diff options
| author | Stig Palmquist <stig@stig.io> | 2020-08-09 15:08:29 +0200 |
|---|---|---|
| committer | Stig Palmquist <stig@stig.io> | 2020-08-09 15:08:29 +0200 |
| commit | e15cab8e9c14af6a6f45a0027648deee39205620 (patch) | |
| tree | d4f68785b28c51eea00dc5c7c4eaacb4f38d655e /pkgs/os-specific/linux/firejail | |
| parent | 3735c9ef908eceaf348215c7669870945eb3262a (diff) | |
| download | nixpkgs-e15cab8e9c14af6a6f45a0027648deee39205620.tar nixpkgs-e15cab8e9c14af6a6f45a0027648deee39205620.tar.gz nixpkgs-e15cab8e9c14af6a6f45a0027648deee39205620.tar.bz2 nixpkgs-e15cab8e9c14af6a6f45a0027648deee39205620.tar.lz nixpkgs-e15cab8e9c14af6a6f45a0027648deee39205620.tar.xz nixpkgs-e15cab8e9c14af6a6f45a0027648deee39205620.tar.zst nixpkgs-e15cab8e9c14af6a6f45a0027648deee39205620.zip | |
firejail: add patches to fix CVE-2020-17367 and CVE-2020-17368
Diffstat (limited to 'pkgs/os-specific/linux/firejail')
| -rw-r--r-- | pkgs/os-specific/linux/firejail/default.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index 8c7a109cb76..2104c52266a 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, which}: +{stdenv, fetchurl, fetchpatch, which}: let s = # Generated upstream information rec { @@ -20,6 +20,19 @@ stdenv.mkDerivation { name = "${s.name}.tar.bz2"; }; + patches = [ + (fetchpatch { + name = "CVE-2020-17367.patch"; + url = "https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37.patch"; + sha256 = "1gxz4jxp80gxnn46195qxcpmikwqab9d0ylj9zkm62lycp84ij6n"; + }) + (fetchpatch { + name = "CVE-2020-17368.patch"; + url = "https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.patch"; + sha256 = "0n4ch3qykxx870201l8lz81f7h84vk93pzz77f5cjbd30cxnbddl"; + }) + ]; + prePatch = '' # Allow whitelisting ~/.nix-profile substituteInPlace etc/firejail.config --replace \ |