Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: bf4926dd0c1c
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 9d87889b3483
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Oct 26, 2019

  1. file: add patch for CVE-2019-18218 

    upstream patch https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84.patch
doesn't apply directly, debian have a version which has been adapted for
5.37.
    @risicle
    risicle committed Oct 26, 2019
    Copy the full SHA
    99273fc View commit details

Commits on Oct 28, 2019

  1. Merge pull request #72025 from risicle/ris-file-CVE-2019-18218 

    file: add patch for CVE-2019-18218
    Christian Kauhaus authored Oct 28, 2019
    Copy the full SHA
    9d87889 View commit details
Showing with 9 additions and 1 deletion.
  1. +9 −1 pkgs/tools/misc/file/default.nix
10 changes: 9 additions & 1 deletion pkgs/tools/misc/file/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl, file, zlib, libgnurx }:
{ stdenv, fetchurl, fetchpatch, file, zlib, libgnurx }:

stdenv.mkDerivation rec {
pname = "file";
@@ -12,6 +12,14 @@ stdenv.mkDerivation rec {
sha256 = "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9";
};

patches = [
(fetchpatch {
name = "CVE-2019-18218.patch";
url = "https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch";
sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
})
];

nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;
buildInputs = [ zlib ]
++ stdenv.lib.optional stdenv.hostPlatform.isWindows libgnurx;