firejail: add patches to fix CVE-2020-17367 and CVE-2020-17368

This commit is contained in:
Stig Palmquist 2020-08-09 15:08:29 +02:00
parent 3735c9ef90
commit e15cab8e9c
No known key found for this signature in database
GPG key ID: DA4C335C11D70DA7

View file

@ -1,4 +1,4 @@
{stdenv, fetchurl, which}:
{stdenv, fetchurl, fetchpatch, which}:
let
s = # Generated upstream information
rec {
@ -20,6 +20,19 @@ stdenv.mkDerivation {
name = "${s.name}.tar.bz2";
};
patches = [
(fetchpatch {
name = "CVE-2020-17367.patch";
url = "https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37.patch";
sha256 = "1gxz4jxp80gxnn46195qxcpmikwqab9d0ylj9zkm62lycp84ij6n";
})
(fetchpatch {
name = "CVE-2020-17368.patch";
url = "https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.patch";
sha256 = "0n4ch3qykxx870201l8lz81f7h84vk93pzz77f5cjbd30cxnbddl";
})
];
prePatch = ''
# Allow whitelisting ~/.nix-profile
substituteInPlace etc/firejail.config --replace \