diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-03-28 16:10:40 +0200 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-03-28 16:10:40 +0200 |
commit | 657fc6d5d8b6cf4aa11b8647878e395ce7dc0b0a (patch) | |
tree | b7d4151cfa363e7c407336121e9eb41b674c8112 | |
parent | 4ecbe233957a028441267760f9522952a8aea260 (diff) |
powerdns: apply patch for ixfr validation issue
The PowerDNS version we ship on release-21.11 went EOL in january, so
there are no explicit patches for 4.3.1, however the patches for 4.4.2
apply cleanly and the tests are still passing.
https://blog.powerdns.com/2022/03/25/security-advisory-2022-01-for-powerdns-authoritative-server-4-4-2-4-5-3-4-6-0-and-powerdns-recursor-4-4-7-4-5-7-4-6-0/
Fixes: CVE-2022-27227
-rw-r--r-- | pkgs/servers/dns/powerdns/default.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/servers/dns/powerdns/default.nix b/pkgs/servers/dns/powerdns/default.nix index cc7bb3317fd4..6a6b80bcd6c4 100644 --- a/pkgs/servers/dns/powerdns/default.nix +++ b/pkgs/servers/dns/powerdns/default.nix @@ -18,6 +18,12 @@ stdenv.mkDerivation rec { url = "https://github.com/PowerDNS/pdns/commit/05c9dd77b28.diff"; sha256 = "1m9szbi02h9kcabgw3kb8k9qrb54d34z0qzizrlfiw3hxs6c2zql"; }) + (fetchurl { + # Fixes incomplete validation of incoming IXFR transfers + name = "CVE-2022-27227.patch"; + url = "https://downloads.powerdns.com/patches/2022-01/pdns-4.4.2-xfr.patch"; + hash = "sha256-WFycHFmDX6MvbOS9WDv+wx0rog7xkSGe/sxSVMWREOA="; + }) ]; nativeBuildInputs = [ pkg-config ]; |