Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

rocon...@theorem.ca writes: > I am using the following expression which I believe will build a patched > version of glibc locally, and then build a patched NixOS derivation. > > system.replaceRuntimeDependencies = with pkgs.lib; > [{original = pkgs.glibc; replacement = >

Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

On 02/16/2016 04:37 PM, Shea Levy wrote: > Eelco, Rob, can we do anything to ensure hydra capacity for the rebuild? Well, fixed release-15.09-small channel was released yesterday evening (European time). That was pretty fast. I got Hydra admin privileges recently, so I'll try to ensure the rest

Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

On 2016-02-16 14:25, Kosyrev Serge wrote: > rocon...@theorem.ca writes: >> I am using the following expression which I believe will build a >> patched >> version of glibc locally, and then build a patched NixOS derivation. >> >> system.replaceRuntimeDependencies = with pkgs.lib; >>

Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

On Tue, 16 Feb 2016, Kosyrev Serge wrote: > rocon...@theorem.ca writes: >> I am using the following expression which I believe will build a patched >> version of glibc locally, and then build a patched NixOS derivation. >> >> system.replaceRuntimeDependencies = with pkgs.lib; >> [{original

Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

I am using the following expression which I believe will build a patched version of glibc locally, and then build a patched NixOS derivation. system.replaceRuntimeDependencies = with pkgs.lib; [{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: {

Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

Hi all, Nathan Zadoks has offered to allow users to download the new glibc from his hydra while we wait for hydra.nixos.org to catch up. To fetch it, as root run: # nix-store -r /nix/store/5fbwy40pa4pqr97jdgbyaal1y1ns6hb1-glibc-2.21 --option binary-caches https://code.nathan7.eu/hydra

Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

Fixed patch pushed to master, 15.09, and 14.12. On 2016-02-16 10:58, Shea Levy wrote: > There was an error with the patch, we're cooking up a fix now. > > On 2016-02-16 10:37, Shea Levy wrote: >> Hi all, >> >> I've just merged the patch to fix CVE-2015-7547, a buffer overrun in >> glibc with

Re: [Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

There was an error with the patch, we're cooking up a fix now. On 2016-02-16 10:37, Shea Levy wrote: > Hi all, > > I've just merged the patch to fix CVE-2015-7547, a buffer overrun in > glibc with working POC exploit, into master and 15.09. It will take > some > time for the channel to update,

[Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

Hi all, I've just merged the patch to fix CVE-2015-7547, a buffer overrun in glibc with working POC exploit, into master and 15.09. It will take some time for the channel to update, so please use your judgment as to whether you want to wait for that or switch to building from git until it