New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd: fix CVE-2019-15718 #68032
systemd: fix CVE-2019-15718 #68032
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. This should probably be followed up by a full systemd upgrade against staging
(?)
I am already working on systemd v243 at https://github.com/andir/nixpkgs/tree/systemd-v243 & https://github.com/andir/systemd/tree/nixos-v243. It currently fails with some install error. Must have missed a case in the new version bump. This has to be done with care and patience so we do not cause more harm then good. I'll work on that during the next days. |
22k rebuilds. What about squashing it into the current staging-next iteration? (We have e.g. Firefox and Python CVEs in there.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I don't think anyone will be for this going later than the current staging-next iteration, so I merged it there in any case (so hopefully Hydra can save some work).
@vcunat I don't mean to hijack this but is there a doc outlining what should go towards |
@NeQuissimus: that's not hijacking, it's perfectly on topic. The RFC says:
|
Motivation for this change
More details at: https://www.openwall.com/lists/oss-security/2019/09/03/1
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @NixOS/security-notifications