Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 13050bedc49f
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3acebb03952a
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Feb 8, 2019

  1. polkit: fix CVE-2019-6133 

    Jann Horn of Google found that Polkit doesn't properly check
if a process is already authenticated, which can lead to an
authentication reuse by a different user[0]. See also [1]

Closes #55391

[0]: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
[1]: https://gitlab.freedesktop.org/polkit/polkit/issues/75

(cherry picked from commit 7da64c9)
    @worldofpeace @Mic92
    worldofpeace authored and Mic92 committed Feb 8, 2019
    Copy the full SHA
    a859ce5 View commit details

Commits on Feb 9, 2019

  1. Merge branch 'staging-18.09' into release-18.09 

    polkit security
    @vcunat
    vcunat committed Feb 9, 2019
    Copy the full SHA
    3acebb0 View commit details
Showing with 6 additions and 0 deletions.
  1. +6 −0 pkgs/development/libraries/polkit/default.nix
6 changes: 6 additions & 0 deletions pkgs/development/libraries/polkit/default.nix
View file
Original file line number Diff line number Diff line change
@@ -21,6 +21,12 @@ stdenv.mkDerivation rec {
};

patches = [
# CVE-2019-6133 - See: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
(fetchpatch {
url = "https://gitlab.freedesktop.org/polkit/polkit/commit/6cc6aafee135ba44ea748250d7d29b562ca190e3.patch";
name = "CVE-2019-6133.patch";
sha256 = "0jjlbjzqcz96xh6w3nv3ss9jl0hhrcd7jg4aa5advf08ibaj29r1";
})
# CVE-2018-19788 - high UID fixup
(fetchpatch {
url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5230646dc6876ef6e27f57926b1bad348f636147.patch";