From e0b850147d10564308d7f49850ecbf7168afa7e7 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Wed, 7 Dec 2016 19:29:06 -0500 Subject: [PATCH] openafs: 1.6.17 -> 1.6.20 for CVE-2016-9772 From release notes: OPENAFS-SA-2016-003: file and directory names leak due to reuse of directory objects without zeroing the contents (12461 12462 12463 12464 12465) --- pkgs/servers/openafs-client/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix index 52a7941d0932..6383ce12bc1d 100644 --- a/pkgs/servers/openafs-client/default.nix +++ b/pkgs/servers/openafs-client/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "openafs-${version}-${kernel.version}"; - version = "1.6.17"; + version = "1.6.20"; src = fetchurl { url = "http://www.openafs.org/dl/openafs/${version}/openafs-${version}-src.tar.bz2"; - sha256 = "16532f4951piv1g2i539233868xfs1damrnxql61gjgxpwnklhcn"; + sha256 = "0qar94k9x9dkws4clrnlw789q1ha9qjk06356s86hh78qwywc1ki"; }; nativeBuildInputs = [ autoconf automake flex yacc perl which ];