commit 57ecb3a8f02010c7dd0d5aa1ee33929286966dcf · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

rsync: 3.1.2 -> 3.1.3

The CVE patches weren't previously applied because they depend on the
enableCopyDevicesPatch parameter. The naming of the patches attribute in
base.nix was misleading.

The new rsync release now really fixes:

* CVE-2017-15994
* CVE-2017-16548
* CVE-2017-17433
* CVE-2017-17434

Franz Pletz 8 years ago 57ecb3a8 72141a63

+10 -31

2 changed files

expand all

unified split

pkgs

applications

networking

sync

rsync

base.nix

default.nix

+9 -30

pkgs/applications/networking/sync/rsync/base.nix

··· 1 { stdenv, fetchurl, fetchpatch }: 2 3 rec { 4 - version = "3.1.2"; 5 src = fetchurl { 6 # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 7 url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; 8 - sha256 = "1hm1q04hz15509f0p9bflw4d6jzfvpm1d36dxjwihk1wzakn5ypc"; 9 }; 10 - patches = [ 11 - (fetchurl { 12 - # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 13 - url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; 14 - sha256 = "09i3dcl37p22dp75vlnsvx7bm05ggafnrf1zwhf2kbij4ngvxvpd"; 15 - }) 16 - (fetchpatch { 17 - name = "CVE-2017-16548.patch"; 18 - url = "https://git.samba.org/rsync.git/?p=rsync.git;a=commitdiff_plain;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hp=bc112b0e7feece62ce98708092306639a8a53cce"; 19 - sha256 = "1dcdnfhbc5gd0ph7pds0xr2v8rpb2a4p7l9c1wml96nhnyww1pg1"; 20 - }) 21 - (fetchpatch { 22 - name = "CVE-2017-17433.patch"; 23 - url = "https://git.samba.org/?p=rsync.git;a=patch;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51"; 24 - sha256 = "1kvnh6znp37a447h9fm2pk7v4phx20bk60j4wbsd92xlpp7vck52"; 25 - }) 26 - (fetchpatch { 27 - name = "CVE-2017-17434-patch1.patch"; 28 - url = "https://git.samba.org/?p=rsync.git;a=patch;h=5509597decdbd7b91994210f700329d8a35e70a1"; 29 - sha256 = "16gg670s6b4gn3fywkkagixkpkpf31a3fiqx2a544640pblbgvyx"; 30 - }) 31 - (fetchpatch { 32 - name = "CVE-2017-17434-patch2.patch"; 33 - url = "https://git.samba.org/?p=rsync.git;a=patch;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"; 34 - sha256 = "182pc5bk1i57ganyn51bcs6vi2fib7zcw4kz3iyqkzihnjds10a6"; 35 - }) 36 - ]; 37 38 meta = with stdenv.lib; { 39 - homepage = http://rsync.samba.org/; 40 license = licenses.gpl3Plus; 41 platforms = platforms.unix; 42 };

··· 1 { stdenv, fetchurl, fetchpatch }: 2 3 rec { 4 + version = "3.1.3"; 5 src = fetchurl { 6 # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 7 url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; 8 + sha256 = "1h0011dj6jgqpgribir4anljjv7bbrdcs8g91pbsmzf5zr75bk2m"; 9 }; 10 + upstreamPatchTarball = fetchurl { 11 + # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 12 + url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; 13 + sha256 = "167vk463bb3xl9c4gsbxms111dk1ip7pq8y361xc0xfa427q9hhd"; 14 + }; 15 16 meta = with stdenv.lib; { 17 + description = "Fast incremental file transfer utility"; 18 + homepage = https://rsync.samba.org/; 19 license = licenses.gpl3Plus; 20 platforms = platforms.unix; 21 };

+1 -1

pkgs/applications/networking/sync/rsync/default.nix

··· 13 14 mainSrc = base.src; 15 16 - patchesSrc = base.patches; 17 18 srcs = [mainSrc] ++ stdenv.lib.optional enableCopyDevicesPatch patchesSrc; 19 patches = stdenv.lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff";

··· 13 14 mainSrc = base.src; 15 16 + patchesSrc = base.upstreamPatchTarball; 17 18 srcs = [mainSrc] ++ stdenv.lib.optional enableCopyDevicesPatch patchesSrc; 19 patches = stdenv.lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff";