Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

netatalk: 3.1.11 -> 3.1.12 #52833

Merged
merged 1 commit into from Feb 24, 2019
Merged

Conversation

r-ryantm
Copy link
Contributor

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/netatalk/versions.

meta.description for netatalk is: '"Apple Filing Protocol Server"'.

Checks done (click to expand)
  • built on NixOS
  • Warning: no invocation of /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/cnid2_create had a zero exit code or showed the expected version
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/macusers passed the binary check.
  • Warning: no invocation of /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/asip-status.pl had a zero exit code or showed the expected version
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/apple_dump passed the binary check.
  • Warning: no invocation of /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/afppasswd had a zero exit code or showed the expected version
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/afpldaptest passed the binary check.
  • Warning: no invocation of /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/ad had a zero exit code or showed the expected version
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/dbd passed the binary check.
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/netatalk-config passed the binary check.
  • Warning: no invocation of /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/afpstats had a zero exit code or showed the expected version
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/afpd passed the binary check.
  • Warning: no invocation of /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/cnid_dbd had a zero exit code or showed the expected version
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/cnid_metad passed the binary check.
  • /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin/netatalk passed the binary check.
  • 8 of 14 passed binary check by having a zero exit code.
  • 2 of 14 passed binary check by having the new version present in output.
  • found 3.1.12 with grep in /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12
  • directory tree listing: https://gist.github.com/2364d46aa87e3957ec21283dcd1589d0
  • du listing: https://gist.github.com/96af6d397cb7d3912ef762674d760251
Rebuild report (if merged into master) (click to expand)

3 total rebuild path(s)

1 package rebuild(s)

1 x86_64-linux rebuild(s)
1 i686-linux rebuild(s)
0 x86_64-darwin rebuild(s)
1 aarch64-linux rebuild(s)

First fifty rebuilds by attrpath
netatalk

Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12 \
  --option binary-caches 'https://cache.nixos.org/ https://r-ryantm.cachix.org/' \
  --option trusted-public-keys '
  r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(r-ryantm's Cachix cache is only trusted for this store-path realization.)

Or, build yourself:

nix-build -A netatalk https://github.com/r-ryantm/nixpkgs/archive/b32c357ea9beaa4f999635628745ad82af3cf58e.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12
ls -la /nix/store/palg0jci4ixw1gi3qdj2y7x264zks1ln-netatalk-3.1.12/bin

Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/netatalk/versions
@c0bw3b
Copy link
Contributor

c0bw3b commented Jan 3, 2019

http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html

Please update to this latest release as soon as possible as this releases fixes an major security issue (CVE-2018-1160)

-

https://nvd.nist.gov/vuln/detail/CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

@c0bw3b c0bw3b added the 9.needs: port to stable A PR needs a backport to the stable release. label Jan 3, 2019
@c0bw3b c0bw3b self-assigned this Jan 3, 2019
@vcunat
Copy link
Member

vcunat commented Feb 19, 2019

@c0bw3b: you self-assigned this – any more plans about it?

@vcunat vcunat self-assigned this Feb 24, 2019
Copy link
Member

@vcunat vcunat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NEWS sound very conservative, claiming to contain an important security fix. Builds OK on x86_64 and aarch64 linuxes.

@vcunat vcunat merged commit b32c357 into NixOS:master Feb 24, 2019
vcunat added a commit that referenced this pull request Feb 24, 2019
vcunat added a commit that referenced this pull request Feb 24, 2019
@r-ryantm r-ryantm deleted the auto-update/netatalk branch March 1, 2019 15:00
@c0bw3b
Copy link
Contributor

c0bw3b commented Mar 30, 2019

@vcunat thanks for backporting this.
I meant to look at it when assigning it to myself, then got quite busy.

@c0bw3b c0bw3b removed their assignment Mar 30, 2019
@samueldr samueldr removed the 9.needs: port to stable A PR needs a backport to the stable release. label Apr 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants