Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.09] musl: patch CVE-2020-28928 #105459

Merged
merged 1 commit into from Nov 30, 2020
Merged

[20.09] musl: patch CVE-2020-28928 #105459

merged 1 commit into from Nov 30, 2020

Conversation

mweinelt
Copy link
Member

Motivation for this change

Destination buffer overflow in wcsnrtombs.

Fixes: CVE-2020-28928
(cherry picked from commit 138abad)

Backport #104385

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@mweinelt
musl: patch CVE-2020-28928
712d3fc 
Destination buffer overflow in wcsnrtombs.

Fixes: CVE-2020-28928
(cherry picked from commit 138abad)
@mweinelt mweinelt changed the title musl: patch CVE-2020-28928 [20.09] musl: patch CVE-2020-28928 Nov 30, 2020
@mweinelt mweinelt requested a review from andir November 30, 2020 15:41
@mweinelt
Copy link
Member Author

Result of nixpkgs-review pr 105459 run on x86_64-linux 1

5 packages marked as broken and skipped:
  • crystal2nix
  • fusionInventory
  • nix-exec
  • python37Packages.nixpkgs
  • python38Packages.nixpkgs
52 packages built:
  • bundix
  • busybox-sandbox-shell
  • cabal2nix
  • cachix
  • common-updater-scripts
  • crate2nix
  • dep2nix
  • disnix
  • disnixos
  • go2nix
  • hercules-ci-agent
  • hydra-migration
  • hydra-unstable
  • lispPackages.quicklisp-to-nix
  • lispPackages.quicklisp-to-nix-system-info
  • musl
  • nix (nixStable)
  • nix-binary-cache
  • nix-bundle
  • nix-direnv
  • nix-doc
  • nix-du
  • nix-index
  • nix-pin
  • nix-plugins
  • nix-prefetch
  • nix-prefetch-bzr
  • nix-prefetch-cvs
  • nix-prefetch-docker
  • nix-prefetch-git
  • nix-prefetch-hg
  • nix-prefetch-scripts
  • nix-prefetch-svn
  • nix-review (nixpkgs-review)
  • nix-serve
  • nix-update
  • nix-update-source
  • nixFlakes (nixUnstable)
  • nixos-generators
  • nixos-shell
  • nixui
  • python27Packages.nix-kernel
  • python37Packages.nassl
  • python37Packages.nix-kernel
  • python37Packages.pythonix
  • python37Packages.sslyze
  • python38Packages.nassl
  • python38Packages.nix-kernel
  • python38Packages.pythonix
  • sslyze (python38Packages.sslyze)
  • vgo2nix
  • vulnix

@mweinelt mweinelt merged commit ed00136 into NixOS:release-20.09 Nov 30, 2020
@mweinelt mweinelt deleted the 20.09/musl branch January 19, 2021 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andir andir Awaiting requested review from andir

@dtzWill dtzWill Awaiting requested review from dtzWill

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@mweinelt