diff options
author | Jörg Thalheim <joerg@higgsboson.tk> | 2017-01-19 14:48:00 +0100 |
---|---|---|
committer | Jörg Thalheim <joerg@higgsboson.tk> | 2017-01-19 15:10:18 +0100 |
commit | 4b9b1fa9456b0858244fc5ba36cfbc71944cad75 (patch) | |
tree | 2ac300f6f69a91d1ad7d1d8360d020fcc7e0285a /pkgs/os-specific/linux/util-linux | |
parent | f4f885243e6139edb196d00a9313f6ce5141e0de (diff) | |
download | nixpkgs-4b9b1fa9456b0858244fc5ba36cfbc71944cad75.tar nixpkgs-4b9b1fa9456b0858244fc5ba36cfbc71944cad75.tar.gz nixpkgs-4b9b1fa9456b0858244fc5ba36cfbc71944cad75.tar.bz2 nixpkgs-4b9b1fa9456b0858244fc5ba36cfbc71944cad75.tar.lz nixpkgs-4b9b1fa9456b0858244fc5ba36cfbc71944cad75.tar.xz nixpkgs-4b9b1fa9456b0858244fc5ba36cfbc71944cad75.tar.zst nixpkgs-4b9b1fa9456b0858244fc5ba36cfbc71944cad75.zip |
util-linux: remove seccomp sandbox for CVE-2016-2279
the patch for CVE-2016-2779 was reverted by upstream and was not adopted by any other downstream distributions. Upstream waits for a better fix in the kernel: https://www.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes
Diffstat (limited to 'pkgs/os-specific/linux/util-linux')
-rw-r--r-- | pkgs/os-specific/linux/util-linux/default.nix | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index f6e26f51cc8..a97ce920533 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,4 +1,5 @@ -{ lib, stdenv, fetchurl, pkgconfig, zlib, libseccomp, fetchpatch, autoreconfHook, ncurses ? null, perl ? null, pam, systemd, minimal ? false }: +{ lib, stdenv, fetchurl, pkgconfig, zlib, fetchpatch +, ncurses ? null, perl ? null, pam, systemd, minimal ? false }: stdenv.mkDerivation rec { name = "util-linux-${version}"; @@ -12,13 +13,7 @@ stdenv.mkDerivation rec { sha256 = "1rzrmdrz51p9sy7vlw5qmj8pmqazm7hgcch5yq242mkvrikyln9c"; }; - patches = [ - ./rtcwake-search-PATH-for-shutdown.patch - (fetchpatch { - name = "CVE-2016-2779.diff"; - url = https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2.patch; - sha256 = "0kmigkq4s1b1ijrq8vcg2a5cw4qnm065m7cb1jn1q1f4x99ycy60"; - })]; + patches = [ ./rtcwake-search-PATH-for-shutdown.patch ]; outputs = [ "bin" "dev" "out" "man" ]; @@ -54,11 +49,9 @@ stdenv.mkDerivation rec { makeFlags = "usrbin_execdir=$(bin)/bin usrsbin_execdir=$(bin)/sbin"; - # autoreconfHook is required for CVE-2016-2779 - nativeBuildInputs = [ pkgconfig autoreconfHook ]; - # libseccomp is required for CVE-2016-2779 + nativeBuildInputs = [ pkgconfig ]; buildInputs = - [ zlib pam libseccomp ] + [ zlib pam ] ++ lib.optional (ncurses != null) ncurses ++ lib.optional (systemd != null) systemd ++ lib.optional (perl != null) perl; |