3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/applications/misc/synergy
aszlig 9e476fe740
synergy: Add patch to fix CVE-2020-15117
From the description of CVE-2020-15117:

> In Synergy before version 1.12.0, a Synergy server can be crashed by
> receiving a kMsgHelloBack packet with a client name length set to
> 0xffffffff (4294967295) if the servers memory is less than 4 GB. It
> was verified that this issue does not cause a crash through the
> exception handler if the available memory of the Server is more than
> 4GB.

While I personally would consider this a pretty low-priority issue since
Synergy usually is only used in local environment, it's nevertheless
better to patch known issues.

Since the fix is part of version 1.12, which doesn't have a stable
release yet, I'm including the fix as a patch cherry-picked from the
upstream commit.

I originally had the CVE number as a comment prior to the fetchpatch
call in question, but since @mweinelt mentioned that https://broken.sh/
uses the patch file name[1] to match whether the software in question
has been patched, I've removed my initial comment as it would be
redundant.

[1]: https://github.com/andir/nix-vulnerability-scanner/blob/fb63998885462/src/report/nix_patches.rs#L83-L95

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/94007
2020-08-04 16:35:18 +02:00
..
build-tests.patch synergy: 1.8.8 -> 1.11.0 (#80138) 2020-02-14 19:39:47 -05:00
default.nix synergy: Add patch to fix CVE-2020-15117 2020-08-04 16:35:18 +02:00
macos_build_fix.patch synergy: 1.8.8 -> 1.11.0 (#80138) 2020-02-14 19:39:47 -05:00