BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

polkit: Patch unauthenticated file descriptor leak

Browse source 
https://gitlab.freedesktop.org/polkit/polkit/-/issues/170
https://www.openwall.com/lists/oss-security/2022/02/18/1

Fixes: CVE-2021-4115
This commit is contained in:
Martin Weinelt 2022-02-18 19:49:52 +01:00
parent 6d75bf658e
commit 08a80b7b00
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkgs/development/libraries/polkit/default.nix
View file

@ -65,6 +65,12 @@ stdenv.mkDerivation rec {
url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch";
sha256 = "162jkpg2myq0rb0s5k3nfr4pqwv9im13jf6vzj8p5l39nazg5i4s";
})
# File descriptor leak allows an unprivileged user to cause a crash (CVE-2021-4115)
(fetchpatch {
name = "CVE-2021-4115.patch";
url = "https://src.fedoraproject.org/rpms/polkit/raw/0a203bd46a1e2ec8cc4b3626840e2ea9d0d13a9a/f/CVE-2021-4115.patch";
sha256 = "sha256-BivHVVpYB4Ies1YbBDyKwUmNlqq2D1MpMipH9/dZM54=";
})
] ++ lib.optionals stdenv.hostPlatform.isMusl [
# Make netgroup support optional (musl does not have it)
# Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10