summary refs log tree commit diff
path: root/pkgs/servers/x11
diff options
context:
space:
mode:
authorVladimír Čunát <v@cunat.cz>2021-12-14 19:09:51 +0100
committerVladimír Čunát <v@cunat.cz>2021-12-14 20:36:49 +0100
commit7101e3e5806329e8fbb511bd25e9bdce091b095b (patch)
treec3954790a16399854843caebfa18f959d5b5916f /pkgs/servers/x11
parent1bce73f8cd44604ecb937006e7c5f4de78d64d54 (diff)
downloadnixpkgs-7101e3e5806329e8fbb511bd25e9bdce091b095b.tar
nixpkgs-7101e3e5806329e8fbb511bd25e9bdce091b095b.tar.gz
nixpkgs-7101e3e5806329e8fbb511bd25e9bdce091b095b.tar.bz2
nixpkgs-7101e3e5806329e8fbb511bd25e9bdce091b095b.tar.lz
nixpkgs-7101e3e5806329e8fbb511bd25e9bdce091b095b.tar.xz
nixpkgs-7101e3e5806329e8fbb511bd25e9bdce091b095b.tar.zst
nixpkgs-7101e3e5806329e8fbb511bd25e9bdce091b095b.zip
xorg.xorgserver: apply CVE patches
Diffstat (limited to 'pkgs/servers/x11')
-rw-r--r--pkgs/servers/x11/xorg/overrides.nix19


1 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix
index 8a415c57a61..27a4da9622b 100644
--- a/pkgs/servers/x11/xorg/overrides.nix
+++ b/pkgs/servers/x11/xorg/overrides.nix
@@ -649,11 +649,30 @@ self: super:
         ];
         postInstall = ":"; # prevent infinite recursion
       });
+
+      fpgit = commit: sha256: name: fetchpatch (
+        {
+          url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/${commit}.diff";
+          inherit sha256;
+        } // lib.optionalAttrs (name != null) {
+            name = name + ".patch";
+          }
+      );
     in
       if (!isDarwin)
       then {
         outputs = [ "out" "dev" ];
         patches = [
+          # https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+          (fpgit "ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60"
+            "sNi16FqN4rS4s8j5+PUVeOQBasccCkB5KvywP7xl28M=" "CVE-2021-4008")
+          (fpgit "b5196750099ae6ae582e1f46bd0a6dad29550e02"
+            "5hgzQXBBaJfhSTa9hs8K2N1fQ6+Vp8TTkertmQhkw8Y=" "CVE-2021-4009")
+          (fpgit "6c4c53010772e3cb4cb8acd54950c8eec9c00d21"
+            "1gGG9RpjLMi7Emwh13/z5CN1+ISLsPL3hJXP5gQcNkE=" "CVE-2021-4010")
+          (fpgit "e56f61c79fc3cee26d83cda0f84ae56d5979f768"
+            "e1KgSXGwwI3GgcYeWaF3KHPmkE4tf9VTqvfTYqRpysY=" "CVE-2021-4011")
+
           # The build process tries to create the specified logdir when building.
           #
           # We set it to /var/log which can't be touched from inside the sandbox causing the build to hard-fail

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-17 05:31:10 +0000