diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-11-28 15:58:55 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-11-28 15:58:55 +0100 |
commit | 1c414c565baeac77a81d781a51e1f3b34de5fc04 (patch) | |
tree | 356e0af67531902d91ebeb354d71420fc015bc8a /pkgs/tools | |
parent | 037d1121a4d600424c213720b691e5a9e442c0a3 (diff) |
x11vnc: fix CVE-2020-29074
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows
access by actors other than the current user.
Fixes: CVE-2020-29074
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/X11/x11vnc/default.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/X11/x11vnc/default.nix b/pkgs/tools/X11/x11vnc/default.nix index 2f7b0d7697e5..5ed827b5a546 100644 --- a/pkgs/tools/X11/x11vnc/default.nix +++ b/pkgs/tools/X11/x11vnc/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, +{ stdenv, fetchFromGitHub, fetchpatch, openssl, zlib, libjpeg, xorg, coreutils, libvncserver, autoreconfHook, pkgconfig }: @@ -13,6 +13,14 @@ stdenv.mkDerivation rec { sha256 = "1g652mmi79pfq4p5p7spaswa164rpzjhc5rn2phy5pm71lm0vib1"; }; + patches = [ + (fetchpatch { + name = "CVE-2020-29074.patch"; + url = "https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a.patch"; + sha256 = "0hdhp32g2i5m0ihmaxkxhsn3d5f2qasadvwpgxify4xnzabmyb2d"; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; buildInputs = |