Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[19.09] file: fix download url for CVE-2019-18218 #78479

Merged
merged 1 commit into from Jan 26, 2020
Merged

[19.09] file: fix download url for CVE-2019-18218 #78479

merged 1 commit into from Jan 26, 2020

Conversation

veprbl
Copy link
Member

@veprbl veprbl commented Jan 25, 2020

Motivation for this change

This unbreaks the build of file for users who don't rely on cache.nixos.org.

Things done
# cat test.nix
with import <nixpkgs> {};

{
  a = (fetchpatch {
    name = "CVE-2019-18218.patch";
    urls = [
      "https://release.debian.org/proposed-updates/stretch_diffs/file_5.30-1+deb9u3.debdiff"
    ];
    sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
  });

  b = (fetchpatch {
    name = "CVE-2019-18218.patch";
    urls = [
      "https://git.in-ulm.de/cbiedl/file/raw/054940e842528dca434a92820f9abb89adce0574/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch"
    ];
    sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
  });

  c = (fetchpatch {
    name = "CVE-2019-18218.patch";
    urls = [
      "https://sources.debian.org/data/main/f/file/1:5.35-4+deb10u1/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch"
    ];
    sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
  });
}
# nix-build test.nix -A a --check
checking outputs of '/nix/store/f4y4akrw8dggkg092ryhddyhq2a0vd3k-CVE-2019-18218.patch.drv'...

trying https://release.debian.org/proposed-updates/stretch_diffs/file_5.30-1+deb9u3.debdiff
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3598  100  3598    0     0  21289      0 --:--:-- --:--:-- --:--:-- 21289
warning: rewriting hashes in '/nix/store/j681fm0gcmpvnfc5syjv23jsqhj3lfcn-CVE-2019-18218.patch'; cross fingers
/nix/store/j681fm0gcmpvnfc5syjv23jsqhj3lfcn-CVE-2019-18218.patch
# nix-build test.nix -A b --check
checking outputs of '/nix/store/6j23k0qzziz3pwrh1fhlba9vh1vs4lk5-CVE-2019-18218.patch.drv'...

trying https://git.in-ulm.de/cbiedl/file/raw/054940e842528dca434a92820f9abb89adce0574/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1056  100  1056    0     0   1889      0 --:--:-- --:--:-- --:--:--  1889
warning: rewriting hashes in '/nix/store/j681fm0gcmpvnfc5syjv23jsqhj3lfcn-CVE-2019-18218.patch'; cross fingers
/nix/store/j681fm0gcmpvnfc5syjv23jsqhj3lfcn-CVE-2019-18218.patch
# nix-build test.nix -A c --check
checking outputs of '/nix/store/aawwb6x40bpfhff529s9lnf2x621k79b-CVE-2019-18218.patch.drv'...

trying https://sources.debian.org/data/main/f/file/1:5.35-4+deb10u1/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1056  100  1056    0     0   2687      0 --:--:-- --:--:-- --:--:--  2693
warning: rewriting hashes in '/nix/store/j681fm0gcmpvnfc5syjv23jsqhj3lfcn-CVE-2019-18218.patch'; cross fingers
/nix/store/j681fm0gcmpvnfc5syjv23jsqhj3lfcn-CVE-2019-18218.patch

@veprbl veprbl mentioned this pull request Jan 25, 2020
Merged
10 tasks
nh2
nh2 reviewed Jan 26, 2020
View reviewed changes
Copy link
Contributor

@nh2 nh2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beyond the one comment about 1 of the 3 URLs being likely accidentally wrong, this change looks good to merge to me.

pkgs/tools/misc/file/default.nix Outdated Show resolved Hide resolved
@nh2 nh2 merged commit 5e97c6f into NixOS:release-19.09 Jan 26, 2020
veprbl added a commit that referenced this pull request Jan 26, 2020
@veprbl
file: fix download url for CVE-2019-18218
c7f0659 
(cherry picked from commit 5c39e8c)

cc #78479
@veprbl veprbl deleted the pr/CVE-2019-18218_url_fix branch January 26, 2020 22:18
@veprbl veprbl restored the pr/CVE-2019-18218_url_fix branch December 1, 2020 16:53
@veprbl veprbl deleted the pr/CVE-2019-18218_url_fix branch December 1, 2020 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nh2 nh2 nh2 approved these changes

@risicle risicle risicle left review comments

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@veprbl @nh2 @risicle