mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-16 23:03:40 +01:00
gvfs: fix CVE-2019-1244{7.8.9}
This is a version of #63481 for master. CVE-2019-12447: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. CVE-2019-12448: daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. CVE-2019-12449: daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. Upstream MR: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/48
This commit is contained in:
parent
6fa7263c1e
commit
02ea0d3959
1 changed files with 23 additions and 1 deletions
|
@ -1,5 +1,5 @@
|
|||
{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, gnome3, dbus
|
||||
, glib, libgudev, udisks2, libgcrypt, libcap, polkit
|
||||
, glib, libgudev, udisks2, libgcrypt, libcap, polkit, fetchpatch
|
||||
, libgphoto2, avahi, libarchive, fuse, libcdio
|
||||
, libxml2, libxslt, docbook_xsl, docbook_xml_dtd_42, samba, libmtp
|
||||
, gnomeSupport ? false, gnome, gcr, wrapGAppsHook
|
||||
|
@ -18,6 +18,28 @@ in stdenv.mkDerivation rec {
|
|||
sha256 = "1cfnzamr4mvgpf6yhm28lh9cafy9z6842s8jpbqnfizfxybg8ylj";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# CVE-2019-12448
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/464bbc7e4e7fdfc3cb426557562038408b6108c5.patch";
|
||||
sha256 = "03fwlpj1vbi80661bbhzv8ddx3czkzv9i1q4h3gqyxi5f1i0xfz4";
|
||||
})
|
||||
# CVE-2019-12447
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/cf2f9c4020bbdd895485244b70e9442a80062cbe.patch";
|
||||
sha256 = "1p7c48nsx1lkv2qpkyrsm9qfa77xwd28gczwcpv2kbji3ws5qgj5";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/64156459a366d64ab19187455016929b1026189a.patch";
|
||||
sha256 = "0zxbhmgqxxw987ag8fh6yjzjn9jl55fqbn814jh9kwrk7x4prx9x";
|
||||
})
|
||||
# CVE-2019-12449
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/ec939a01c278d1aaa47153f51b5c5f0887738dd9.patch";
|
||||
sha256 = "0hfybfaz2gfx3yyw5ymx6q0pqwkx2r1i7gzprfp80bplwslq0d4h";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# patchShebangs requires executable file
|
||||
chmod +x meson_post_install.py
|
||||
|
|
Loading…
Reference in a new issue