diff options
| author | c0bw3b <c0bw3b@users.noreply.github.com> | 2018-12-07 19:35:43 +0100 |
|---|---|---|
| committer | c0bw3b <c0bw3b@users.noreply.github.com> | 2018-12-07 19:35:43 +0100 |
| commit | a14af16cfc8307e560ed6de573f81888d8424aad (patch) | |
| tree | 3b9f63b98b6f42f6e2cd3cd68a93687603c6fe3e /pkgs/development | |
| parent | 747aa4cc93252dd668d62aa9cbbb27eeb50fc5c6 (diff) | |
| download | nixlib-a14af16cfc8307e560ed6de573f81888d8424aad.tar nixlib-a14af16cfc8307e560ed6de573f81888d8424aad.tar.gz nixlib-a14af16cfc8307e560ed6de573f81888d8424aad.tar.bz2 nixlib-a14af16cfc8307e560ed6de573f81888d8424aad.tar.lz nixlib-a14af16cfc8307e560ed6de573f81888d8424aad.tar.xz nixlib-a14af16cfc8307e560ed6de573f81888d8424aad.tar.zst nixlib-a14af16cfc8307e560ed6de573f81888d8424aad.zip | |
polkit: add patch for CVE-2018-19788
unprivileged users with UID > INT_MAX can successfully execute any systemctl command Original issue: https://gitlab.freedesktop.org/polkit/polkit/issues/74
Diffstat (limited to 'pkgs/development')
| -rw-r--r-- | pkgs/development/libraries/polkit/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index 625e0d3e1041..8093aec6bcc6 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -20,6 +20,14 @@ stdenv.mkDerivation rec { sha256 = "0c91y61y4gy6p91cwbzg32dhavw4b7fflg370rimqhdxpzdfr1rg"; }; + patches = [ + # CVE-2018-19788 - high UID fixup + (fetchpatch { + url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5230646dc6876ef6e27f57926b1bad348f636147.patch"; + name = "CVE-2018-19788.patch"; + sha256 = "1y3az4mlxx8k1zcss5qm7k102s7k1kqgcfnf11j9678fh7p008vp"; + }) + ]; postPatch = stdenv.lib.optionalString stdenv.isDarwin '' sed -i -e "s/-Wl,--as-needed//" configure.ac |