New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libexif: apply patches for CVE-2020-0196, CVE-2020-0452 #103144
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
(fetchpatch { | ||
name = "CVE-2020-0198.patch"; | ||
url = "https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c.patch"; | ||
sha256 = "0cy3kspggysmj7y15m2klsbq7zw3ir3bb1sw6bv4prnx2c5mb667"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both sha256
are wrong for me?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Must be caching. sigh
Will fix after dinner asap.
* CVE-2020-0198: unsigned integer overflow in exif_data_load_data_content * CVE-2020-0452: compiler optimization could remove an a bufferoverflow check, making a buffer overflow possible with some EXIF tags Fixes: CVE-2020-0196, CVE-2020-0452
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you.
Motivation for this change
Had to rebase the commits, because they don't cleanly apply without picking other stuff, so I added them as patches to the repo.
Fixes: CVE-2020-0196, CVE-2020-0452
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)