Skip to content

botan2: 2.18.0 -> 2.18.1, add patch for CVE-2021-40529#137041

Merged
7c6f434c merged 3 commits intoNixOS:masterfrom
risicle:ris-botan-CVE-2021-40529
Sep 8, 2021
Merged

botan2: 2.18.0 -> 2.18.1, add patch for CVE-2021-40529#137041
7c6f434c merged 3 commits intoNixOS:masterfrom
risicle:ris-botan-CVE-2021-40529

Conversation

@risicle
Copy link
Contributor

@risicle risicle commented Sep 8, 2021
edited
Loading

Motivation for this change

https://nvd.nist.gov/vuln/detail/CVE-2021-40529

No release including this fix yet. Bumped at the same time to ensure patch was as applicable as possible.

Also marked botan as vulnerable to this.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • 21.11 Release Notes (or backporting 21.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@risicle risicle added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-21.05 labels Sep 8, 2021
@ofborg ofborg bot requested a review from 7c6f434c September 8, 2021 00:14
@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Sep 8, 2021
@risicle risicle marked this pull request as ready for review September 8, 2021 01:11
@r-rmcgibbo
Copy link

r-rmcgibbo commented Sep 8, 2021
edited
Loading

Result of nixpkgs-review pr 137041 at 785fa83 run on aarch64-linux 1

1 package failed to build:
1 package skipped due to time constraints:
  • kea
6 packages built successfully:
  • biboumi
  • botan2
  • corectrl
  • monotone
  • rnp
  • softhsm

Note that build failures may predate this PR, and could be nondeterministic or hardware dependent.
Please exercise your independent judgement. Does something look off? Please file an issue or reach out on IRC.

Result of nixpkgs-review pr 137041 at 785fa83 run on x86_64-linux 1

2 packages failed to build:
1 package skipped due to time constraints:
  • kea
6 packages built successfully:
  • biboumi
  • botan2
  • corectrl
  • monotone
  • rnp
  • softhsm
1 suggestion:
  • warning: missing-phase-hooks

    configurePhase should probably contain runHook preConfigure and runHook postConfigure.

    Near pkgs/development/libraries/botan/generic.nix:32:3:

       |
32 |   configurePhase = ''
   |   ^

Note that build failures may predate this PR, and could be nondeterministic or hardware dependent.
Please exercise your independent judgement. Does something look off? Please file an issue or reach out on IRC.

@7c6f434c 7c6f434c merged commit 75ba363 into NixOS:master Sep 8, 2021
@github-actions github-actions bot mentioned this pull request Sep 8, 2021
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Sep 8, 2021

Successfully created backport PR #137065 for release-21.05.

This was referenced Sep 8, 2021
Merged
Merged
@FliegendeWurst FliegendeWurst mentioned this pull request Jan 28, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@7c6f434c 7c6f434c Awaiting requested review from 7c6f434c

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@risicle @r-rmcgibbo @7c6f434c