Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.09] glibc: 2.31 -> 2.31-74 (CVE-2019-25013 CVE-2020-29562 CVE-2021-3326) #109123

Merged
merged 1 commit into from Feb 1, 2021
Merged

[20.09] glibc: 2.31 -> 2.31-74 (CVE-2019-25013 CVE-2020-29562 CVE-2021-3326) #109123

merged 1 commit into from Feb 1, 2021

Conversation

TredwellGit
Copy link
Member

Motivation for this change

https://sourceware.org/glibc/wiki/Release
https://sourceware.org/git/?p=glibc.git;a=log;h=refs/heads/release/2.31/master

Things done

@TredwellGit
Copy link
Member Author

#109089

@erictapen erictapen mentioned this pull request Jan 12, 2021
Closed
10 tasks
@jonringer
Copy link
Contributor

@GrahamcOfBorg build python3Packages.requests

@ofborg ofborg bot requested a review from edolstra January 12, 2021 19:45
@erictapen
Copy link
Member

erictapen commented Jan 13, 2021
edited

This includes the backport of #108571.

@TredwellGit
Copy link
Member Author

Not really. It is switching to the Glibc release branch which carries many other significant fixes as well.

@erictapen
Copy link
Member

@TredwellGit Alright, I reworded my comment. Just mentioned the issue so its needs: port to stable label can be removed when this is merged.

@TredwellGit TredwellGit changed the title [20.09] glibc: 2.31 -> 2.31-71 (CVE-2019-25013) [20.09] glibc: 2.31 -> 2.31-72 (CVE-2019-25013) Jan 13, 2021
@jonringer
Copy link
Contributor

@GrahamcOfBorg build python3Packages.requests

@TredwellGit TredwellGit changed the title [20.09] glibc: 2.31 -> 2.31-72 (CVE-2019-25013) [20.09] glibc: 2.31 -> 2.31-73 (CVE-2019-25013) Jan 13, 2021
@TredwellGit
Copy link
Member Author

@GrahamcOfBorg build python3Packages.requests

@TredwellGit
Copy link
Member Author

What needs to be done to get this merged?

@TredwellGit TredwellGit changed the title [20.09] glibc: 2.31 -> 2.31-73 (CVE-2019-25013) [20.09] glibc: 2.31 -> 2.31-74 (CVE-2019-25013) Jan 29, 2021
@dotlambda
Copy link
Member

@FRidh @NeQuissimus @jonringer ping

erictapen
erictapen approved these changes Jan 30, 2021
View reviewed changes
Copy link
Member

@erictapen erictapen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I did:

  • Check that 2.31-master.patch.gz was generated with the mentioned commands.
  • Check that CVEs of all removed patches were actually fixed in release/2.31/master, due to NEWS.

Also I'm currently rebuilding my whole system with this PR and will merge if it succeeds.

@NeQuissimus
Copy link
Member

I think this should go along with #111020.
@roberth @jonringer @mweinelt ?

@roberth
Copy link
Member

roberth commented Jan 30, 2021

I think this should go along with #111020.

The staging build has completed, so I'd prefer to merge #111020 and add this to the next batch. staging-20.09 should cycle quickly because it is not as "experimental" as master's staging.
If we can't merge #111020, we can't deliver this PR either. Next cycle will be short afaic.

@erictapen
Copy link
Member

I just finished building and deploying all my systems with this PR. Next glibc upgrade won't be reviewed so thoroughly by me^^.
Waiting with merge for #111020.

@jonringer
Copy link
Contributor

jonringer commented Feb 1, 2021
edited

Hmm, if I had [create/edit] hydra powers, I would make a staging-next-20.09 and change the hydra jobset, but I don't :(

For the 21.05 release, I think will change the creation steps to point to a staging-next-YY-MM,

@roberth roberth merged commit 23622bc into NixOS:staging-20.09 Feb 1, 2021
@TredwellGit TredwellGit deleted the 20.09-glibc branch February 1, 2021 23:00
@TredwellGit TredwellGit changed the title [20.09] glibc: 2.31 -> 2.31-74 (CVE-2019-25013) [20.09] glibc: 2.31 -> 2.31-74 (CVE-2019-25013 CVE-2021-3326) Feb 1, 2021
@dotlambda dotlambda mentioned this pull request Feb 2, 2021
Closed
2 tasks
@dotlambda
Copy link
Member

Does this also fix CVE-2020-29562? See #109170.

@TredwellGit
Copy link
Member Author

Yes. https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1e40391de25da093946dc95273c7f77e6cabee3a;hp=568c86274a00a2f5dcd126893b076f419909a2b5

@TredwellGit TredwellGit changed the title [20.09] glibc: 2.31 -> 2.31-74 (CVE-2019-25013 CVE-2021-3326) [20.09] glibc: 2.31 -> 2.31-74 (CVE-2019-25013 CVE-2020-29562 CVE-2021-3326) Feb 4, 2021
@r-burns r-burns added this to Done in Staging (stable) Oct 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erictapen erictapen erictapen approved these changes

@NeQuissimus NeQuissimus Awaiting requested review from NeQuissimus

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@edolstra edolstra Awaiting requested review from edolstra

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 11-100 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 10.rebuild-linux-stdenv
Projects
Staging (stable)
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@TredwellGit @jonringer @erictapen @dotlambda @NeQuissimus @roberth