Skip to content

libtiff: add patches for CVE-2022-0561 & CVE-2022-0562#161295

Merged
vcunat merged 1 commit intoNixOS:stagingfrom
risicle:ris-libtiff-CVE-2022-0561-CVE-2022-0562
Feb 22, 2022
Merged

libtiff: add patches for CVE-2022-0561 & CVE-2022-0562#161295
vcunat merged 1 commit intoNixOS:stagingfrom
risicle:ris-libtiff-CVE-2022-0561-CVE-2022-0562

Conversation

@risicle
Copy link
Copy Markdown
Contributor

@risicle risicle commented Feb 22, 2022

Motivation for this change

#160672
https://nvd.nist.gov/vuln/detail/CVE-2022-0561
https://nvd.nist.gov/vuln/detail/CVE-2022-0562

Used testcase to reproduce issue, confirmed it no longer occurs with patches applied.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@risicle risicle added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-21.11 labels Feb 22, 2022
vcunat
vcunat reviewed Feb 22, 2022
View reviewed changes
@mweinelt
Copy link
Copy Markdown
Member

mweinelt commented Feb 22, 2022

@ofborg eval

@vcunat vcunat merged commit 3bab4ac into NixOS:staging Feb 22, 2022
@github-actions github-actions bot mentioned this pull request Feb 22, 2022
Merged
1 task
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 22, 2022

Successfully created backport PR #161364 for staging-21.11.

@ofborg ofborg bot requested a review from alyssais February 22, 2022 13:26
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Feb 22, 2022
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 22, 2022

The process '/usr/bin/git' failed with exit code 1

3 similar comments
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 22, 2022

The process '/usr/bin/git' failed with exit code 1

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 22, 2022

The process '/usr/bin/git' failed with exit code 1

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 22, 2022

The process '/usr/bin/git' failed with exit code 1

vcunat added a commit that referenced this pull request Feb 22, 2022
@vcunat
libtiff: standardize the patch URLs
ba2687f 
#161295 (comment)
vcunat added a commit that referenced this pull request Feb 22, 2022
@vcunat
libtiff: standardize the patch URLs
e7b63e3 
#161295 (comment)
(cherry picked from commit ba2687f)
@FliegendeWurst FliegendeWurst mentioned this pull request Feb 24, 2022
Closed
3 tasks
yayayayaka pushed a commit to yayayayaka/nixpkgs that referenced this pull request May 1, 2022
@vcunat @yayayayaka
libtiff: standardize the patch URLs
41d49f4 
NixOS#161295 (comment)
(cherry picked from commit ba2687f)
jsoo1 pushed a commit to awakesecurity/nixpkgs that referenced this pull request Jul 13, 2023
@vcunat @jsoo1
libtiff: standardize the patch URLs
867f9f2 
NixOS#161295 (comment)
(cherry picked from commit ba2687f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mweinelt mweinelt mweinelt left review comments

@vcunat vcunat vcunat left review comments

@alyssais alyssais Awaiting requested review from alyssais

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@risicle @mweinelt @vcunat