diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2018-01-29 13:39:35 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2018-01-29 13:54:47 +0100 |
commit | 57ecb3a8f02010c7dd0d5aa1ee33929286966dcf (patch) | |
tree | 0a7e679a2c3949fdb55d48c01b2ec72bc27b9c85 /pkgs/applications/networking | |
parent | 72141a630bc27660a858dc8b80b7c48818365ec7 (diff) | |
download | nixpkgs-57ecb3a8f02010c7dd0d5aa1ee33929286966dcf.tar nixpkgs-57ecb3a8f02010c7dd0d5aa1ee33929286966dcf.tar.gz nixpkgs-57ecb3a8f02010c7dd0d5aa1ee33929286966dcf.tar.bz2 nixpkgs-57ecb3a8f02010c7dd0d5aa1ee33929286966dcf.tar.lz nixpkgs-57ecb3a8f02010c7dd0d5aa1ee33929286966dcf.tar.xz nixpkgs-57ecb3a8f02010c7dd0d5aa1ee33929286966dcf.tar.zst nixpkgs-57ecb3a8f02010c7dd0d5aa1ee33929286966dcf.zip |
rsync: 3.1.2 -> 3.1.3
The CVE patches weren't previously applied because they depend on the enableCopyDevicesPatch parameter. The naming of the patches attribute in base.nix was misleading. The new rsync release now really fixes: * CVE-2017-15994 * CVE-2017-16548 * CVE-2017-17433 * CVE-2017-17434
Diffstat (limited to 'pkgs/applications/networking')
-rw-r--r-- | pkgs/applications/networking/sync/rsync/base.nix | 39 | ||||
-rw-r--r-- | pkgs/applications/networking/sync/rsync/default.nix | 2 |
2 files changed, 10 insertions, 31 deletions
diff --git a/pkgs/applications/networking/sync/rsync/base.nix b/pkgs/applications/networking/sync/rsync/base.nix index 69613c489e1..abc1f27e4f6 100644 --- a/pkgs/applications/networking/sync/rsync/base.nix +++ b/pkgs/applications/networking/sync/rsync/base.nix @@ -1,42 +1,21 @@ { stdenv, fetchurl, fetchpatch }: rec { - version = "3.1.2"; + version = "3.1.3"; src = fetchurl { # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; - sha256 = "1hm1q04hz15509f0p9bflw4d6jzfvpm1d36dxjwihk1wzakn5ypc"; + sha256 = "1h0011dj6jgqpgribir4anljjv7bbrdcs8g91pbsmzf5zr75bk2m"; + }; + upstreamPatchTarball = fetchurl { + # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 + url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; + sha256 = "167vk463bb3xl9c4gsbxms111dk1ip7pq8y361xc0xfa427q9hhd"; }; - patches = [ - (fetchurl { - # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 - url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; - sha256 = "09i3dcl37p22dp75vlnsvx7bm05ggafnrf1zwhf2kbij4ngvxvpd"; - }) - (fetchpatch { - name = "CVE-2017-16548.patch"; - url = "https://git.samba.org/rsync.git/?p=rsync.git;a=commitdiff_plain;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hp=bc112b0e7feece62ce98708092306639a8a53cce"; - sha256 = "1dcdnfhbc5gd0ph7pds0xr2v8rpb2a4p7l9c1wml96nhnyww1pg1"; - }) - (fetchpatch { - name = "CVE-2017-17433.patch"; - url = "https://git.samba.org/?p=rsync.git;a=patch;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51"; - sha256 = "1kvnh6znp37a447h9fm2pk7v4phx20bk60j4wbsd92xlpp7vck52"; - }) - (fetchpatch { - name = "CVE-2017-17434-patch1.patch"; - url = "https://git.samba.org/?p=rsync.git;a=patch;h=5509597decdbd7b91994210f700329d8a35e70a1"; - sha256 = "16gg670s6b4gn3fywkkagixkpkpf31a3fiqx2a544640pblbgvyx"; - }) - (fetchpatch { - name = "CVE-2017-17434-patch2.patch"; - url = "https://git.samba.org/?p=rsync.git;a=patch;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"; - sha256 = "182pc5bk1i57ganyn51bcs6vi2fib7zcw4kz3iyqkzihnjds10a6"; - }) - ]; meta = with stdenv.lib; { - homepage = http://rsync.samba.org/; + description = "Fast incremental file transfer utility"; + homepage = https://rsync.samba.org/; license = licenses.gpl3Plus; platforms = platforms.unix; }; diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 8c66e41f4cd..f1e3f6b7301 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { mainSrc = base.src; - patchesSrc = base.patches; + patchesSrc = base.upstreamPatchTarball; srcs = [mainSrc] ++ stdenv.lib.optional enableCopyDevicesPatch patchesSrc; patches = stdenv.lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; |