From a52bf037d8f53684de1ebc9505d8940437e810bf Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 5 May 2022 13:06:14 +0200 Subject: [PATCH 1/2] dpdk: 21.11 -> 22.03 https://doc.dpdk.org/guides/rel_notes/release_22_03.html https://www.openwall.com/lists/oss-security/2022/05/05/1 https://www.openwall.com/lists/oss-security/2022/05/05/2 Fixes: CVE-2021-3839, CVE-2022-0669 --- pkgs/os-specific/linux/dpdk/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/dpdk/default.nix b/pkgs/os-specific/linux/dpdk/default.nix index 1e4f50e42df..2f06401d49a 100644 --- a/pkgs/os-specific/linux/dpdk/default.nix +++ b/pkgs/os-specific/linux/dpdk/default.nix @@ -9,14 +9,14 @@ let mod = kernel != null; - dpdkVersion = "21.11"; + dpdkVersion = "22.03"; in stdenv.mkDerivation rec { pname = "dpdk"; version = "${dpdkVersion}" + lib.optionalString mod "-${kernel.version}"; src = fetchurl { url = "https://fast.dpdk.org/rel/dpdk-${dpdkVersion}.tar.xz"; - sha256 = "sha256-Mkbj7WjuKzaaXYviwGzxCKZp4Vf01Bxby7sha/Wr06E="; + sha256 = "sha256-st5fCLzVcz+Q1NfmwDJRWQja2PyNJnrGolNELZuDp8U="; }; nativeBuildInputs = [ From 6eba03800ef47d9011d39a72a26ad0853fcacb05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 10 May 2022 08:11:21 +0200 Subject: [PATCH 2/2] spdk: build against old dpdk 21.11 --- pkgs/development/libraries/spdk/default.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/spdk/default.nix b/pkgs/development/libraries/spdk/default.nix index e4884b85b4a..23464990d86 100644 --- a/pkgs/development/libraries/spdk/default.nix +++ b/pkgs/development/libraries/spdk/default.nix @@ -10,9 +10,19 @@ , libuuid , numactl , openssl +, fetchurl }: -stdenv.mkDerivation rec { +let + # The old version has some CVEs howver they should not affect SPDK's usage of the framework: https://github.com/NixOS/nixpkgs/pull/171648#issuecomment-1121964568 + dpdk' = dpdk.overrideAttrs (old: rec { + name = "dpdk-21.11"; + src = fetchurl { + url = "https://fast.dpdk.org/rel/${name}.tar.xz"; + sha256 = "sha256-Mkbj7WjuKzaaXYviwGzxCKZp4Vf01Bxby7sha/Wr06E="; + }; + }); +in stdenv.mkDerivation rec { pname = "spdk"; version = "21.10"; @@ -40,7 +50,7 @@ stdenv.mkDerivation rec { ]; buildInputs = [ - cunit dpdk libaio libbsd libuuid numactl openssl ncurses + cunit dpdk' libaio libbsd libuuid numactl openssl ncurses ]; postPatch = '' @@ -49,7 +59,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - configureFlags = [ "--with-dpdk=${dpdk}" ]; + configureFlags = [ "--with-dpdk=${dpdk'}" ]; NIX_CFLAGS_COMPILE = "-mssse3"; # Necessary to compile. # otherwise does not find strncpy when compiling