[r19.03] libvirt: add patches for CVE-2019-10132, CVE-2019-10161, CVE-2019-10166, CVE-2019-10167 & CVE-2019-10168 #63909
Conversation
risicle
changed the title
|
Is this a backport of a fix in unstable? |
|
No, the fix is not in unstable yet - I'm just starting work on that now. I started work on 19.03 first because #61011 was not at that point merged. Upstream have done the backporting themselves, but not yet released the fixed versions. |
|
Oh, I see — in unstable we can just update to the latest release, but in stable we have to just take the patches? |
|
Does the Darwin build failure happen outside of Nixpkgs? Is upstream aware of it if so? |
|
They haven't even done the release for the unstable version yet (which will presumably be 5.4.1?) |
|
Doesn’t mean they shouldn’t be aware of the bug. If we’re not going to include a CVE patch because of a bug, I think upstream should at least know about it. |
|
This is why I said
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1725317 darwin error report |
|
@GrahamcOfBorg build libvirt |
Apologies, I missed that. |
Motivation for this change
Yes, this is indeed every 4.10 commit in the repo after the 4.10.0 release - they don't seem to be in a hurry to release 4.10.1. The fix for CVE-2019-10161 unfortunately breaks the darwin build for me (tested on macos 10.13), so at least having them as separate patches allows me to disable that patch for darwin. I'll open an upstream bug on that once I've also updated/patched
master.Things done
sandboxinnix.confon non-NixOS)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)