forked from mirrors/nixpkgs
vmTools.fillDiskWithRPMs: fix cpio use
When updating to cpio-2.13 in fe758f5fa3
,
a patch from SUSE was dropped. This patch was intended to resolve
CVE-2015-1197, and introduced the '--extract-over-symlink' option to
disable its own effects.
The CVE-2015-1197 was fixed in cpio-2.13 release[1] by other means,
making this patch useless.
Given that this patch is no longer used, we do not need to disable its
effects anymore with the `--extract-over-symlink` argument switch.
This Commit fixes #74984
[1] https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
This commit is contained in:
parent
eeda68a88e
commit
337cd5cc8a
|
@ -430,7 +430,7 @@ rec {
|
|||
set +o pipefail
|
||||
for i in $rpms; do
|
||||
echo "$i..."
|
||||
${rpm}/bin/rpm2cpio "$i" | chroot /mnt ${cpio}/bin/cpio -i --make-directories --unconditional --extract-over-symlinks
|
||||
${rpm}/bin/rpm2cpio "$i" | chroot /mnt ${cpio}/bin/cpio -i --make-directories --unconditional
|
||||
done
|
||||
|
||||
eval "$preInstall"
|
||||
|
|
Loading…
Reference in a new issue