Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pcre: 8.40 -> 8.41 (fixes multiple CVEs) #30963

Closed
wants to merge 1 commit into from
Closed

pcre: 8.40 -> 8.41 (fixes multiple CVEs) #30963

wants to merge 1 commit into from

Conversation

disassembler
Copy link
Member

@disassembler disassembler commented Oct 30, 2017
edited

Motivation for this change

Fixes multiple CVEs. Related to #30959. Needs backport to 17.09.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@orivej
Copy link
Contributor

orivej commented Oct 30, 2017

Please delete obsolete CVE-2017-7186.patch.

@orivej orivej added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Oct 30, 2017
@disassembler
Copy link
Member Author

@vcunat should this go directly to master or do you want it merged to staging?

@orivej
Copy link
Contributor

orivej commented Oct 30, 2017

I think this should go to staging to be batched with e.g. #30965 and 5072f47

@vcunat
Copy link
Member

vcunat commented Oct 30, 2017

Yes, staging. It rebuilds basically everything. I'll review anything else marked with the mass-rebuild tag to see what to put into the same batch.

@disassembler disassembler changed the base branch from master to staging October 30, 2017 18:55
@disassembler disassembler self-assigned this Oct 30, 2017
@vcunat
Copy link
Member

vcunat commented Oct 30, 2017

Upstream release notes are really helpful.

Release 8.41 13-June-2017
-------------------------

This is a bug-fix release.

Release 8.40 11-January-2017
----------------------------

This is a bug-fix release.

@vcunat vcunat self-assigned this Oct 30, 2017
vcunat added a commit that referenced this pull request Oct 30, 2017
@vcunat
Merge #30963: pcre: security 8.40 -> 8.41
62ef08b
vcunat added a commit that referenced this pull request Nov 1, 2017
@vcunat
Merge #30963: pcre: security 8.40 -> 8.41
bbb6ca7 
(cherry picked from commit 62ef08b)
@vcunat vcunat removed the 9.needs: port to stable A PR needs a backport to the stable release. label Nov 1, 2017
@vcunat
Copy link
Member

vcunat commented Nov 2, 2017

It's in master and 17.09 now. I suspect you rebased it in the meantime, and that's why it got a different commit hash.

@vcunat vcunat closed this Nov 2, 2017
@aszlig aszlig mentioned this pull request Nov 10, 2017
Closed
orivej added a commit that referenced this pull request Nov 13, 2017
@orivej
php: Fix php pcre by using external lib
b76e7f8 
Merge pull request #31526 from srhb/fix-php-external-pcre

Since #30963 (bbb6ca7 on release-17.09) regex
subgroup matches in mod_php were returning incorrect results due to symbol
conflicts between system pcre used by Apache and pcre build into php.

(cherry picked from commit b62ad4f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@disassembler disassembler

@vcunat vcunat

Labels
1.severity: security 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@disassembler @orivej @vcunat @GrahamcOfBorg