pyrox.dev
Merge #150742: xorg.xorgserver: apply CVE patches
+19
pkgs/servers/x11/xorg/overrides.nix
+19
pkgs/servers/x11/xorg/overrides.nix
···
649
649
];
650
650
postInstall = ":"; # prevent infinite recursion
651
651
});
652
+
653
+
fpgit = commit: sha256: name: fetchpatch (
654
+
{
655
+
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/${commit}.diff";
656
+
inherit sha256;
657
+
} // lib.optionalAttrs (name != null) {
658
+
name = name + ".patch";
659
+
}
660
+
);
652
661
in
653
662
if (!isDarwin)
654
663
then {
655
664
outputs = [ "out" "dev" ];
656
665
patches = [
666
+
# https://lists.x.org/archives/xorg-announce/2021-December/003122.html
667
+
(fpgit "ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60"
668
+
"sNi16FqN4rS4s8j5+PUVeOQBasccCkB5KvywP7xl28M=" "CVE-2021-4008")
669
+
(fpgit "b5196750099ae6ae582e1f46bd0a6dad29550e02"
670
+
"5hgzQXBBaJfhSTa9hs8K2N1fQ6+Vp8TTkertmQhkw8Y=" "CVE-2021-4009")
671
+
(fpgit "6c4c53010772e3cb4cb8acd54950c8eec9c00d21"
672
+
"1gGG9RpjLMi7Emwh13/z5CN1+ISLsPL3hJXP5gQcNkE=" "CVE-2021-4010")
673
+
(fpgit "e56f61c79fc3cee26d83cda0f84ae56d5979f768"
674
+
"e1KgSXGwwI3GgcYeWaF3KHPmkE4tf9VTqvfTYqRpysY=" "CVE-2021-4011")
675
+
657
676
# The build process tries to create the specified logdir when building.
658
677
#
659
678
# We set it to /var/log which can't be touched from inside the sandbox causing the build to hard-fail