Skip to content

[Backport staging-25.11] inetutils: 2.6 -> 2.7, apply patches for CVE-2026-24061#483583

Merged
vcunat merged 1 commit into
staging-25.11from
backport-482476-to-staging-25.11
Jan 25, 2026
Merged

[Backport staging-25.11] inetutils: 2.6 -> 2.7, apply patches for CVE-2026-24061#483583
vcunat merged 1 commit into
staging-25.11from
backport-482476-to-staging-25.11

Conversation

@nixpkgs-ci

@nixpkgs-ci nixpkgs-ci Bot commented Jan 25, 2026

Copy link
Copy Markdown
Contributor

Bot-based backport to staging-25.11, triggered by a label in #482476.

Before merging, ensure that this backport is acceptable for the release.

Even as a non-committer, if you find that it is not acceptable, leave a comment.

Tip

If you maintain all packages touched by this pull request, and they are all located under pkgs/by-name/*, you can comment @NixOS/nixpkgs-merge-bot merge to automatically merge this PR using the nixpkgs-merge-bot.

https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html

2.7 release also seems to include another security fix:
> syslogd: Fix a stack-based buffer overflow (CWE-121).

Changes:
https://codeberg.org/inetutils/inetutils/src/tag/v2.7/NEWS.md
(cherry picked from commit b28f663)
@nixpkgs-ci nixpkgs-ci Bot added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Jan 25, 2026
@nixpkgs-ci nixpkgs-ci Bot added the 2.status: merge-bot eligible This PR can be merged by commenting "@NixOS/nixpkgs-merge-bot merge". label Jan 25, 2026
@nixpkgs-ci nixpkgs-ci Bot requested a review from matthewbauer January 25, 2026 09:01
@nixpkgs-ci nixpkgs-ci Bot added 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches. 4.workflow: backport This targets a stable branch labels Jan 25, 2026
@vcunat vcunat added this pull request to the merge queue Jan 25, 2026
Merged via the queue into staging-25.11 with commit d7c2feb Jan 25, 2026
31 checks passed
@vcunat vcunat deleted the backport-482476-to-staging-25.11 branch January 25, 2026 09:13
@ck3d

ck3d commented Feb 8, 2026

Copy link
Copy Markdown
Contributor

This PR breaks the build of inetutils on darwin:

openat-die.c:38:10: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
   37 |   error (exit_failure, errnum,
      |   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   38 |          _("unable to record current working directory"));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

@vcunat

vcunat commented Feb 8, 2026

Copy link
Copy Markdown
Member

Yes. The original PR broke it most likely already, so it's there where I had commented about that: #482476

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 2.status: merge-bot eligible This PR can be merged by commenting "@NixOS/nixpkgs-merge-bot merge". 4.workflow: backport This targets a stable branch 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants