Merge #150742: xorg.xorgserver: apply CVE patches

author: Vladimír Čunát <v@cunat.cz> 2021-12-14 23:02:34 +0100
committer: Vladimír Čunát <v@cunat.cz> 2021-12-14 23:02:34 +0100
commit: e55d12da43e6375941e557060a16f58dfcc07a22 (patch)
tree: 445133a6fd4c72e9d78995ef04f450014f2f07bf /pkgs/servers
parent: 3a69a7eaaa100fd042cd678e0d22266543b028b7 (diff)
parent: 7101e3e5806329e8fbb511bd25e9bdce091b095b (diff)
download: nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar
nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.gz
nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.bz2
nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.lz
nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.xz
nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.zst
nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix
index 8a415c57a61..27a4da9622b 100644
--- a/pkgs/servers/x11/xorg/overrides.nix
+++ b/pkgs/servers/x11/xorg/overrides.nix
@@ -649,11 +649,30 @@ self: super:
         ];
         postInstall = ":"; # prevent infinite recursion
       });
+
+      fpgit = commit: sha256: name: fetchpatch (
+        {
+          url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/${commit}.diff";
+          inherit sha256;
+        } // lib.optionalAttrs (name != null) {
+            name = name + ".patch";
+          }
+      );
     in
       if (!isDarwin)
       then {
         outputs = [ "out" "dev" ];
         patches = [
+          # https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+          (fpgit "ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60"
+            "sNi16FqN4rS4s8j5+PUVeOQBasccCkB5KvywP7xl28M=" "CVE-2021-4008")
+          (fpgit "b5196750099ae6ae582e1f46bd0a6dad29550e02"
+            "5hgzQXBBaJfhSTa9hs8K2N1fQ6+Vp8TTkertmQhkw8Y=" "CVE-2021-4009")
+          (fpgit "6c4c53010772e3cb4cb8acd54950c8eec9c00d21"
+            "1gGG9RpjLMi7Emwh13/z5CN1+ISLsPL3hJXP5gQcNkE=" "CVE-2021-4010")
+          (fpgit "e56f61c79fc3cee26d83cda0f84ae56d5979f768"
+            "e1KgSXGwwI3GgcYeWaF3KHPmkE4tf9VTqvfTYqRpysY=" "CVE-2021-4011")
+
           # The build process tries to create the specified logdir when building.
           #
           # We set it to /var/log which can't be touched from inside the sandbox causing the build to hard-fail
author	Vladimír Čunát <v@cunat.cz>	2021-12-14 23:02:34 +0100
committer	Vladimír Čunát <v@cunat.cz>	2021-12-14 23:02:34 +0100
commit	e55d12da43e6375941e557060a16f58dfcc07a22 (patch)
tree	445133a6fd4c72e9d78995ef04f450014f2f07bf /pkgs/servers
parent	3a69a7eaaa100fd042cd678e0d22266543b028b7 (diff)
parent	7101e3e5806329e8fbb511bd25e9bdce091b095b (diff)
download	nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.gz nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.bz2 nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.lz nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.xz nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.tar.zst nixpkgs-e55d12da43e6375941e557060a16f58dfcc07a22.zip