README.md | ||
remove-iso2022cnext.patch | ||
workaround-cve-2024-2961.nix |
Workaround for CVE-2024-2961 on NixOS
This Nix snippet implements the workaround to CVE-2024-2961 as described by the Rocky Linux team. Also a big thanks to Martin Weinelt for making this work without rebuilding every single package on your computer.
How to apply
Clone this repository and add the path to workaround-cve-2024-2961.nix
to the imports
attribute of your configuration.nix
, like this:
{ config, pkgs, ... }: {
...
imports = [
...
<path-to-repo>/nixos-workaround-cve-2024-2961/workaround-cve-2024-2961.nix
];
...
}
Caveats
Keep in mind that this workaround disables encoding conversion to/from the ISO-2022-CN-EXT Chinese text encoding. If this is something you or your users need, you cannot apply this workaround or things will break.