Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.03] wolfssl: v4.3.0 → v4.4.0 #86999

Merged
merged 1 commit into from Jun 25, 2020
Merged

[20.03] wolfssl: v4.3.0 → v4.4.0 #86999

merged 1 commit into from Jun 25, 2020

Conversation

mweinelt
Copy link
Member

@mweinelt mweinelt commented May 5, 2020

Motivation for this change

Backport #86997

Fixes: CVE-2020-11713
(cherry picked from commit 6baa4e7)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot requested a review from mcmtroffaes May 5, 2020 21:14
mcmtroffaes
mcmtroffaes approved these changes May 6, 2020
View reviewed changes
Copy link
Contributor

@mcmtroffaes mcmtroffaes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Tested with a wolfssl build of curl 7.70.0 (slightly more recent than the current nixpkgs version which is needed due to some API changes).

@ryantm
Copy link
Member

ryantm commented May 7, 2020

@mcmtroffaes Do we need to wait for #86799 to be backported before backporting this?

@mcmtroffaes
Copy link
Contributor

@ryantm I don't think we need to wait for the curl update to get merged, as this wolfssl update doesn't break any existing builds currently in nixpkgs.

@ryantm
Copy link
Member

ryantm commented May 9, 2020

@mcmtroffaes That is true, but some people might be building curl with wolfsslSupport set to true, won't they be messed up?

@mcmtroffaes
Copy link
Contributor

@ryantm You're completely right. I had missed that curl had grown an option in nixpkgs to officially support the wolfssl build and was still doing my own local override. I've tested the new nixpkgs option, and yes, I agree, we should probably hold off merging this until curl has been updated.

@prusnak prusnak added the 8.has: port to stable A PR already has a backport to the stable release. label May 11, 2020
@Mic92
Copy link
Member

Mic92 commented Jun 12, 2020

Curl was merged. Is this good to go?

@ryantm
Copy link
Member

ryantm commented Jun 12, 2020

@Mic92 It doesn't look like curl was backported yet so nope.

@mweinelt
Copy link
Member Author

ccing @lovek323 as curl maintainer.

@mweinelt mweinelt mentioned this pull request Jun 18, 2020
Closed
1 task
@ckauhaus ckauhaus mentioned this pull request Jun 22, 2020
Merged
10 tasks
This was referenced Jun 24, 2020
Closed
Merged
@mweinelt
wolfssl: v4.3.0 -> v4.4.0
29f44d0 
Fixes: CVE-2020-11713
(cherry picked from commit 6baa4e7)
@mweinelt mweinelt changed the base branch from release-20.03 to staging-20.03 June 24, 2020 22:24
@mweinelt
Copy link
Member Author

mweinelt commented Jun 24, 2020
edited

Rebased on top of staging-20.03 where the curl version has been bumped. Can someone merge this, please?

Ref. #91408

@ofborg ofborg bot requested a review from mcmtroffaes June 24, 2020 22:37
@Mic92
Copy link
Member

Mic92 commented Jun 25, 2020
edited

Is the curl issue resolved? Ah. looks like it.

@Mic92 Mic92 merged commit 3f21f10 into NixOS:staging-20.03 Jun 25, 2020
@mweinelt mweinelt deleted the 20.03/pr/wolfssl branch June 25, 2020 09:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcmtroffaes mcmtroffaes Awaiting requested review from mcmtroffaes

Assignees
No one assigned
Labels
1.severity: security 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mweinelt @ryantm @mcmtroffaes @Mic92 @prusnak