Merge #125593: polkit: Fix authentication bypass vulnerability

author: Vladimír Čunát <v@cunat.cz> 2021-06-04 08:47:51 +0200
committer: Vladimír Čunát <v@cunat.cz> 2021-06-04 08:47:51 +0200
commit: 729e236f7a0929e47bcc85c37a5cdc5fe52f948d (patch)
tree: 49f4252cf05e76610f390e55890654ff508007ca
parent: linuxPackages.ati_drivers_x11: move to alias set (diff)
parent: polkit: Fix local privilege escalation vulnerability (diff)
download: nixpkgs-729e236f7a0929e47bcc85c37a5cdc5fe52f948d.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix
index 7f0ad5acdceb..bc7f7e80d9c2 100644
--- a/pkgs/development/libraries/polkit/default.nix
+++ b/pkgs/development/libraries/polkit/default.nix
@@ -34,6 +34,13 @@ stdenv.mkDerivation rec {
       url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5dd4e22efd05d55833c4634b56e473812b5acbf2.patch";
       sha256 = "17lv7xj5ksa27iv4zpm4zwd4iy8zbwjj4ximslfq3sasiz9kxhlp";
     })
+    (fetchpatch {
+      # https://www.openwall.com/lists/oss-security/2021/06/03/1
+      # https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/79
+      name = "CVE-2021-3560.patch";
+      url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81.patch";
+      sha256 = "157ddsizgr290jsb8fpafrc37gc1qw5pdvl351vnn3pzhqs7n6f4";
+    })
   ] ++ lib.optionals stdenv.hostPlatform.isMusl [
     # Make netgroup support optional (musl does not have it)
     # Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10
author	Vladimír Čunát <v@cunat.cz>	2021-06-04 08:47:51 +0200
committer	Vladimír Čunát <v@cunat.cz>	2021-06-04 08:47:51 +0200
commit	729e236f7a0929e47bcc85c37a5cdc5fe52f948d (patch)
tree	49f4252cf05e76610f390e55890654ff508007ca
parent	linuxPackages.ati_drivers_x11: move to alias set (diff)
parent	polkit: Fix local privilege escalation vulnerability (diff)
download	nixpkgs-729e236f7a0929e47bcc85c37a5cdc5fe52f948d.tar.gz