diff options
author | rnhmjoj <rnhmjoj@inventati.org> | 2023-07-20 13:26:33 +0200 |
---|---|---|
committer | rnhmjoj <rnhmjoj@inventati.org> | 2023-07-20 13:26:33 +0200 |
commit | f65d93f9f8dc60fa382919de9fe9869181920e30 (patch) | |
tree | 0d928ea8ac0ace996e1e4cbe318596c3bc0897b6 /pkgs/tools/networking/dnscrypt-wrapper/default.nix | |
parent | e1d36dfcb05be465aabc1530a9b8d43495faa9eb (diff) |
dnscrypt-wrapper: disable fortify3 hardening flag
This was enabled by default in db3e94c3 and breaks the key generation, specifically `dnscrypt-wrapper --gen-crypt-keypair` fails with: Generate crypt key pair... ok. Secret key stored in 2.dnscrypt-cert.server.key *** buffer overflow detected ***: terminated FAQ: 1. Is the buffer overflow real? Probably. 2. Is it maintained? Is upstream going to fix it? Not really. 3. Are you willing to investigate and patch it yourself? Nope.
Diffstat (limited to 'pkgs/tools/networking/dnscrypt-wrapper/default.nix')
-rw-r--r-- | pkgs/tools/networking/dnscrypt-wrapper/default.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkgs/tools/networking/dnscrypt-wrapper/default.nix b/pkgs/tools/networking/dnscrypt-wrapper/default.nix index ddec798a8467a..1e414b0521cdb 100644 --- a/pkgs/tools/networking/dnscrypt-wrapper/default.nix +++ b/pkgs/tools/networking/dnscrypt-wrapper/default.nix @@ -13,6 +13,9 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # causes `dnscrypt-wrapper --gen-provider-keypair` to crash + hardeningDisable = [ "fortify3" ]; + nativeBuildInputs = [ pkg-config autoreconfHook ]; buildInputs = [ libsodium libevent ]; |