From 91c7763b9da3a5bf0c3f9b709eac6b03c66d117f Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Thu, 3 Jun 2021 22:55:35 +0200 Subject: [PATCH] pam_u2f: 1.1.0 -> 1.1.1 Fixes CVE-2021-31924 https://www.yubico.com/support/security-advisories/ysa-2021-03/ Changelog: https://github.com/Yubico/pam-u2f/blob/pam_u2f-1.1.1/NEWS (cherry picked from commit b5afbd350dc54553376bfa29e693b680be3c39bd) --- pkgs/os-specific/linux/pam_u2f/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/pam_u2f/default.nix b/pkgs/os-specific/linux/pam_u2f/default.nix index 760af73fecd..30a55f2b9c0 100644 --- a/pkgs/os-specific/linux/pam_u2f/default.nix +++ b/pkgs/os-specific/linux/pam_u2f/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pam_u2f"; - version = "1.1.0"; + version = "1.1.1"; src = fetchurl { url = "https://developers.yubico.com/pam-u2f/Releases/${pname}-${version}.tar.gz"; - sha256 = "01fwbrfnjkv93vvqm54jywdcxa1p7d4r32azicwnx75nxfbbzhqd"; + sha256 = "12p3pkrp32vzpg7707cgx8zgvgj8iqwhy39sm761k7plqi027mmp"; }; nativeBuildInputs = [ pkg-config ]; @@ -16,6 +16,14 @@ stdenv.mkDerivation rec { configureFlagsArray+=("--with-pam-dir=$out/lib/security") ''; + # a no-op makefile to prevent building the fuzz targets + postConfigure = '' + cat > fuzz/Makefile <