Skip to content

[20.03] openssl(_1_1): patch CVE-2019-1551 #84084

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2020
Merged

[20.03] openssl(_1_1): patch CVE-2019-1551 #84084

merged 1 commit into from
Apr 2, 2020
+938 −0

Conversation

flokli
Copy link
Contributor

@flokli flokli commented Apr 2, 2020

fetchpatch can't be used here and fetchurl from GitHub
like in PR #82928 has the risk of breaking the hash later;
fortunately the patches aren't too large.

(cherry picked from commit 2071e3b)

Motivation for this change

#82789 (comment)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@vcunat @flokli
openssl(_1_1): patch CVE-2019-1551

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
5e24f4b 
fetchpatch can't be used here and fetchurl from GitHub
like in PR NixOS#82928 has the risk of breaking the hash later;
fortunately the patches aren't too large.

(cherry picked from commit 2071e3b)
@flokli flokli requested review from andir and vcunat April 2, 2020 07:59
@flokli
Copy link
Contributor Author

flokli commented Apr 2, 2020

@GrahamcOfBorg build python3.pkgs.pyopenssl

@flokli flokli changed the title openssl(_1_1): patch CVE-2019-1551 [20.03] openssl(_1_1): patch CVE-2019-1551 Apr 2, 2020
This was referenced Apr 2, 2020
Closed
Closed
Closed
@vcunat vcunat merged commit 0d5664a into NixOS:staging-20.03 Apr 2, 2020
@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild label Apr 2, 2020
@ofborg ofborg bot requested a review from peti April 2, 2020 08:23
@flokli flokli deleted the 20.03-openssl-1.1.1d-CVE-2019-1551 branch April 2, 2020 08:28
@flokli
Copy link
Contributor Author

flokli commented Apr 2, 2020

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcunat vcunat

@andir andir

@peti peti

Assignees
No one assigned
Labels
10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@flokli @vcunat