diff options
author | worldofpeace <worldofpeace@protonmail.ch> | 2019-06-18 19:45:23 -0400 |
---|---|---|
committer | worldofpeace <worldofpeace@protonmail.ch> | 2019-06-18 19:48:47 -0400 |
commit | 02ea0d3959ba5a8f2108d3bc8f5a57635d758713 (patch) | |
tree | a071fa5c35fcb0fd0614867e41a63bd00d0fa0b6 /pkgs/development/libraries/gvfs | |
parent | 6fa7263c1e4db953bc496d234acb8c7746586d94 (diff) | |
download | nixpkgs-02ea0d3959ba5a8f2108d3bc8f5a57635d758713.tar nixpkgs-02ea0d3959ba5a8f2108d3bc8f5a57635d758713.tar.gz nixpkgs-02ea0d3959ba5a8f2108d3bc8f5a57635d758713.tar.bz2 nixpkgs-02ea0d3959ba5a8f2108d3bc8f5a57635d758713.tar.lz nixpkgs-02ea0d3959ba5a8f2108d3bc8f5a57635d758713.tar.xz nixpkgs-02ea0d3959ba5a8f2108d3bc8f5a57635d758713.tar.zst nixpkgs-02ea0d3959ba5a8f2108d3bc8f5a57635d758713.zip |
gvfs: fix CVE-2019-1244{7.8.9}
This is a version of #63481 for master. CVE-2019-12447: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. CVE-2019-12448: daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. CVE-2019-12449: daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. Upstream MR: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/48
Diffstat (limited to 'pkgs/development/libraries/gvfs')
-rw-r--r-- | pkgs/development/libraries/gvfs/default.nix | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/pkgs/development/libraries/gvfs/default.nix b/pkgs/development/libraries/gvfs/default.nix index d9163c97cb7..a238efb4bdb 100644 --- a/pkgs/development/libraries/gvfs/default.nix +++ b/pkgs/development/libraries/gvfs/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, meson, ninja, pkgconfig, gettext, gnome3, dbus -, glib, libgudev, udisks2, libgcrypt, libcap, polkit +, glib, libgudev, udisks2, libgcrypt, libcap, polkit, fetchpatch , libgphoto2, avahi, libarchive, fuse, libcdio , libxml2, libxslt, docbook_xsl, docbook_xml_dtd_42, samba, libmtp , gnomeSupport ? false, gnome, gcr, wrapGAppsHook @@ -18,6 +18,28 @@ in stdenv.mkDerivation rec { sha256 = "1cfnzamr4mvgpf6yhm28lh9cafy9z6842s8jpbqnfizfxybg8ylj"; }; + patches = [ + # CVE-2019-12448 + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gvfs/commit/464bbc7e4e7fdfc3cb426557562038408b6108c5.patch"; + sha256 = "03fwlpj1vbi80661bbhzv8ddx3czkzv9i1q4h3gqyxi5f1i0xfz4"; + }) + # CVE-2019-12447 + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gvfs/commit/cf2f9c4020bbdd895485244b70e9442a80062cbe.patch"; + sha256 = "1p7c48nsx1lkv2qpkyrsm9qfa77xwd28gczwcpv2kbji3ws5qgj5"; + }) + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gvfs/commit/64156459a366d64ab19187455016929b1026189a.patch"; + sha256 = "0zxbhmgqxxw987ag8fh6yjzjn9jl55fqbn814jh9kwrk7x4prx9x"; + }) + # CVE-2019-12449 + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gvfs/commit/ec939a01c278d1aaa47153f51b5c5f0887738dd9.patch"; + sha256 = "0hfybfaz2gfx3yyw5ymx6q0pqwkx2r1i7gzprfp80bplwslq0d4h"; + }) + ]; + postPatch = '' # patchShebangs requires executable file chmod +x meson_post_install.py |