Merge commit '6e3ee8957637a60f5072e33d78e05c0f65c54366'

Conflicts:
	nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix

1 files changed, 6 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/development/libraries/polkit/default.nix b/nixpkgs/pkgs/development/libraries/polkit/default.nix
index 3a3199cbd7a9..72907f7aedc8 100644
--- a/nixpkgs/pkgs/development/libraries/polkit/default.nix
+++ b/nixpkgs/pkgs/development/libraries/polkit/default.nix
@@ -65,6 +65,12 @@ stdenv.mkDerivation rec {
       url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch";
       sha256 = "162jkpg2myq0rb0s5k3nfr4pqwv9im13jf6vzj8p5l39nazg5i4s";
     })
+    # File descriptor leak allows an unprivileged user to cause a crash (CVE-2021-4115)
+    (fetchpatch {
+      name = "CVE-2021-4115.patch";
+      url = "https://src.fedoraproject.org/rpms/polkit/raw/0a203bd46a1e2ec8cc4b3626840e2ea9d0d13a9a/f/CVE-2021-4115.patch";
+      sha256 = "sha256-BivHVVpYB4Ies1YbBDyKwUmNlqq2D1MpMipH9/dZM54=";
+    })
   ] ++ lib.optionals stdenv.hostPlatform.isMusl [
     # Make netgroup support optional (musl does not have it)
     # Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10