diff options
author | Graham Christensen <graham@grahamc.com> | 2017-02-08 22:11:25 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-02-08 22:12:10 -0500 |
commit | 19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa (patch) | |
tree | f901d7ec63d65d6c3bab584119cb51bc2e6674b3 /pkgs | |
parent | e74ec9d84f56d33a62fdbc160cd9f3fefdbb580b (diff) | |
download | nixlib-19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa.tar nixlib-19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa.tar.gz nixlib-19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa.tar.bz2 nixlib-19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa.tar.lz nixlib-19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa.tar.xz nixlib-19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa.tar.zst nixlib-19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa.zip |
ntfs3g: patch for CVE-2017-0358
From the Debian advisory: Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/tools/filesystems/ntfs-3g/default.nix | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/pkgs/tools/filesystems/ntfs-3g/default.nix b/pkgs/tools/filesystems/ntfs-3g/default.nix index d5c5456515cb..01d9b81d0389 100644 --- a/pkgs/tools/filesystems/ntfs-3g/default.nix +++ b/pkgs/tools/filesystems/ntfs-3g/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, utillinux, libuuid +{stdenv, fetchurl, fetchpatch, utillinux, libuuid , crypto ? false, libgcrypt, gnutls, pkgconfig}: stdenv.mkDerivation rec { @@ -14,6 +14,13 @@ stdenv.mkDerivation rec { sha256 = "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp"; }; + patches = [ + (fetchpatch { + url = "https://sources.debian.net/data/main/n/ntfs-3g/1:2016.2.22AR.1-4/debian/patches/0003-CVE-2017-0358.patch"; + sha256 = "0hd05q9q06r18k8pmppvch1sslzqln5fvqj51d5r72g4mnpavpj3"; + }) + ]; + patchPhase = '' substituteInPlace src/Makefile.in --replace /sbin '@sbindir@' substituteInPlace ntfsprogs/Makefile.in --replace /sbin '@sbindir@' @@ -45,4 +52,3 @@ stdenv.mkDerivation rec { license = licenses.gpl2Plus; # and (lib)fuse-lite under LGPL2+ }; } - |