diff options
author | Lancelot SIX <lsix@lancelotsix.com> | 2019-12-08 18:13:40 +0100 |
---|---|---|
committer | Bjørn Forsman <bjorn.forsman@gmail.com> | 2019-12-08 21:03:39 +0100 |
commit | 337cd5cc8a3d5ce1721c5a8b990b489e473591c6 (patch) | |
tree | 6f00a1adca874a84c8e84a8c405f326f0cae4663 /pkgs | |
parent | eeda68a88ede8ba964cee636ccad217db1793330 (diff) | |
download | nixlib-337cd5cc8a3d5ce1721c5a8b990b489e473591c6.tar nixlib-337cd5cc8a3d5ce1721c5a8b990b489e473591c6.tar.gz nixlib-337cd5cc8a3d5ce1721c5a8b990b489e473591c6.tar.bz2 nixlib-337cd5cc8a3d5ce1721c5a8b990b489e473591c6.tar.lz nixlib-337cd5cc8a3d5ce1721c5a8b990b489e473591c6.tar.xz nixlib-337cd5cc8a3d5ce1721c5a8b990b489e473591c6.tar.zst nixlib-337cd5cc8a3d5ce1721c5a8b990b489e473591c6.zip |
vmTools.fillDiskWithRPMs: fix cpio use
When updating to cpio-2.13 in fe758f5fa368ebcdc03419c54412dd9abfd76b35, a patch from SUSE was dropped. This patch was intended to resolve CVE-2015-1197, and introduced the '--extract-over-symlink' option to disable its own effects. The CVE-2015-1197 was fixed in cpio-2.13 release[1] by other means, making this patch useless. Given that this patch is no longer used, we do not need to disable its effects anymore with the `--extract-over-symlink` argument switch. This Commit fixes #74984 [1] https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/build-support/vm/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index 335cab7c45e1..a7050f52e521 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -430,7 +430,7 @@ rec { set +o pipefail for i in $rpms; do echo "$i..." - ${rpm}/bin/rpm2cpio "$i" | chroot /mnt ${cpio}/bin/cpio -i --make-directories --unconditional --extract-over-symlinks + ${rpm}/bin/rpm2cpio "$i" | chroot /mnt ${cpio}/bin/cpio -i --make-directories --unconditional done eval "$preInstall" |