mirror of
https://github.com/nix-community/nixos-anywhere.git
synced 2024-07-14 19:40:42 +03:00
Merge pull request #234 from nix-community/update_flake_lock
flake.lock: Update
This commit is contained in:
commit
7973a36f24
36
flake.lock
36
flake.lock
@ -7,11 +7,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694710969,
|
||||
"narHash": "sha256-5nMY+3JF/ktW8D8URataP6MCbbnID13P4CixARNoq6w=",
|
||||
"lastModified": 1698422527,
|
||||
"narHash": "sha256-SDu3Xg263t3oXIyTaH0buOvFnKIDeZsvKDBtOz+jRbs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "91af5b4a53ee8e57f4178ef58036dce49fbda91a",
|
||||
"rev": "944d338d24a9d043a3f7461c30ee6cfe4f9cca30",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -28,11 +28,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693611461,
|
||||
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
|
||||
"lastModified": 1698882062,
|
||||
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
|
||||
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -43,11 +43,11 @@
|
||||
},
|
||||
"nixos-2305": {
|
||||
"locked": {
|
||||
"lastModified": 1694724971,
|
||||
"narHash": "sha256-NazxO2WuzV1pVnVoFpo7vJbgTTDhywhDxEDwFw6tyWY=",
|
||||
"lastModified": 1698911509,
|
||||
"narHash": "sha256-FFwqTbF+1laraWTL/t7LI+gN+DYfoj+iFYLof5wCea8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "16a63df66bfefec64daab3da10d414055d782d66",
|
||||
"rev": "ecd985f22e007e6ac3152d68590c06cbbaea8c0e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -67,11 +67,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694429687,
|
||||
"narHash": "sha256-fopTSMmOjk7/ro8+P2wZxAC8OPUKtuwHLNp2xSPXVjc=",
|
||||
"lastModified": 1697515196,
|
||||
"narHash": "sha256-EZivLoJHCqJdi23Mn/p+lPNHBBctGSWzEnAhYfC0VD0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-images",
|
||||
"rev": "c4c73bce65306a1e747684dd0d4bcf0ab2779585",
|
||||
"rev": "87bccdbdfbeb07e0c4fb4c2ec3d71986e8fa24d9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -82,11 +82,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1694669921,
|
||||
"narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=",
|
||||
"lastModified": 1698800439,
|
||||
"narHash": "sha256-SrAwRi266j7U9XqCl0qPwsvcFiQ55iPXEK36ZX6QPjE=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c",
|
||||
"rev": "0ac7840a74c53b62f124e86fcde8cdd45f2bc131",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -113,11 +113,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694528738,
|
||||
"narHash": "sha256-aWMEjib5oTqEzF9f3WXffC1cwICo6v/4dYKjwNktV8k=",
|
||||
"lastModified": 1698438538,
|
||||
"narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "7a49c388d7a6b63bb551b1ddedfa4efab8f400d8",
|
||||
"rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -16,6 +16,11 @@
|
||||
, mkShellNoCC
|
||||
}:
|
||||
let
|
||||
# TODO: add this to nixpkgs
|
||||
rsync' = rsync.overrideAttrs (old: {
|
||||
# https://github.com/WayneD/rsync/issues/511#issuecomment-1774612577
|
||||
patches = [ ./rsync-fortified-strlcpy-fix.patch ];
|
||||
});
|
||||
runtimeDeps = [
|
||||
gitMinimal # for git flakes
|
||||
# pinned because nix-copy-closure hangs if ControlPath provided for SSH: https://github.com/NixOS/nix/issues/8480
|
||||
@ -26,6 +31,7 @@ let
|
||||
gawk
|
||||
findutils
|
||||
gnused # needed by ssh-copy-id
|
||||
rsync' # used to upload extra-files
|
||||
];
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
@ -41,12 +47,12 @@ stdenv.mkDerivation {
|
||||
#
|
||||
# We also prefer system rsync to prevent crashes between rsync and ssh.
|
||||
wrapProgram $out/bin/nixos-anywhere \
|
||||
--prefix PATH : ${lib.makeBinPath runtimeDeps} --suffix PATH : ${lib.makeBinPath [ openssh rsync ]}
|
||||
--prefix PATH : ${lib.makeBinPath runtimeDeps} --suffix PATH : ${lib.makeBinPath [ openssh ]}
|
||||
'';
|
||||
|
||||
# Dependencies for our devshell
|
||||
passthru.devShell = mkShellNoCC {
|
||||
packages = runtimeDeps ++ [ openssh rsync terraform-docs ];
|
||||
packages = runtimeDeps ++ [ openssh terraform-docs ];
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
|
49
src/rsync-fortified-strlcpy-fix.patch
Normal file
49
src/rsync-fortified-strlcpy-fix.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
|
||||
From: Jiri Slaby <jslaby@suse.cz>
|
||||
Date: Fri, 18 Aug 2023 08:26:20 +0200
|
||||
Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
|
||||
|
||||
Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
|
||||
its third parameter (size) is larger than the buffer:
|
||||
$ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
|
||||
sending incremental file list
|
||||
*** buffer overflow detected ***: terminated
|
||||
|
||||
It's in the exclude code in setup_merge_file():
|
||||
strlcpy(y, save, MAXPATHLEN);
|
||||
|
||||
Note the 'y' pointer was incremented, so it no longer points to memory
|
||||
with MAXPATHLEN "owned" bytes.
|
||||
|
||||
Fix it by remembering the number of copied bytes into the 'save' buffer
|
||||
and use that instead of MAXPATHLEN which is clearly incorrect.
|
||||
|
||||
Fixes #511.
|
||||
---
|
||||
exclude.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/exclude.c b/exclude.c
|
||||
index ffe55b167..1a5de3b9e 100644
|
||||
--- a/exclude.c
|
||||
+++ b/exclude.c
|
||||
@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
|
||||
parent_dirscan = True;
|
||||
while (*y) {
|
||||
char save[MAXPATHLEN];
|
||||
- strlcpy(save, y, MAXPATHLEN);
|
||||
+ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
|
||||
+ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
|
||||
*y = '\0';
|
||||
dirbuf_len = y - dirbuf;
|
||||
strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
|
||||
@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
|
||||
lp->head = NULL;
|
||||
}
|
||||
lp->tail = NULL;
|
||||
- strlcpy(y, save, MAXPATHLEN);
|
||||
+ strlcpy(y, save, copylen);
|
||||
while ((*x++ = *y++) != '/') {}
|
||||
}
|
||||
parent_dirscan = False;
|
||||
|
Loading…
Reference in New Issue
Block a user