Skip to content

[staging-next] protobuf3_{19,20,21}: Update to fix CVE-2022-1941#193365

Merged
mweinelt merged 4 commits intoNixOS:staging-nextfrom
mweinelt:protobuf-cve-2022-1941
Sep 28, 2022
Merged

[staging-next] protobuf3_{19,20,21}: Update to fix CVE-2022-1941#193365
mweinelt merged 4 commits intoNixOS:staging-nextfrom
mweinelt:protobuf-cve-2022-1941

Conversation

@mweinelt
Copy link
Copy Markdown
Member

@mweinelt mweinelt commented Sep 28, 2022

GHSA-8gq9-2x98-w8hf

Fixes: CVE-2022-1941

Description of changes

We don't have 3.18 and anything before that looks unsupported. Which means we should get rid of 3.7, 3.8, 3.11 and 3.17 before 22.11.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@mweinelt mweinelt changed the title protobuf3_19: 3.19.4 -> 3.19.5 protobuf3_{19,20,21}: Update to fix CVE-2022-1941 Sep 28, 2022
@mweinelt mweinelt changed the title protobuf3_{19,20,21}: Update to fix CVE-2022-1941 [staging-next] protobuf3_{19,20,21}: Update to fix CVE-2022-1941 Sep 28, 2022
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches. labels Sep 28, 2022
@mweinelt
protobuf3_11: remove
9b5f227 
No consumers and does not receive updates anymore and therefore probably
vulnerable to CVE-2022-1941 and others.
@vcunat vcunat mentioned this pull request Sep 28, 2022
Merged
@ofborg ofborg bot added the 8.has: clean-up This PR removes packages or removes other cruft label Sep 28, 2022
@mweinelt
Copy link
Copy Markdown
Member Author

mweinelt commented Sep 28, 2022

Queued the rest for removal in the 22.11 release blockers. #193370

@mweinelt mweinelt merged commit 90d45c4 into NixOS:staging-next Sep 28, 2022
@mweinelt mweinelt deleted the protobuf-cve-2022-1941 branch September 28, 2022 17:57
@mweinelt mweinelt mentioned this pull request Sep 28, 2022
Closed
12 tasks
@pennae pennae mentioned this pull request Feb 24, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 approved these changes

Assignees

No one assigned

Labels

8.has: clean-up This PR removes packages or removes other cruft 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mweinelt @SuperSandro2000