New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[20.03] qemu: patch CVE-2020-1711 #91093
[20.03] qemu: patch CVE-2020-1711 #91093
Conversation
Wrong branch? Shouldn't this go to release-20.03? |
nix-review seems happy for me on macos 10.14, patch looks a-ok too |
@ajs124 oops... rebasing |
693bcd5
to
f9fd435
Compare
another try :) |
@@ -84,6 +84,11 @@ stdenv.mkDerivation rec { | |||
stripLen = 1; | |||
extraPrefix = "slirp/"; | |||
}) | |||
(fetchpatch { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you mind adding a reason, and timeline for removing the patch?
(fetchpatch { | |
# fixes x,y,z . Can be removed next minor/patch. | |
(fetchpatch { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i guess the patch name mentions the CVE
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, overlooked your comment. Patch will be obsolete in 4.2.1, just FTR.
Motivation for this change
This is a high profile risk identified in #88387 and a patch is readily available. So we should fix this one first.
No action required on nixos-unstable.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)