkgs/development/libraries/mbedtls/3.nix b/pkgs/development/libraries/mbedtls/3.nix index 267349ac5d7be..abba77308a61c 100644 --- a/pkgs/development/libraries/mbedtls/3.nix +++ b/pkgs/development/libraries/mbedtls/3.nix @@ -1,6 +1,14 @@ -{ callPackage }: +{ callPackage, fetchpatch }: callPackage ./generic.nix { version = "3.5.2"; hash = "sha256-lVGmnSYccNmRS6vfF/fDiny5cYRPc/wJBpgciFLPUvM="; + + patches = [ + (fetchpatch { + name = "CVE-2024-28755.patch"; + url = "https://github.com/Mbed-TLS/mbedtls/commit/ad736991bb59211118a29fe115367c24495300c2.patch"; + hash = "sha256-MUnGT2ptlBikpZYL6+cvoF7fOiD2vMK4cbkgevgyl60="; + }) + ]; } diff --git a/pkgs/development/libraries/mbedtls/generic.nix b/pkgs/development/libraries/mbedtls/generic.nix index 2e79a593b7c31..045f59b269eda 100644 --- a/pkgs/development/libraries/mbedtls/generic.nix +++ b/pkgs/development/libraries/mbedtls/generic.nix @@ -3,6 +3,7 @@ , version , hash , fetchFromGitHub +, patches ? [] , cmake , ninja @@ -23,6 +24,8 @@ stdenv.mkDerivation rec { inherit hash; }; + inherit patches; + nativeBuildInputs = [ cmake ninja perl python3 ]; strictDeps = true; |