New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[20.03] wolfssl: v4.3.0 → v4.4.0 #86999
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Tested with a wolfssl build of curl 7.70.0 (slightly more recent than the current nixpkgs version which is needed due to some API changes).
@mcmtroffaes Do we need to wait for #86799 to be backported before backporting this? |
@ryantm I don't think we need to wait for the curl update to get merged, as this wolfssl update doesn't break any existing builds currently in nixpkgs. |
@mcmtroffaes That is true, but some people might be building curl with |
@ryantm You're completely right. I had missed that curl had grown an option in nixpkgs to officially support the wolfssl build and was still doing my own local override. I've tested the new nixpkgs option, and yes, I agree, we should probably hold off merging this until curl has been updated. |
Curl was merged. Is this good to go? |
@Mic92 It doesn't look like curl was backported yet so nope. |
ccing @lovek323 as curl maintainer. |
Fixes: CVE-2020-11713 (cherry picked from commit 6baa4e7)
e5c3910
to
29f44d0
Compare
Rebased on top of staging-20.03 where the curl version has been bumped. Can someone merge this, please? Ref. #91408 |
Is the curl issue resolved? Ah. looks like it. |
Motivation for this change
Backport #86997
Fixes: CVE-2020-11713
(cherry picked from commit 6baa4e7)
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)