New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pythonPackages.lxml: 4.6.2 -> 4.6.3, addressing CVE-2021-28957 #117788
Conversation
The fix is basically the only patch in 4.6.2 -> 4.6.3, so can happily just cherry-pick to 20.09 |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Yep! Looks fine apart from that. |
Sorry, I disable branch editing because having people alter my branches confuses the shit out of me. Rebased/retargeted now. |
|
Result of 742 packages marked as broken and skipped:
19089 packages skipped due to time constraints:
21 packages built successfully:
Result of 838 packages marked as broken and skipped:
17151 packages skipped due to time constraints:
21 packages built successfully:
|
@ofborg eval |
manual probably fails because the uncached mass rebuild. |
Motivation for this change
https://nvd.nist.gov/vuln/detail/CVE-2021-28957
Haven't done a full re-eval yet, have a feeling I'm going to have to retarget this at staging..
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)