diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-03-22 16:41:59 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-03-22 16:41:59 +0100 |
commit | 46a88117a05c3469af5d99433af140c3de8ca088 (patch) | |
tree | d7f0557756d8f07a3081b3498c05ddc5a8ad429d /nixpkgs/pkgs/tools/package-management/nix/common.nix | |
parent | e97457545cea0b2ca421da257c83d8f1ef451d85 (diff) | |
parent | a343533bccc62400e8a9560423486a3b6c11a23b (diff) | |
download | nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.gz nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.bz2 nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.lz nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.xz nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.zst nixlib-46a88117a05c3469af5d99433af140c3de8ca088.zip |
Merge commit 'a343533bccc62400e8a9560423486a3b6c11a23b'
Diffstat (limited to 'nixpkgs/pkgs/tools/package-management/nix/common.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/package-management/nix/common.nix | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/package-management/nix/common.nix b/nixpkgs/pkgs/tools/package-management/nix/common.nix index cab48bbaf5b6..d0840d206b67 100644 --- a/nixpkgs/pkgs/tools/package-management/nix/common.nix +++ b/nixpkgs/pkgs/tools/package-management/nix/common.nix @@ -15,6 +15,15 @@ let atLeast210 = lib.versionAtLeast version "2.10pre"; atLeast213 = lib.versionAtLeast version "2.13pre"; atLeast214 = lib.versionAtLeast version "2.14pre"; + atLeast220 = lib.versionAtLeast version "2.20pre"; + atLeast221 = lib.versionAtLeast version "2.21pre"; + # Major.minor versions unaffected by CVE-2024-27297 + unaffectedByFodSandboxEscape = [ + "2.3" + "2.18" + "2.19" + "2.20" + ]; in { stdenv , autoconf-archive @@ -40,6 +49,7 @@ in , lib , libarchive , libcpuid +, libgit2 , libsodium , libxml2 , libxslt @@ -118,6 +128,8 @@ self = stdenv.mkDerivation { gtest libarchive lowdown + ] ++ lib.optionals atLeast220 [ + libgit2 ] ++ lib.optionals stdenv.isDarwin [ Security ] ++ lib.optionals (stdenv.isx86_64) [ @@ -249,6 +261,7 @@ self = stdenv.mkDerivation { platforms = platforms.unix; outputsToInstall = [ "out" ] ++ optional enableDocumentation "man"; mainProgram = "nix"; + knownVulnerabilities = lib.optional (!builtins.elem (lib.versions.majorMinor version) unaffectedByFodSandboxEscape && !atLeast221) "CVE-2024-27297"; }; }; in self |