commit 03a6fedb127aba81984a1ca6818e8841d86338d3 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

firejail: 0.9.68 -> 0.9.70

Jonas Heinrich 3 years ago 03a6fedb f53b2517

+2 -37

1 changed file

expand all

unified split

pkgs

os-specific

linux

firejail

default.nix

+2 -37

pkgs/os-specific/linux/firejail/default.nix

··· 11 11 12 12 stdenv.mkDerivation rec { 13 13 pname = "firejail"; 14 - version = "0.9.68"; 14 + version = "0.9.70"; 15 15 16 16 src = fetchFromGitHub { 17 17 owner = "netblue30"; 18 18 repo = "firejail"; 19 19 rev = version; 20 - sha256 = "18yy1mykx7h78yj7sz729i3dlsrgi25m17m5x9gbrvsx7f87rw7j"; 20 + sha256 = "sha256-x1txt0uER66bZN6BD6c/31Zu6fPPwC9kl/3bxEE6Ce8="; 21 21 }; 22 22 23 23 nativeBuildInputs = [ ··· 41 41 # By default fbuilder hardcodes the firejail binary to the install path. 42 42 # On NixOS the firejail binary is a setuid wrapper available in $PATH. 43 43 ./fbuilder-call-firejail-on-path.patch 44 - 45 - # NixOS specific whitelist to resolve binary paths in user environment 46 - # Fixes https://github.com/NixOS/nixpkgs/issues/170784 47 - # Upstream fix https://github.com/netblue30/firejail/pull/5131 48 - # Upstream hopefully fixed in later versions > 0.9.68 49 - ./whitelist-nix-profile.patch 50 - 51 - # Fix OpenGL support for various applications including Firefox 52 - # Issue: https://github.com/NixOS/nixpkgs/issues/55191 53 - # Upstream fix: https://github.com/netblue30/firejail/pull/5132 54 - # Hopefully fixed upstream in version > 0.9.68 55 - ./fix-opengl-support.patch 56 - 57 - # Fix CVE-2022-31214 by patching in 4 commits from upstream 58 - # https://seclists.org/oss-sec/2022/q2/188 59 - (fetchpatch { 60 - name = "CVE-2022-31214-patch1"; # "fixing CVE-2022-31214" 61 - url = "https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50.patch"; 62 - sha256 = "sha256-XXmnYCn4TPUvU43HifZDk4tEZQvOho9/7ehU6889nN4="; 63 - }) 64 - (fetchpatch { 65 - name = "CVE-2022-31214-patch2"; # "shutdown testing" 66 - url = "https://github.com/netblue30/firejail/commit/04ff0edf74395ddcbbcec955279c74ed9a6c0f86.patch"; 67 - sha256 = "sha256-PV73hRlvYEQihuljSCQMNO34KJ0hDVFexhirpHcTK1I="; 68 - }) 69 - (fetchpatch { 70 - name = "CVE-2022-31214-patch3"; # "CVE-2022-31214: fixing the fix" 71 - url = "https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7.patch"; 72 - sha256 = "sha256-6plBIliW/nLKR7TdGeB88eQ65JHEasnaRsP3HPXAFyA="; 73 - }) 74 - (fetchpatch { 75 - name = "CVE-2022-31214-patch4"; # "CVE-2022-31214: fixing the fix, one more time " 76 - url = "https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54.patch"; 77 - sha256 = "sha256-inkpcdC5rl5w+CTAwwQVBOELlHTXb8UGlpU+8kMY95s="; 78 - }) 79 44 ]; 80 45 81 46 prePatch = ''