BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #95015 from stigtsp/package/firejail-fix-CVE-2020-17368-CVE-2020-17367

Browse source 
firejail: add patches to fix CVE-2020-17367 and CVE-2020-17368
This commit is contained in:
Michael Raskin 2020-08-10 04:28:47 +00:00 committed by GitHub
commit 3a9145523a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkgs/os-specific/linux/firejail/default.nix
View file

@ -1,4 +1,4 @@
{stdenv, fetchurl, which}: {stdenv, fetchurl, fetchpatch, which}:
let let
s = # Generated upstream information s = # Generated upstream information
rec { rec {
@ -20,6 +20,19 @@ stdenv.mkDerivation {
name = "${s.name}.tar.bz2"; name = "${s.name}.tar.bz2";
}; };
patches = [
(fetchpatch {
name = "CVE-2020-17367.patch";
url = "https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37.patch";
sha256 = "1gxz4jxp80gxnn46195qxcpmikwqab9d0ylj9zkm62lycp84ij6n";
})
(fetchpatch {
name = "CVE-2020-17368.patch";
url = "https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.patch";
sha256 = "0n4ch3qykxx870201l8lz81f7h84vk93pzz77f5cjbd30cxnbddl";
})
];
prePatch = '' prePatch = ''
# Allow whitelisting ~/.nix-profile # Allow whitelisting ~/.nix-profile
substituteInPlace etc/firejail.config --replace \ substituteInPlace etc/firejail.config --replace \