dnscrypt-wrapper: disable fortify3 hardening flag

This was enabled by default in db3e94c3 and breaks the key generation, specifically `dnscrypt-wrapper --gen-crypt-keypair` fails with: Generate crypt key pair... ok. Secret key stored in 2.dnscrypt-cert.server.key *** buffer overflow detected ***: terminated FAQ: 1. Is the buffer overflow real? Probably. 2. Is it maintained? Is upstream going to fix it? Not really. 3. Are you willing to investigate and patch it yourself? Nope.
author: rnhmjoj <rnhmjoj@inventati.org> 2023-07-20 13:26:33 +0200
committer: rnhmjoj <rnhmjoj@inventati.org> 2023-07-20 13:26:33 +0200
commit: f65d93f9f8dc60fa382919de9fe9869181920e30 (patch)
tree: 0d928ea8ac0ace996e1e4cbe318596c3bc0897b6 /pkgs/tools/networking/dnscrypt-wrapper/default.nix
parent: e1d36dfcb05be465aabc1530a9b8d43495faa9eb (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/pkgs/tools/networking/dnscrypt-wrapper/default.nix b/pkgs/tools/networking/dnscrypt-wrapper/default.nix
index ddec798a8467a..1e414b0521cdb 100644
--- a/pkgs/tools/networking/dnscrypt-wrapper/default.nix
+++ b/pkgs/tools/networking/dnscrypt-wrapper/default.nix
@@ -13,6 +13,9 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  # causes `dnscrypt-wrapper --gen-provider-keypair` to crash
+  hardeningDisable = [ "fortify3" ];
+
   nativeBuildInputs = [ pkg-config autoreconfHook ];
   buildInputs = [ libsodium libevent ];
author	rnhmjoj <rnhmjoj@inventati.org>	2023-07-20 13:26:33 +0200
committer	rnhmjoj <rnhmjoj@inventati.org>	2023-07-20 13:26:33 +0200
commit	f65d93f9f8dc60fa382919de9fe9869181920e30 (patch)
tree	0d928ea8ac0ace996e1e4cbe318596c3bc0897b6 /pkgs/tools/networking/dnscrypt-wrapper/default.nix
parent	e1d36dfcb05be465aabc1530a9b8d43495faa9eb (diff)