diff options
author | Vladimír Čunát <v@cunat.cz> | 2021-12-14 19:09:51 +0100 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2021-12-14 20:36:49 +0100 |
commit | 7101e3e5806329e8fbb511bd25e9bdce091b095b (patch) | |
tree | c3954790a16399854843caebfa18f959d5b5916f /pkgs/servers/x11 | |
parent | 1bce73f8cd44604ecb937006e7c5f4de78d64d54 (diff) |
xorg.xorgserver: apply CVE patches
Diffstat (limited to 'pkgs/servers/x11')
-rw-r--r-- | pkgs/servers/x11/xorg/overrides.nix | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index 8a415c57a61ff..27a4da9622bff 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -649,11 +649,30 @@ self: super: ]; postInstall = ":"; # prevent infinite recursion }); + + fpgit = commit: sha256: name: fetchpatch ( + { + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/${commit}.diff"; + inherit sha256; + } // lib.optionalAttrs (name != null) { + name = name + ".patch"; + } + ); in if (!isDarwin) then { outputs = [ "out" "dev" ]; patches = [ + # https://lists.x.org/archives/xorg-announce/2021-December/003122.html + (fpgit "ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60" + "sNi16FqN4rS4s8j5+PUVeOQBasccCkB5KvywP7xl28M=" "CVE-2021-4008") + (fpgit "b5196750099ae6ae582e1f46bd0a6dad29550e02" + "5hgzQXBBaJfhSTa9hs8K2N1fQ6+Vp8TTkertmQhkw8Y=" "CVE-2021-4009") + (fpgit "6c4c53010772e3cb4cb8acd54950c8eec9c00d21" + "1gGG9RpjLMi7Emwh13/z5CN1+ISLsPL3hJXP5gQcNkE=" "CVE-2021-4010") + (fpgit "e56f61c79fc3cee26d83cda0f84ae56d5979f768" + "e1KgSXGwwI3GgcYeWaF3KHPmkE4tf9VTqvfTYqRpysY=" "CVE-2021-4011") + # The build process tries to create the specified logdir when building. # # We set it to /var/log which can't be touched from inside the sandbox causing the build to hard-fail |