Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libsass: add patch for CVE-2018-19827 #61673

Closed
wants to merge 1 commit into from
Closed

libsass: add patch for CVE-2018-19827 #61673

wants to merge 1 commit into from

Conversation

risicle
Copy link
Contributor

@risicle risicle commented May 18, 2019
edited

Motivation for this change

Of the 4 open CVEs against libsass (#60842), one of them does have an apply-able patch available for it, so we should probably add that. Better than nothing.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@vcunat vcunat self-assigned this May 18, 2019
vcunat pushed a commit that referenced this pull request May 18, 2019
@risicle @vcunat
libsass: add patch for CVE-2018-19827 (PR #61673)
cff7364 
vcunat switched to upstream commit that's reachable from master.

(cherry picked from commit f9f3d6b)
pull bot pushed a commit to evanjs/nixpkgs that referenced this pull request May 18, 2019
@risicle @vcunat
libsass: add patch for CVE-2018-19827 (PR NixOS#61673)
f9f3d6b 
vcunat switched to upstream commit that's reachable from master.
@vcunat
Copy link
Member

vcunat commented May 18, 2019

Thanks. Amended as cff7364 etc.

@vcunat vcunat closed this May 18, 2019
@risicle
Copy link
Contributor Author

risicle commented May 18, 2019

Cool - I'll backport...

@risicle
Copy link
Contributor Author

risicle commented May 18, 2019

...nope, you've already got there :)

@ofborg ofborg bot requested a review from offlinehacker May 18, 2019 12:31
@vcunat
Copy link
Member

vcunat commented May 18, 2019

Yes, it's just easier for me to directly cherry-pick, build and push.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@offlinehacker offlinehacker Awaiting requested review from offlinehacker

Assignees

@vcunat vcunat

Labels
10.rebuild-darwin: 1-10 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@risicle @vcunat