mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 23:20:55 +00:00
ntfs3g: patch for CVE-2017-0358
From the Debian advisory: Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
This commit is contained in:
parent
e74ec9d84f
commit
19f23d00fd
|
@ -1,4 +1,4 @@
|
|||
{stdenv, fetchurl, utillinux, libuuid
|
||||
{stdenv, fetchurl, fetchpatch, utillinux, libuuid
|
||||
, crypto ? false, libgcrypt, gnutls, pkgconfig}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -14,6 +14,13 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
url = "https://sources.debian.net/data/main/n/ntfs-3g/1:2016.2.22AR.1-4/debian/patches/0003-CVE-2017-0358.patch";
|
||||
sha256 = "0hd05q9q06r18k8pmppvch1sslzqln5fvqj51d5r72g4mnpavpj3";
|
||||
})
|
||||
];
|
||||
|
||||
patchPhase = ''
|
||||
substituteInPlace src/Makefile.in --replace /sbin '@sbindir@'
|
||||
substituteInPlace ntfsprogs/Makefile.in --replace /sbin '@sbindir@'
|
||||
|
@ -45,4 +52,3 @@ stdenv.mkDerivation rec {
|
|||
license = licenses.gpl2Plus; # and (lib)fuse-lite under LGPL2+
|
||||
};
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue