Workaround for CVE-2024-2961 on NixOS
This repository has been archived on 2024-05-20. You can view files and clone it, but cannot push or open issues or pull requests.
Find a file
2024-04-23 14:26:48 +02:00
README.md Initial commit 2024-04-23 14:26:48 +02:00
remove-iso2022cnext.patch Initial commit 2024-04-23 14:26:48 +02:00
workaround-cve-2024-2961.nix Initial commit 2024-04-23 14:26:48 +02:00

Workaround for CVE-2024-2961 on NixOS

This Nix snippet implements the workaround to CVE-2024-2961 as described by the Rocky Linux team. Also a big thanks to Martin Weinelt for making this work without rebuilding every single package on your computer.

How to apply

Clone this repository and add the path to workaround-cve-2024-2961.nix to the imports attribute of your configuration.nix, like this:

{ config, pkgs, ... }: {

  ...

  imports = [
    ...
    <path-to-repo>/nixos-workaround-cve-2024-2961/workaround-cve-2024-2961.nix
  ];

  ...
}

Caveats

Keep in mind that this workaround disables encoding conversion to/from the ISO-2022-CN-EXT Chinese text encoding. If this is something you or your users need, you cannot apply this workaround or things will break.