tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

gvfs: fix CVE-2019-12795

Vulnerability Description:
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before
1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without
configuring an authorization rule. A local attacker could connect to this server
socket and issue D-Bus method calls. Note that the server socket only accepts
a single connection, so the attacker would have to discover the server and connect
to the socket before its owner does.

Closes #63301

worldofpeace 6ac7c773 d2bfd7aa

+5
unified split
+5
pkgs/development/libraries/gvfs/default.nix
··· 38 url = "https://gitlab.gnome.org/GNOME/gvfs/commit/bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6.patch"; 39 sha256 = "0hfybfaz2gfx3yyw5ymx6q0pqwkx2r1i7gzprfp80bplwslq0d4h"; 40 }) 41 ]; 42 43 postPatch = ''
··· 38 url = "https://gitlab.gnome.org/GNOME/gvfs/commit/bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6.patch"; 39 sha256 = "0hfybfaz2gfx3yyw5ymx6q0pqwkx2r1i7gzprfp80bplwslq0d4h"; 40 }) 41 + # CVE-2019-12795 42 + (fetchpatch { 43 + url = "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe.patch"; 44 + sha256 = "1lx6yxykx24mnq5izijqk744zj6rgww6ba76z0qjal4y0z3gsdqp"; 45 + }) 46 ]; 47 48 postPatch = ''