Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opencv4: 4.1.0 -> 4.1.2, addressing CVE-2019-14491, CVE-2019-14492 & CVE-2019-15939 #72600

Merged
merged 1 commit into from Nov 2, 2019
Merged

opencv4: 4.1.0 -> 4.1.2, addressing CVE-2019-14491, CVE-2019-14492 & CVE-2019-15939 #72600

merged 1 commit into from Nov 2, 2019

Conversation

risicle
Copy link
Contributor

@risicle risicle commented Nov 2, 2019
edited

Motivation for this change

https://nvd.nist.gov/vuln/detail/CVE-2019-14491
https://nvd.nist.gov/vuln/detail/CVE-2019-14492
https://nvd.nist.gov/vuln/detail/CVE-2019-15939

Most internal downloads are unchanged except for "ade" which was bumped from v0.1.1d to v0.1.1f between these releases.

Only failing reverse dependency is winswitch on linux which was failing already.

Now for 3.x...

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @mdaiter @basvandijk

@risicle
opencv4: 4.1.0 -> 4.1.2 (security)
d623837 
resolving CVE-2019-14491, CVE-2019-14492 & CVE-2019-15939

most internal downloads are unchanged except for "ade" which was bumped
from v0.1.1d to v0.1.1f between these releases
@risicle risicle changed the title opencv4: 4.1.0 -> 4.1.2, addressing resolving CVE-2019-14491, CVE-2019-14492 & CVE-2019-15939 opencv4: 4.1.0 -> 4.1.2, addressing CVE-2019-14491, CVE-2019-14492 & CVE-2019-15939 Nov 2, 2019
@ofborg ofborg bot requested a review from basvandijk November 2, 2019 17:15
@mdaiter
Copy link
Contributor

mdaiter commented Nov 2, 2019

Looks great @risicle ! And we get to remove that patch function. You've got my permission to merge, haha.

@risicle
Copy link
Contributor Author

risicle commented Nov 2, 2019

@GrahamcOfBorg build python37Packages.opencv4 python27Packages.opencv4 xpra

@c0bw3b c0bw3b added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Nov 2, 2019
@c0bw3b
Copy link
Contributor

c0bw3b commented Nov 2, 2019
edited

@risicle is it indeed backportable? I may remove the label otherwise.

About winswitch: I was sure this was marked broken already...
Yes broken since 5aa4b19 so ignore it.

@andir andir self-assigned this Nov 2, 2019
@risicle
Copy link
Contributor Author

risicle commented Nov 2, 2019

Haven't decided what to do about 19.09 yet. Could just bump it similarly, but I do know the necessary patches for the issues.

@andir
Copy link
Member

andir commented Nov 2, 2019

Haven't decided what to do about 19.09 yet. Could just bump it similarly, but I do know the necessary patches for the issues.

@risicle If it is effectively the same I'd prefer bumping the version. Less moving parts. Simpler since we might not be missing things by accident. If it brings change of API/behavior then we should apply patches.

@risicle
Copy link
Contributor Author

risicle commented Nov 2, 2019

It being a point release it should be fine.

@andir andir merged commit dbbadbb into NixOS:master Nov 2, 2019
This was referenced Nov 3, 2019
Merged
Merged
@TredwellGit TredwellGit added 8.has: port to stable A PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. labels Aug 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@basvandijk basvandijk Awaiting requested review from basvandijk

Assignees

@andir andir

Labels
1.severity: security 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@risicle @mdaiter @c0bw3b @andir @TredwellGit