|
|
|
@ -3,10 +3,10 @@ let |
|
|
|
|
s = # Generated upstream information |
|
|
|
|
rec { |
|
|
|
|
baseName="firejail"; |
|
|
|
|
version="0.9.62"; |
|
|
|
|
version="0.9.64"; |
|
|
|
|
name="${baseName}-${version}"; |
|
|
|
|
url="mirror://sourceforge/firejail/firejail/firejail-${version}.tar.xz"; |
|
|
|
|
sha256="1q2silgy882fl61p5qa9f9jqkxcqnwa71jig3c729iahx4f0hs05"; |
|
|
|
|
sha256="1zgjwy2k57nx0r63fzr15gijah098ig0bll66jd615vc9q3snfz5"; |
|
|
|
|
}; |
|
|
|
|
buildInputs = [ |
|
|
|
|
which |
|
|
|
@ -20,19 +20,6 @@ stdenv.mkDerivation { |
|
|
|
|
name = "${s.name}.tar.bz2"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
patches = [ |
|
|
|
|
(fetchpatch { |
|
|
|
|
name = "CVE-2020-17367.patch"; |
|
|
|
|
url = "https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37.patch"; |
|
|
|
|
sha256 = "1gxz4jxp80gxnn46195qxcpmikwqab9d0ylj9zkm62lycp84ij6n"; |
|
|
|
|
}) |
|
|
|
|
(fetchpatch { |
|
|
|
|
name = "CVE-2020-17368.patch"; |
|
|
|
|
url = "https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.patch"; |
|
|
|
|
sha256 = "0n4ch3qykxx870201l8lz81f7h84vk93pzz77f5cjbd30cxnbddl"; |
|
|
|
|
}) |
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
prePatch = '' |
|
|
|
|
# Allow whitelisting ~/.nix-profile |
|
|
|
|
substituteInPlace etc/firejail.config --replace \ |
|
|
|
|