x11vnc: fix CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows
access by actors other than the current user.

Fixes: CVE-2020-29074
This commit is contained in:
Martin Weinelt 2020-11-28 15:58:55 +01:00
parent 037d1121a4
commit 1c414c565b
No known key found for this signature in database
GPG key ID: 87C1E9888F856759

View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, { stdenv, fetchFromGitHub, fetchpatch,
openssl, zlib, libjpeg, xorg, coreutils, libvncserver, openssl, zlib, libjpeg, xorg, coreutils, libvncserver,
autoreconfHook, pkgconfig }: autoreconfHook, pkgconfig }:
@ -13,6 +13,14 @@ stdenv.mkDerivation rec {
sha256 = "1g652mmi79pfq4p5p7spaswa164rpzjhc5rn2phy5pm71lm0vib1"; sha256 = "1g652mmi79pfq4p5p7spaswa164rpzjhc5rn2phy5pm71lm0vib1";
}; };
patches = [
(fetchpatch {
name = "CVE-2020-29074.patch";
url = "https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a.patch";
sha256 = "0hdhp32g2i5m0ihmaxkxhsn3d5f2qasadvwpgxify4xnzabmyb2d";
})
];
nativeBuildInputs = [ autoreconfHook pkgconfig ]; nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = buildInputs =