|
|
|
@ -1,4 +1,4 @@ |
|
|
|
|
{stdenv, fetchurl, which}: |
|
|
|
|
{stdenv, fetchurl, fetchpatch, which}: |
|
|
|
|
let |
|
|
|
|
s = # Generated upstream information |
|
|
|
|
rec { |
|
|
|
@ -20,6 +20,19 @@ stdenv.mkDerivation { |
|
|
|
|
name = "${s.name}.tar.bz2"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
patches = [ |
|
|
|
|
(fetchpatch { |
|
|
|
|
name = "CVE-2020-17367.patch"; |
|
|
|
|
url = "https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37.patch"; |
|
|
|
|
sha256 = "1gxz4jxp80gxnn46195qxcpmikwqab9d0ylj9zkm62lycp84ij6n"; |
|
|
|
|
}) |
|
|
|
|
(fetchpatch { |
|
|
|
|
name = "CVE-2020-17368.patch"; |
|
|
|
|
url = "https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b.patch"; |
|
|
|
|
sha256 = "0n4ch3qykxx870201l8lz81f7h84vk93pzz77f5cjbd30cxnbddl"; |
|
|
|
|
}) |
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
prePatch = '' |
|
|
|
|
# Allow whitelisting ~/.nix-profile |
|
|
|
|
substituteInPlace etc/firejail.config --replace \ |
|
|
|
|