Skip to content

rsync: apply patches for 6 vulnerabilities#373784

Merged
mweinelt merged 1 commit intoNixOS:masterfrom
LeSuisse:rsync-sec-jan-25
Jan 14, 2025
Merged

rsync: apply patches for 6 vulnerabilities#373784
mweinelt merged 1 commit intoNixOS:masterfrom
LeSuisse:rsync-sec-jan-25

Conversation

@LeSuisse
Copy link
Member

@LeSuisse LeSuisse commented Jan 14, 2025
edited
Loading

Fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088 and CVE-2024-12747.

https://www.kb.cert.org/vuls/id/952657

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-24.11 labels Jan 14, 2025
@LeSuisse LeSuisse force-pushed the rsync-sec-jan-25 branch 2 times, most recently from e1b3729 to b1a6594 Compare January 14, 2025 17:49
@LeSuisse LeSuisse changed the base branch from staging to staging-next January 14, 2025 17:49
@mweinelt
Copy link
Member

mweinelt commented Jan 14, 2025

I don't think we should wait for the release tarball, and instead focus on getting these fixes out.

@LeSuisse LeSuisse changed the base branch from staging-next to master January 14, 2025 18:36
@mweinelt mweinelt marked this pull request as ready for review January 14, 2025 18:44
@LeSuisse LeSuisse changed the title rsync: 3.3.0 -> 3.4.0 rsync: apply patches for 6 vulnerabilities Jan 14, 2025
@LeSuisse
Copy link
Member Author

LeSuisse commented Jan 14, 2025

Updated the commit message to match what's currently done.

mweinelt
mweinelt approved these changes Jan 14, 2025
View reviewed changes
Copy link
Member

@mweinelt mweinelt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. We made the call to move this through master, since staging-next is still blocked on a regression.

@github-actions github-actions bot added 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jan 14, 2025
@nix-owners nix-owners bot requested review from a user and ivan January 14, 2025 18:53
@mweinelt mweinelt merged commit 733994e into NixOS:master Jan 14, 2025
39 of 43 checks passed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Jan 14, 2025

Successfully created backport PR for staging-24.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Jan 14, 2025
Merged
1 task
@LeSuisse LeSuisse deleted the rsync-sec-jan-25 branch January 14, 2025 19:08
@mweinelt
Copy link
Member

mweinelt commented Jan 14, 2025

https://nixpk.gs/pr-tracker.html?pr=373784

@9999years 9999years mentioned this pull request Jan 14, 2025
Closed
13 tasks
@LeSuisse LeSuisse mentioned this pull request Jan 14, 2025
Merged
13 tasks
@nixos-discourse
Copy link

nixos-discourse commented Jan 16, 2025

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/vulnerability-notifications-for-nixos/58895/3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mweinelt mweinelt mweinelt approved these changes

@ivan ivan Awaiting requested review from ivan

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LeSuisse @mweinelt @nixos-discourse