Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unzip: apply patch for CVE-2022-0529 and CVE-2022-0530 #209367

Merged
merged 1 commit into from
Jan 12, 2023
Merged

unzip: apply patch for CVE-2022-0529 and CVE-2022-0530 #209367

merged 1 commit into from
Jan 12, 2023

Conversation

LeSuisse
Copy link
Contributor

@LeSuisse LeSuisse commented Jan 6, 2023

Description of changes

https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html
https://github.com/ByteHackr/unzip_poc

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-22.11 labels Jan 6, 2023
@risicle
Copy link
Contributor

risicle commented Jan 6, 2023

Hard to pick a specific test target for this, but did successfully build unzip on macos 10.15, nixos x86_64 (inc pkgsStatic, pkgsMusl & pkgsCross.aarch64-multiplatform variants) and aarch64-linux (inc pkgsStatic, pkgsMusl & pkgsCross.riscv64 variants)

(cherry-picked to nixpkgs-unstable for speed)

@risicle
Copy link
Contributor

risicle commented Jan 7, 2023

@ofborg eval

@risicle risicle merged commit 58784f7 into NixOS:staging Jan 12, 2023
@github-actions github-actions bot mentioned this pull request Jan 12, 2023
Merged
1 task
@github-actions
Copy link
Contributor

Successfully created backport PR #210436 for staging-22.11.

@LeSuisse LeSuisse deleted the unzip-CVE-2022-0529-CVE-2022-0530 branch January 13, 2023 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trofi trofi trofi approved these changes

@risicle risicle risicle approved these changes

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LeSuisse @risicle @trofi