Skip to content

unzip: apply patch for CVE-2022-0529 and CVE-2022-0530#209367

Merged
risicle merged 1 commit intoNixOS:stagingfrom
LeSuisse:unzip-CVE-2022-0529-CVE-2022-0530
Jan 12, 2023
Merged

unzip: apply patch for CVE-2022-0529 and CVE-2022-0530#209367
risicle merged 1 commit intoNixOS:stagingfrom
LeSuisse:unzip-CVE-2022-0529-CVE-2022-0530

Conversation

@LeSuisse
Copy link
Member

@LeSuisse LeSuisse commented Jan 6, 2023

Description of changes

https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html
https://github.com/ByteHackr/unzip_poc

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-22.11 labels Jan 6, 2023
@risicle
Copy link
Contributor

risicle commented Jan 6, 2023

Hard to pick a specific test target for this, but did successfully build unzip on macos 10.15, nixos x86_64 (inc pkgsStatic, pkgsMusl & pkgsCross.aarch64-multiplatform variants) and aarch64-linux (inc pkgsStatic, pkgsMusl & pkgsCross.riscv64 variants)

(cherry-picked to nixpkgs-unstable for speed)

@risicle
Copy link
Contributor

risicle commented Jan 7, 2023

@ofborg eval

@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jan 7, 2023
@risicle risicle merged commit 58784f7 into NixOS:staging Jan 12, 2023
@github-actions github-actions bot mentioned this pull request Jan 12, 2023
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Jan 12, 2023

Successfully created backport PR #210436 for staging-22.11.

@LeSuisse LeSuisse deleted the unzip-CVE-2022-0529-CVE-2022-0530 branch January 13, 2023 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@risicle risicle risicle approved these changes

+1 more reviewer

@trofi trofi trofi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LeSuisse @risicle @trofi