diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-06-03 21:28:49 +0200 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2021-06-04 00:36:44 +0000 |
| commit | 715c85757b1c87a87744f1b514d1051d89b07a2a (patch) | |
| tree | 371a425e05c5c599c4ad318b2572ffe4f8a3fa5c | |
| parent | Merge pull request #125582 from NixOS/backport-125576-to-release-21.05 (diff) | |
| download | nixpkgs-715c85757b1c87a87744f1b514d1051d89b07a2a.tar.gz | |
polkit: Fix local privilege escalation vulnerability
Fixes a local privilege escalation using polkit_system_bus_name_get_creds_sync()
Fixes: CVE-2021-3560
(cherry picked from commit 26ac1d5db953292d78f0585dd8baccd9a36a44a4)
| -rw-r--r-- | pkgs/development/libraries/polkit/default.nix | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index 7f0ad5acdceb..bc7f7e80d9c2 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -34,6 +34,13 @@ stdenv.mkDerivation rec { url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5dd4e22efd05d55833c4634b56e473812b5acbf2.patch"; sha256 = "17lv7xj5ksa27iv4zpm4zwd4iy8zbwjj4ximslfq3sasiz9kxhlp"; }) + (fetchpatch { + # https://www.openwall.com/lists/oss-security/2021/06/03/1 + # https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/79 + name = "CVE-2021-3560.patch"; + url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81.patch"; + sha256 = "157ddsizgr290jsb8fpafrc37gc1qw5pdvl351vnn3pzhqs7n6f4"; + }) ] ++ lib.optionals stdenv.hostPlatform.isMusl [ # Make netgroup support optional (musl does not have it) # Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10 |