Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl: add patch for CVE-2021-22945 #139669

Merged
merged 1 commit into from
Oct 14, 2021
Merged

curl: add patch for CVE-2021-22945 #139669

merged 1 commit into from
Oct 14, 2021

Conversation

risicle
Copy link
Contributor

@risicle risicle commented Sep 27, 2021

Motivation for this change

https://curl.se/docs/CVE-2021-22945.html

Included patch as all curl patches need to be in-repo due to bootstrapping issues.

Patching instead of bumping because we're still stuck in a log jam over curl (#124502).

(Only built the anonymous early-stage curl on darwin as the bootstrap loop is so big)

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • 21.11 Release Notes (or backporting 21.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@risicle risicle added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 27, 2021
@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild label Sep 27, 2021
@ofborg ofborg bot requested a review from lovek323 September 27, 2021 23:18
@risicle
curl: add patch for CVE-2021-22945
13f8720 
included as all curl patches need to be in-repo due to
bootstrapping issues
@risicle risicle force-pushed the ris-curl-CVE-2021-22945 branch from 017e77c to 13f8720 Compare September 28, 2021 17:23
@vcunat
Copy link
Member

vcunat commented Sep 29, 2021

I'd really prefer if we could unblock updates in some of the proposed ways.

@lukegb
Copy link
Contributor

lukegb commented Oct 14, 2021

I'm keen to land any sort of patch for this, but I agree that this can't be the direction going forwards.

@lukegb lukegb merged commit 1beae6c into NixOS:staging Oct 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mindavi Mindavi Mindavi left review comments

@lovek323 lovek323 Awaiting requested review from lovek323

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@risicle @vcunat @lukegb @Mindavi