Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gdal: add patch for CVE-2019-17545 #72054

Merged
merged 2 commits into from Nov 9, 2019
Merged

gdal: add patch for CVE-2019-17545 #72054

merged 2 commits into from Nov 9, 2019

Conversation

risicle
Copy link
Contributor

@risicle risicle commented Oct 26, 2019

Motivation for this change

https://nvd.nist.gov/vuln/detail/CVE-2019-17545

Patches added for 3.0.1 and 2.4.0 variants - it does look like the patch would apply fine to 1.11 too, but I'm not quite confident enough the result would be correct.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

@mmahut
Copy link
Member

mmahut commented Oct 27, 2019

@GrahamcOfBorg build gdal gdal_2

vcunat added a commit that referenced this pull request Nov 9, 2019
@vcunat
Merge #72054: gdal: add patch for CVE-2019-17545
019fcab
@vcunat vcunat merged commit def1769 into NixOS:master Nov 9, 2019
vcunat added a commit that referenced this pull request Nov 9, 2019
@vcunat
Merge #72054: gdal: add patch for CVE-2019-17545
2225680 
(cherry picked from commit 019fcab)
@risicle risicle mentioned this pull request Nov 9, 2019
Merged
10 tasks
dtzWill pushed a commit to dtzWill/nixpkgs that referenced this pull request Nov 10, 2019
@vcunat @dtzWill
Merge NixOS#72054: gdal: add patch for CVE-2019-17545
932f3ed 
(cherry picked from commit 019fcab)
@risicle risicle mentioned this pull request Nov 11, 2019
Merged
10 tasks
hax404 pushed a commit to hax404/nixpkgs that referenced this pull request Nov 13, 2019
@vcunat @hax404
Merge NixOS#72054: gdal: add patch for CVE-2019-17545
e6fdae9 
(cherry picked from commit 019fcab)
@dotlambda
Copy link
Member

Was there a reason not to patch CVE-2019-17546? #111308

@risicle
Copy link
Contributor Author

risicle commented Jan 30, 2021

Hard to think back to 2019, but I imagine I didn't think we really use the internal libtiff and I was generally targeting the most severe vulnerabilities at this point.

@FliegendeWurst FliegendeWurst mentioned this pull request Feb 20, 2022
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcunat vcunat vcunat approved these changes

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 11-100 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@risicle @mmahut @dotlambda @vcunat @veprbl