trafficserver: 9.0.1 -> 9.0.2

Fixes CVE-2021-32566 and CVE-2021-32567.
3 years ago · d41e86c67f
parent 0168c6ff9f
commit d41e86c67f
2 changed files with 3 additions and 9 deletions
--- a/nixos/tests/trafficserver.nix
+++ b/nixos/tests/trafficserver.nix
@ -104,6 +104,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
    ats.wait_for_open_port(80)
    httpbin.wait_for_unit("httpbin")
    httpbin.wait_for_open_port(80)
+    client.wait_for_unit("network-online.target")

    with subtest("Traffic Server is running"):
        out = ats.succeed("traffic_ctl server status")
--- a/pkgs/servers/http/trafficserver/default.nix
+++ b/pkgs/servers/http/trafficserver/default.nix
@ -49,11 +49,11 @@

 stdenv.mkDerivation rec {
  pname = "trafficserver";
-  version = "9.0.1";
+  version = "9.0.2";

  src = fetchurl {
    url = "mirror://apache/trafficserver/trafficserver-${version}.tar.bz2";
-    sha256 = "1q164pvfmbqh3gzy3bqy96lwd0fdbhz78r06pd92p7rmkqwx005z";
+    sha256 = "0r05iqmnnjq259nsibncgfrfsr0l4h3hsafizvgfl9zgmrkm6izz";
  };

  patches = [
@ -63,13 +63,6 @@ stdenv.mkDerivation rec {
      url = "https://github.com/apache/trafficserver/commit/19d3af481cf74c91fbf713fc9d2f8b138ed5fbaf.diff";
      sha256 = "0z1ikgpp00rzrrcqh97931586yn9wbksgai9xlkcjd5cg8gq0150";
    })
-
-    # Fixes a bug in tspush which pushes incorrect contents to cache
-    # https://github.com/apache/trafficserver/pull/7696
-    (fetchpatch {
-      url = "https://github.com/apache/trafficserver/commit/b08215272872f452787915cd3a8e0b0ea0b88385.diff";
-      sha256 = "0axk8x1xvd8wvpgcxgyqqg7kgxyxwfgwmisq3xnk1da0cqv9cx9f";
-    })
  ];

  # NOTE: The upstream README indicates that flex is needed for some features,