|
|
|
@ -1,4 +1,4 @@ |
|
|
|
|
{ stdenv, lib, fetchFromGitHub, go-md2man |
|
|
|
|
{ stdenv, lib, fetchFromGitHub, fetchpatch, go-md2man |
|
|
|
|
, go, pkgconfig, libapparmor, apparmor-parser, libseccomp }: |
|
|
|
|
|
|
|
|
|
with lib; |
|
|
|
@ -14,6 +14,21 @@ stdenv.mkDerivation rec { |
|
|
|
|
sha256 = "06bxc4g3frh4i1lkzvwdcwmzmr0i52rz4a4pij39s15zaigm79wk"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
patches = [ |
|
|
|
|
# Two patches to fix CVE-2016-9962 |
|
|
|
|
# From https://bugzilla.suse.com/show_bug.cgi?id=1012568 |
|
|
|
|
(fetchpatch { |
|
|
|
|
name = "0001-libcontainer-nsenter-set-init-processes-as-non-dumpa.patch"; |
|
|
|
|
url = "https://bugzilla.suse.com/attachment.cgi?id=709048&action=diff&context=patch&collapsed=&headers=1&format=raw"; |
|
|
|
|
sha256 = "1cfsmsyhc45a2929825mdaql0mrhhbrgdm54ly0957j2f46072ck"; |
|
|
|
|
}) |
|
|
|
|
(fetchpatch { |
|
|
|
|
name = "0002-libcontainer-init-only-pass-stateDirFd-when-creating.patch"; |
|
|
|
|
url = "https://bugzilla.suse.com/attachment.cgi?id=709049&action=diff&context=patch&collapsed=&headers=1&format=raw"; |
|
|
|
|
sha256 = "1ykwg1mbvsxsnsrk9a8i4iadma1g0rgdmaj19dvif457hsnn31wl"; |
|
|
|
|
}) |
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
outputs = [ "out" "man" ]; |
|
|
|
|
|
|
|
|
|
hardeningDisable = ["fortify"]; |
|
|
|
|