Skip to content

zlib: add patches to fix CVE-2018-25032#165642

Merged
SuperSandro2000 merged 1 commit intoNixOS:stagingfrom
twz123:zlib-z-fixed-patch
Mar 27, 2022
Merged

zlib: add patches to fix CVE-2018-25032#165642
SuperSandro2000 merged 1 commit intoNixOS:stagingfrom
twz123:zlib-z-fixed-patch

Conversation

@twz123
Copy link
Member

@twz123 twz123 commented Mar 24, 2022
edited
Loading

Description of changes

https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://www.openwall.com/lists/oss-security/2022/03/24/1

A similar change landed in Alpine: https://git.alpinelinux.org/aports/commit/?id=361df5902aa1e81594b17f06a13e10527dfb8aed

Things done

Added zlib patches generated via git format-patch -2 4346a16853e19b45787ce933666026903fb8f3f8. The diff can be viewed here.

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@mohe2015 mohe2015 added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Mar 24, 2022
@ofborg ofborg bot added 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Mar 24, 2022
SuperSandro2000
SuperSandro2000 reviewed Mar 26, 2022
View reviewed changes
@vcunat vcunat changed the base branch from master to staging March 26, 2022 09:05
SuperSandro2000
SuperSandro2000 requested changes Mar 26, 2022
View reviewed changes
@twz123 twz123 force-pushed the zlib-z-fixed-patch branch from 72cb3ef to a084137 Compare March 26, 2022 09:16
@twz123 twz123 changed the title zlib: add patches to fix a bug when using Z_FIXED zlib: zlib: add patches to fix CVE-2018-25032 Mar 26, 2022
@twz123 twz123 changed the title zlib: zlib: add patches to fix CVE-2018-25032 zlib: add patches to fix CVE-2018-25032 Mar 26, 2022
@twz123
Copy link
Member Author

twz123 commented Mar 26, 2022

Updated the PR with the suggestions. Thanks for digging out the CVE.

@vielmetti vielmetti mentioned this pull request Mar 26, 2022
Closed
@SuperSandro2000 SuperSandro2000 merged commit e0805c9 into NixOS:staging Mar 27, 2022
@github-actions github-actions bot mentioned this pull request Mar 27, 2022
Closed
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Mar 27, 2022

Successfully created backport PR #165951 for staging-21.11.

@twz123 twz123 deleted the zlib-z-fixed-patch branch March 27, 2022 20:55
@wamserma wamserma mentioned this pull request Mar 31, 2022
Merged
13 tasks
@mweinelt mweinelt mentioned this pull request Mar 31, 2022
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 approved these changes

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@twz123 @SuperSandro2000 @vcunat @mohe2015