nixpkgs/pkgs/tools/X11/x11vnc/default.nix
Martin Weinelt 1c414c565b
x11vnc: fix CVE-2020-29074
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows
access by actors other than the current user.

Fixes: CVE-2020-29074
2020-11-28 15:58:55 +01:00

58 lines
1.7 KiB
Nix

{ stdenv, fetchFromGitHub, fetchpatch,
openssl, zlib, libjpeg, xorg, coreutils, libvncserver,
autoreconfHook, pkgconfig }:
stdenv.mkDerivation rec {
pname = "x11vnc";
version = "0.9.16";
src = fetchFromGitHub {
owner = "LibVNC";
repo = "x11vnc";
rev = version;
sha256 = "1g652mmi79pfq4p5p7spaswa164rpzjhc5rn2phy5pm71lm0vib1";
};
patches = [
(fetchpatch {
name = "CVE-2020-29074.patch";
url = "https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a.patch";
sha256 = "0hdhp32g2i5m0ihmaxkxhsn3d5f2qasadvwpgxify4xnzabmyb2d";
})
];
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs =
[ xorg.libXfixes xorg.xorgproto openssl xorg.libXdamage
zlib xorg.libX11 libjpeg
xorg.libXtst xorg.libXinerama xorg.libXrandr
xorg.libXext
xorg.libXi xorg.libXrender
libvncserver
];
postPatch = ''
substituteInPlace src/unixpw.c \
--replace '"/bin/su"' '"/run/wrappers/bin/su"' \
--replace '"/bin/true"' '"${coreutils}/bin/true"'
sed -i -e '/#!\/bin\/sh/a"PATH=${xorg.xdpyinfo}\/bin:${xorg.xauth}\/bin:$PATH\\n"' -e 's|/bin/su|/run/wrappers/bin/su|g' src/ssltools.h
# Xdummy script is currently broken, so we avoid building it. This removes everything Xdummy-related from the affected Makefile
sed -i -e '/^\tXdummy.c\ \\$/,$d' -e 's/\tx11vnc_loop\ \\/\tx11vnc_loop/' misc/Makefile.am
'';
preConfigure = ''
configureFlags="--mandir=$out/share/man"
'';
meta = with stdenv.lib; {
description = "A VNC server connected to a real X11 screen";
homepage = "https://github.com/LibVNC/x11vnc/";
platforms = platforms.linux;
license = licenses.gpl2;
maintainers = with maintainers; [ OPNA2608 ];
};
}