Skip to content

binutils: add patch for CVE-2021-45078#151658

Merged
veprbl merged 1 commit intoNixOS:stagingfrom
risicle:ris-binutils-CVE-2021-45078
Dec 25, 2021
Merged

binutils: add patch for CVE-2021-45078#151658
veprbl merged 1 commit intoNixOS:stagingfrom
risicle:ris-binutils-CVE-2021-45078

Conversation

@risicle
Copy link
Contributor

@risicle risicle commented Dec 22, 2021

Motivation for this change

https://nvd.nist.gov/vuln/detail/CVE-2021-45078

Changes in this patch really affect just the internals of a function which has seen little change since 2.35.2 except lowercasing of booleans.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@risicle risicle added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-21.11 labels Dec 22, 2021
@ofborg ofborg bot added 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. labels Dec 22, 2021
@ofborg ofborg bot requested a review from Ericson2314 December 22, 2021 03:13
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Dec 22, 2021
thiagokokada
thiagokokada approved these changes Dec 23, 2021
View reviewed changes
Copy link
Contributor

@thiagokokada thiagokokada left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Diff wise looks fine to me.

@veprbl veprbl merged commit 6a6756c into NixOS:staging Dec 25, 2021
@github-actions github-actions bot mentioned this pull request Dec 25, 2021
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Dec 25, 2021

Successfully created backport PR #152148 for staging-21.11.

risicle added a commit to risicle/nixpkgs that referenced this pull request Dec 27, 2021
@risicle
binutils: add patch for CVE-2021-45078 (NixOS#151658)
2e02b48 
(cherry picked from commit 6a6756c)
@risicle risicle mentioned this pull request Dec 27, 2021
Merged
13 tasks
@FliegendeWurst FliegendeWurst mentioned this pull request Jan 19, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thiagokokada thiagokokada thiagokokada approved these changes

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@risicle @thiagokokada @veprbl