Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libssh2: apply patch for CVE-2023-48795 #275641

Merged
merged 1 commit into from
Dec 24, 2023
Merged

libssh2: apply patch for CVE-2023-48795 #275641

merged 1 commit into from
Dec 24, 2023

Conversation

leona-ya
Copy link
Member

Description of changes

libssh2/libssh2@d34d925
https://terrapin-attack.com/

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@leona-ya
Copy link
Member Author

We might want to include this in staging-next.

kloenk
kloenk approved these changes Dec 20, 2023
View reviewed changes
Copy link
Member

@kloenk kloenk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

build on x86_64-linux, aarch64-linux and aarch64-darwin

@leona-ya
Copy link
Member Author

@ofborg eval

@SuperSandro2000
Copy link
Member

@ofborg eval

issue on staging

@risicle
Copy link
Contributor

risicle commented Dec 23, 2023

Cherry-picked to staging-next for testing, built tests from #276144 (apart from vlc obviously) on macos 12 x86_64.

risicle
risicle approved these changes Dec 24, 2023
View reviewed changes
Copy link
Contributor

@risicle risicle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cherry-picked to staging-next for testing, built tests from #276144 on nixos x86_64. Built pkgsStatic, pkgsMusl, pkgsi686Linux variants.

@SuperSandro2000
Copy link
Member

Can someone finally merge this?

@risicle risicle merged commit b0e46d7 into NixOS:staging Dec 24, 2023
29 checks passed
@github-actions github-actions bot mentioned this pull request Dec 24, 2023
Merged
1 task
@github-actions GitHub Actions
Copy link
Contributor

Successfully created backport PR for staging-23.05:

@github-actions github-actions bot mentioned this pull request Dec 24, 2023
Merged
1 task
@github-actions GitHub Actions
Copy link
Contributor

Successfully created backport PR for staging-23.11:

@leona-ya leona-ya deleted the libssh2-cve-2023-48795 branch December 24, 2023 18:10
@vcunat
Copy link
Member

vcunat commented Dec 25, 2023

These rebuild *-darwin stdenvs and thus all darwin packages. It will take time, i.e. can't do direct -next merges. (I considered this for staging-next-23.05 right now – and dismissed.)

@reckenrode reckenrode mentioned this pull request Dec 25, 2023
Closed
13 tasks
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/questions-about-security-updates-in-nixos-with-flake/37464/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@risicle risicle risicle approved these changes

@SuperSandro2000 SuperSandro2000 SuperSandro2000 approved these changes

@kloenk kloenk kloenk approved these changes

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 12.approvals: 3+ backport staging-23.11 Backport PR automatically
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@leona-ya @SuperSandro2000 @risicle @vcunat @nixos-discourse @kloenk @delroth