New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gnupatch: fix CVE-2018-6951 #39045
gnupatch: fix CVE-2018-6951 #39045
Conversation
Success on x86_64-linux (full log) Attempted: gnupatch Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: gnupatch Partial log (click to expand)
|
pkgs/tools/text/gnupatch/default.nix
Outdated
name = "CVE-2018-6951.patch"; | ||
url = "https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a"; | ||
sha256 = "0289g8ihyiqdxw4p3zkal7ivbpy4dp5s31x2vy9ajw67q0694ywa"; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is better to add the patch to nixpkgs instead + add the source url as a comment. There is a version number of cgit in the footer that will eventually break the hash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
48454bf
to
a40a038
Compare
a40a038
to
977d19f
Compare
Success on x86_64-linux (full log) Attempted: gnupatch Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: gnupatch Partial log (click to expand)
|
Cherry-picked to staging since it is only a NULL-pointer dereference: 11fd378 |
@Mic92 Thanks. We should also apply this patch on release 18.03. |
Fix CVE for #38993
I can't use
fetchpatch
ingnupatch
so I used fetchurl to fetch the patch.Is it an expected behavior? (I wouldn't be surprised we can't use gnupatch to build gnupatch but I didn't look at this in details).
Should I rebase this patch on
staging
?