Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: eeda68a88ede
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 337cd5cc8a3d
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Dec 8, 2019

  1. vmTools.fillDiskWithRPMs: fix cpio use 

    When updating to cpio-2.13 in fe758f5,
a patch from SUSE was dropped. This patch was intended to resolve
CVE-2015-1197, and introduced the '--extract-over-symlink' option to
disable its own effects.

The CVE-2015-1197 was fixed in cpio-2.13 release[1] by other means,
making this patch useless.

Given that this patch is no longer used, we do not need to disable its
effects anymore with the `--extract-over-symlink` argument switch.

This Commit fixes #74984

[1] https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
    @lsix @bjornfor
    lsix authored and bjornfor committed Dec 8, 2019
    Copy the full SHA
    337cd5c View commit details
    Browse the repository at this point in the history