util-linux: remove seccomp sandbox for CVE-2016-2279

the patch for CVE-2016-2779 was reverted by upstream and was not adopted by any other downstream distributions. Upstream waits for a better fix in the kernel: https://www.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes
2024-11-16 06:47:09 +03:00 · 2017-01-19 14:48:00 +01:00 · 2017-01-19 14:48:00 +01:00 · 4b9b1fa945
commit 4b9b1fa945
parent f4f885243e
1 changed files with 5 additions and 12 deletions
--- a/pkgs/os-specific/linux/util-linux/default.nix
+++ b/pkgs/os-specific/linux/util-linux/default.nix
@ -1,4 +1,5 @@
-{ lib, stdenv, fetchurl, pkgconfig, zlib, libseccomp, fetchpatch, autoreconfHook, ncurses ? null, perl ? null, pam, systemd, minimal ? false }:
+{ lib, stdenv, fetchurl, pkgconfig, zlib, fetchpatch
+, ncurses ? null, perl ? null, pam, systemd, minimal ? false }:

 stdenv.mkDerivation rec {
  name = "util-linux-${version}";
@ -12,13 +13,7 @@ stdenv.mkDerivation rec {
    sha256 = "1rzrmdrz51p9sy7vlw5qmj8pmqazm7hgcch5yq242mkvrikyln9c";
  };

-  patches = [
-    ./rtcwake-search-PATH-for-shutdown.patch
-    (fetchpatch {
-      name = "CVE-2016-2779.diff";
-      url = https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2.patch;
-      sha256 = "0kmigkq4s1b1ijrq8vcg2a5cw4qnm065m7cb1jn1q1f4x99ycy60";
-  })];
+  patches = [ ./rtcwake-search-PATH-for-shutdown.patch ];

  outputs = [ "bin" "dev" "out" "man" ];

@ -54,11 +49,9 @@ stdenv.mkDerivation rec {

  makeFlags = "usrbin_execdir=$(bin)/bin usrsbin_execdir=$(bin)/sbin";

-  # autoreconfHook is required for CVE-2016-2779
-  nativeBuildInputs = [ pkgconfig autoreconfHook ];
-  # libseccomp is required for CVE-2016-2779
+  nativeBuildInputs = [ pkgconfig ];
  buildInputs =
-    [ zlib pam libseccomp ]
+    [ zlib pam ]
    ++ lib.optional (ncurses != null) ncurses
    ++ lib.optional (systemd != null) systemd
    ++ lib.optional (perl != null) perl;