about summary refs log tree commit diff
path: root/nixpkgs/pkgs/os-specific/linux/bluez/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/bluez/default.nix')
-rw-r--r--nixpkgs/pkgs/os-specific/linux/bluez/default.nix16
1 files changed, 14 insertions, 2 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix
index a917175b90ce..be43d23d6115 100644
--- a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, pkgconfig, dbus, glib, alsaLib,
-  python3, readline, udev, libical, systemd,
+  python3, readline, udev, libical, systemd, fetchpatch,
   enableWiimote ? false, enableMidi ? false, enableSixaxis ? false }:
 
 stdenv.mkDerivation rec {
@@ -23,7 +23,19 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "dev" "test" ];
 
-  patches = [ ./bluez-5.37-obexd_without_systemd-1.patch ];
+  patches = [
+    ./bluez-5.37-obexd_without_systemd-1.patch
+    (fetchpatch {
+      url = "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=1880b299086659844889cdaf687133aca5eaf102";
+      name = "CVE-2018-10910-1.patch";
+      sha256 = "17spsxza27gif8jpxk7360ynvwii1llfdfwg35rwywjjmvww0qj4";
+    })
+    (fetchpatch {
+      url = "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=9213ff7642a33aa481e3c61989ad60f7985b9984";
+      name = "CVE-2018-10910-2.patch";
+      sha256 = "0j7klbhym64yhn86dbsmybqmwx47bviyyhx931izl1p29z2mg8hn";
+    })
+  ];
 
   postConfigure = ''
     substituteInPlace tools/hid2hci.rules \
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-17 20:40:18 +0000