commit cae8134ccb29c4d319e0339762137297eb72af63 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #130545 from risicle/ris-rsync-CVE-2020-14387

authored by Sandro and committed by GitHub 4 years ago cae8134c 9f3ace45

+16 -6

3 changed files

expand all

unified split

pkgs

applications

networking

sync

rsync

base.nix

default.nix

rrsync.nix

+8 -1

pkgs/applications/networking/sync/rsync/base.nix

··· 1 - { lib, fetchurl }: 2 3 rec { 4 version = "3.2.3"; ··· 12 url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; 13 sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; 14 }; 15 16 meta = with lib; { 17 description = "Fast incremental file transfer utility";

··· 1 + { lib, fetchurl, fetchpatch }: 2 3 rec { 4 version = "3.2.3"; ··· 12 url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; 13 sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; 14 }; 15 + extraPatches = [ 16 + (fetchpatch { 17 + name = "CVE-2020-14387.patch"; 18 + url = "https://git.samba.org/?p=rsync.git;a=patch;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd"; 19 + sha256 = "000lyx48lns84p53nsdlr45mb9558lrvnsz3yic0y3z6h2izv82x"; 20 + }) 21 + ]; 22 23 meta = with lib; { 24 description = "Fast incremental file transfer utility";

+4 -3

pkgs/applications/networking/sync/rsync/default.nix

··· 1 - { lib, stdenv, fetchurl, perl, libiconv, zlib, popt 2 , enableACLs ? lib.meta.availableOn stdenv.hostPlatform acl, acl ? null 3 , enableLZ4 ? true, lz4 ? null 4 , enableOpenSSL ? true, openssl ? null ··· 15 assert enableZstd -> zstd != null; 16 17 let 18 - base = import ./base.nix { inherit lib fetchurl; }; 19 in 20 stdenv.mkDerivation rec { 21 pname = "rsync"; ··· 26 patchesSrc = base.upstreamPatchTarball; 27 28 srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc; 29 - patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; 30 31 buildInputs = [libiconv zlib popt] 32 ++ lib.optional enableACLs acl

··· 1 + { lib, stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt 2 , enableACLs ? lib.meta.availableOn stdenv.hostPlatform acl, acl ? null 3 , enableLZ4 ? true, lz4 ? null 4 , enableOpenSSL ? true, openssl ? null ··· 15 assert enableZstd -> zstd != null; 16 17 let 18 + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; 19 in 20 stdenv.mkDerivation rec { 21 pname = "rsync"; ··· 26 patchesSrc = base.upstreamPatchTarball; 27 28 srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc; 29 + patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff" 30 + ++ base.extraPatches; 31 32 buildInputs = [libiconv zlib popt] 33 ++ lib.optional enableACLs acl

+4 -2

pkgs/applications/networking/sync/rsync/rrsync.nix

··· 1 - { lib, stdenv, fetchurl, perl, rsync }: 2 3 let 4 - base = import ./base.nix { inherit lib fetchurl; }; 5 in 6 stdenv.mkDerivation { 7 pname = "rrsync"; ··· 15 # We just want something from the support directory 16 dontConfigure = true; 17 dontBuild = true; 18 19 postPatch = '' 20 substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync

··· 1 + { lib, stdenv, fetchurl, perl, rsync, fetchpatch }: 2 3 let 4 + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; 5 in 6 stdenv.mkDerivation { 7 pname = "rrsync"; ··· 15 # We just want something from the support directory 16 dontConfigure = true; 17 dontBuild = true; 18 + 19 + patches = base.extraPatches; 20 21 postPatch = '' 22 substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync