9e476fe740
From the description of CVE-2020-15117: > In Synergy before version 1.12.0, a Synergy server can be crashed by > receiving a kMsgHelloBack packet with a client name length set to > 0xffffffff (4294967295) if the servers memory is less than 4 GB. It > was verified that this issue does not cause a crash through the > exception handler if the available memory of the Server is more than > 4GB. While I personally would consider this a pretty low-priority issue since Synergy usually is only used in local environment, it's nevertheless better to patch known issues. Since the fix is part of version 1.12, which doesn't have a stable release yet, I'm including the fix as a patch cherry-picked from the upstream commit. I originally had the CVE number as a comment prior to the fetchpatch call in question, but since @mweinelt mentioned that https://broken.sh/ uses the patch file name[1] to match whether the software in question has been patched, I've removed my initial comment as it would be redundant. [1]: https://github.com/andir/nix-vulnerability-scanner/blob/fb63998885462/src/report/nix_patches.rs#L83-L95 Signed-off-by: aszlig <aszlig@nix.build> Fixes: https://github.com/NixOS/nixpkgs/issues/94007
89 lines
2.9 KiB
Nix
89 lines
2.9 KiB
Nix
{ stdenv, lib, fetchpatch, fetchFromGitHub, cmake, openssl, qttools
|
|
, ApplicationServices, Carbon, Cocoa, CoreServices, ScreenSaver
|
|
, xlibsWrapper, libX11, libXi, libXtst, libXrandr, xinput, avahi-compat
|
|
, withGUI ? true, wrapQtAppsHook }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "synergy";
|
|
version = "1.11.1";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "symless";
|
|
repo = "synergy-core";
|
|
rev = "${version}-stable";
|
|
sha256 = "1jk60xw4h6s5crha89wk4y8rrf1f3bixgh5mzh3cq3xyrkba41gh";
|
|
};
|
|
|
|
patches = [
|
|
./build-tests.patch
|
|
(fetchpatch {
|
|
name = "CVE-2020-15117.patch";
|
|
url = "https://github.com/symless/synergy-core/commit/"
|
|
+ "0a97c2be0da2d0df25cb86dfd642429e7a8bea39.patch";
|
|
sha256 = "03q8m5n50fms7fjfjgmqrgy9mrxwi9kkz3f3vlrs2x5h21dl6bmj";
|
|
})
|
|
] ++ lib.optional stdenv.isDarwin ./macos_build_fix.patch;
|
|
|
|
# Since the included gtest and gmock don't support clang and the
|
|
# segfault when built with gcc9, we replace it with 1.10.0 for
|
|
# synergy-1.11.0. This should become unnecessary when upstream
|
|
# updates these dependencies.
|
|
googletest = fetchFromGitHub {
|
|
owner = "google";
|
|
repo = "googletest";
|
|
rev = "release-1.10.0";
|
|
sha256 = "1zbmab9295scgg4z2vclgfgjchfjailjnvzc6f5x9jvlsdi3dpwz";
|
|
};
|
|
|
|
postPatch = ''
|
|
rm -r ext/*
|
|
cp -r ${googletest}/googlemock ext/gmock/
|
|
cp -r ${googletest}/googletest ext/gtest/
|
|
chmod -R +w ext/
|
|
'';
|
|
|
|
cmakeFlags = lib.optional (!withGUI) "-DSYNERGY_BUILD_LEGACY_GUI=OFF";
|
|
|
|
nativeBuildInputs = [ cmake ] ++ lib.optional withGUI wrapQtAppsHook;
|
|
|
|
dontWrapQtApps = true;
|
|
|
|
buildInputs = [
|
|
openssl
|
|
] ++ lib.optionals withGUI [
|
|
qttools
|
|
] ++ lib.optionals stdenv.isDarwin [
|
|
ApplicationServices Carbon Cocoa CoreServices ScreenSaver
|
|
] ++ lib.optionals stdenv.isLinux [
|
|
xlibsWrapper libX11 libXi libXtst libXrandr xinput avahi-compat
|
|
];
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/bin
|
|
cp bin/{synergyc,synergys,synergyd,syntool} $out/bin/
|
|
'' + lib.optionalString withGUI ''
|
|
cp bin/synergy $out/bin/
|
|
wrapQtApp $out/bin/synergy --prefix PATH : ${lib.makeBinPath [ openssl ]}
|
|
'' + lib.optionalString stdenv.isLinux ''
|
|
mkdir -p $out/share/icons/hicolor/scalable/apps
|
|
cp ../res/synergy.svg $out/share/icons/hicolor/scalable/apps/
|
|
mkdir -p $out/share/applications
|
|
substitute ../res/synergy.desktop $out/share/applications/synergy.desktop --replace /usr/bin $out/bin
|
|
'' + lib.optionalString stdenv.isDarwin ''
|
|
mkdir -p $out/Applications/
|
|
mv bundle/Synergy.app $out/Applications/
|
|
ln -s $out/bin $out/Applications/Synergy.app/Contents/MacOS
|
|
'';
|
|
|
|
doCheck = true;
|
|
checkPhase = "bin/unittests";
|
|
|
|
meta = with lib; {
|
|
description = "Share one mouse and keyboard between multiple computers";
|
|
homepage = "http://synergy-project.org/";
|
|
license = licenses.gpl2;
|
|
maintainers = with maintainers; [ enzime ];
|
|
platforms = platforms.all;
|
|
};
|
|
}
|