From 3993d33d1c0129b1ca6f0fd122fe2bbe48e4f093 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 26 Jan 2022 12:52:59 +0100 Subject: gnu: polkit: Fix CVE-2021-4034. * gnu/packages/patches/polkit-CVE-2021-4034.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/polkit.scm (polkit-mozjs)[replacement]: New field. * gnu/packages/polkit.scm (polkit-mozjs/fixed): New variable. --- gnu/packages/polkit.scm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'gnu/packages/polkit.scm') diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm index e4f4b1276f..1ae94be751 100644 --- a/gnu/packages/polkit.scm +++ b/gnu/packages/polkit.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Andreas Enge ;;; Copyright © 2015 Andy Wingo -;;; Copyright © 2015, 2021 Ludovic Courtès +;;; Copyright © 2015, 2021-2022 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2017 Huang Ying @@ -54,6 +54,7 @@ (package (name "polkit") (version "0.120") + (replacement polkit-mozjs/fixed) (source (origin (method url-fetch) (uri (string-append @@ -146,6 +147,16 @@ making process with respect to granting access to privileged operations for unprivileged applications.") (license lgpl2.0+))) +(define-public polkit-mozjs/fixed + (package + (inherit polkit-mozjs) + (version "0.121") + (source (origin + (inherit (package-source polkit-mozjs)) + (patches (cons (search-patch "polkit-CVE-2021-4034.patch") + (origin-patches + (package-source polkit-mozjs)))))))) + ;;; Variant of polkit built with Duktape, a lighter JavaScript engine compared ;;; to mozjs. (define-public polkit-duktape -- cgit v1.2.3