podman: Add patch for CVE-2020-14370

avdv · zowoq · commit d3784204ba1a · 2020-10-13T20:00:30.000+10:00
This backports the changes from upstream[1] to version 1.8.0. Fixes #99829 [1]: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074.patch
diff --git a/pkgs/applications/virtualization/podman/CVE-2020-14370.patch b/pkgs/applications/virtualization/podman/CVE-2020-14370.patch
@@ -0,0 +1,26 @@
+diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
+index 010c80373..562cc047b 100644
+--- a/cmd/podman/shared/create.go
++++ b/cmd/podman/shared/create.go
+@@ -826,15 +826,17 @@ func CreateContainerFromCreateConfig(r *libpod.Runtime, createConfig *cc.CreateC
+ 	return ctr, nil
+ }
+ 
+-var defaultEnvVariables = map[string]string{
+-	"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+-	"TERM": "xterm",
++func defaultEnvVariables() map[string]string {
++  return map[string]string {
++	  "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
++	  "TERM": "xterm",
++  }
+ }
+ 
+ // EnvVariablesFromData gets sets the default environment variables
+ // for containers, and reads the variables from the image data, if present.
+ func EnvVariablesFromData(data *inspect.ImageData) map[string]string {
+-	env := defaultEnvVariables
++	env := defaultEnvVariables()
+ 	if data != nil {
+ 		for _, e := range data.Config.Env {
+ 			split := strings.SplitN(e, "=", 2)
diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
@@ -14,6 +14,10 @@ buildGoPackage rec {
     sha256 = "1rbapks11xg0vgl9m322mijirx0wm6c4yav8aw2y41wsr7qd7db4";
   };
 
+  patches = [
+    ./CVE-2020-14370.patch
+  ];
+
   goPackagePath = "github.com/containers/libpod";
 
   outputs = [ "bin" "out" "man" ];
