Skip to content

expat: add patches for CVE-2022-23852#156607

Merged
mweinelt merged 1 commit intoNixOS:stagingfrom
risicle:ris-expat-CVE-2022-23852
Jan 25, 2022
Merged

expat: add patches for CVE-2022-23852#156607
mweinelt merged 1 commit intoNixOS:stagingfrom
risicle:ris-expat-CVE-2022-23852

Conversation

@risicle
Copy link
Contributor

@risicle risicle commented Jan 24, 2022
edited by mweinelt
Loading

Motivation for this change

https://nvd.nist.gov/vuln/detail/CVE-2022-23852

No 2.4.4 release yet, so patch instead. No fetchpatch as it's not allowed for such an early-stage package.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@risicle risicle added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-21.11 labels Jan 24, 2022
@risicle risicle marked this pull request as ready for review January 24, 2022 23:17
@ofborg ofborg bot added 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jan 24, 2022
@mweinelt
Copy link
Member

mweinelt commented Jan 25, 2022

Patches are based on libexpat/libexpat#550.

mweinelt
mweinelt approved these changes Jan 25, 2022
View reviewed changes
Copy link
Member

@mweinelt mweinelt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Builds on aarch64-linux as well.

@mweinelt mweinelt merged commit f0c2087 into NixOS:staging Jan 25, 2022
@github-actions github-actions bot mentioned this pull request Jan 25, 2022
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Jan 25, 2022

Successfully created backport PR #156683 for staging-21.11.

This was referenced Jan 31, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mweinelt mweinelt mweinelt approved these changes

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@risicle @mweinelt