Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libbfd: Patch CVE-2020-35448 #116757

Merged
merged 1 commit into from Mar 25, 2021
Merged

libbfd: Patch CVE-2020-35448 #116757

merged 1 commit into from Mar 25, 2021

Conversation

Pamplemousse
Copy link
Member

Motivation for this change

Relates to #113420 .
Patch amended from original to remove updates to Changelog (causing the patching to fail in nixpkgs...).

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot requested a review from Ericson2314 March 18, 2021 16:31
@Ericson2314
Copy link
Member

@Pamplemousse Hmm, is this not a patch we can reuse between binutils and libbfd?

@Ericson2314
Copy link
Member

Ericson2314 commented Mar 18, 2021
edited

I can't comment on it because its too far away from the edits, but see the patches = binutils-unwrapped.patches ++ [ line; binutils patches are automatically reused by libbfd.

@risicle
Copy link
Contributor

risicle commented Mar 20, 2021

Probably better aimed at staging

@risicle
Copy link
Contributor

risicle commented Mar 21, 2021

binutils, libidn2, daemon build happily, macos 10.14

@Ericson2314
Copy link
Member

What is the neewish command to tell CI to rebase the PR, avoiding notifying everyone?

@SuperSandro2000
Copy link
Member

/rebase staging

@github-actions
Copy link
Contributor

Failed to rebase

@Pamplemousse
binutils, libbfd: Patch CVE-2020-35448
8748154 
Signed-off-by: Pamplemousse <xav.maso@gmail.com>
@Pamplemousse Pamplemousse changed the base branch from master to staging March 22, 2021 14:23
@Pamplemousse
Copy link
Member Author

Errr, sorry for the spam.
Not too certain why a lot of people got notified, because I ran git rebase --onto $(git merge-base origin/master origin/staging) master locally, pushed, and then retargeted the PR...

@Ericson2314
Copy link
Member

@Pamplemousse it's just a race condition between the rebasing and retargetting, no matter what order you do it in. Don't worry about it :).

@Mic92 Mic92 merged commit 84cf39d into NixOS:staging Mar 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@LnL7 LnL7 Awaiting requested review from LnL7

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

@Mic92 Mic92 Awaiting requested review from Mic92

@zowoq zowoq Awaiting requested review from zowoq

Assignees
No one assigned
Labels
1.severity: security 8.has: clean-up 8.has: package (new) 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 10.rebuild-linux-stdenv
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Pamplemousse @Ericson2314 @risicle @SuperSandro2000 @Mic92