diff options
author | Stig <stig@stig.io> | 2022-06-09 00:20:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-09 00:20:12 +0200 |
commit | 942c1d820c93d5ca3163f1620cc34d10fe8c4e85 (patch) | |
tree | 08c587f02d32d2334e37be14a402a293785f1455 /pkgs | |
parent | 3a5d3c73c78cb63df07fce947a2fe5e6058069a3 (diff) | |
parent | b31db15de008f0a8f5f62c5e477c69165d8458a1 (diff) |
Merge pull request #176907 from stigtsp/firejail-CVE-2022-31214
firejail: patches for CVE-2022-31214
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/os-specific/linux/firejail/default.nix | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index bbb3a1daab698..a8188caf18be9 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -53,6 +53,29 @@ stdenv.mkDerivation rec { # Upstream fix: https://github.com/netblue30/firejail/pull/5132 # Hopefully fixed upstream in version > 0.9.68 ./fix-opengl-support.patch + + # Fix CVE-2022-31214 by patching in 4 commits from upstream + # https://seclists.org/oss-sec/2022/q2/188 + (fetchpatch { + name = "CVE-2022-31214-patch1"; # "fixing CVE-2022-31214" + url = "https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50.patch"; + sha256 = "sha256-XXmnYCn4TPUvU43HifZDk4tEZQvOho9/7ehU6889nN4="; + }) + (fetchpatch { + name = "CVE-2022-31214-patch2"; # "shutdown testing" + url = "https://github.com/netblue30/firejail/commit/04ff0edf74395ddcbbcec955279c74ed9a6c0f86.patch"; + sha256 = "sha256-PV73hRlvYEQihuljSCQMNO34KJ0hDVFexhirpHcTK1I="; + }) + (fetchpatch { + name = "CVE-2022-31214-patch3"; # "CVE-2022-31214: fixing the fix" + url = "https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7.patch"; + sha256 = "sha256-6plBIliW/nLKR7TdGeB88eQ65JHEasnaRsP3HPXAFyA="; + }) + (fetchpatch { + name = "CVE-2022-31214-patch4"; # "CVE-2022-31214: fixing the fix, one more time " + url = "https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54.patch"; + sha256 = "sha256-inkpcdC5rl5w+CTAwwQVBOELlHTXb8UGlpU+8kMY95s="; + }) ]; prePatch = '' |