From e15cab8e9c14af6a6f45a0027648deee39205620 Mon Sep 17 00:00:00 2001
From: Stig Palmquist <stig@stig.io>
Date: Sun, 9 Aug 2020 15:08:29 +0200
Subject: firejail: add patches to fix CVE-2020-17367 and CVE-2020-17368

---
 pkgs/os-specific/linux/firejail/default.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'pkgs/os-specific/linux/firejail')

diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix
index 8c7a109cb76..2104c52266a 100644
--- a/pkgs/os-specific/linux/firejail/default.nix
+++ b/pkgs/os-specific/linux/firejail/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, which}:
+{stdenv, fetchurl, fetchpatch, which}:
 let
   s = # Generated upstream information
   rec {
@@ -20,6 +20,19 @@ stdenv.mkDerivation {
     name = "${s.name}.tar.bz2";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2020-17367.patch";
+      url = "https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37.patch";
+      sha256 = "1gxz4jxp80gxnn46195qxcpmikwqab9d0ylj9zkm62lycp84ij6n";
+    })
+    (fetchpatch {
+      name = "CVE-2020-17368.patch";
+      url = "https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.patch";
+      sha256 = "0n4ch3qykxx870201l8lz81f7h84vk93pzz77f5cjbd30cxnbddl";
+    })
+  ];
+
   prePatch = ''
     # Allow whitelisting ~/.nix-profile
     substituteInPlace etc/firejail.config --replace \
-- 
cgit 1.4.1