Skip to content

qemu: add patches for CVE-2022-0216 & CVE-2020-14394#188503

Merged
alyssais merged 2 commits intoNixOS:masterfrom
risicle:ris-qemu-CVE-2022-0216
Aug 28, 2022
Merged

qemu: add patches for CVE-2022-0216 & CVE-2020-14394#188503
alyssais merged 2 commits intoNixOS:masterfrom
risicle:ris-qemu-CVE-2022-0216

Conversation

@risicle
Copy link
Contributor

@risicle risicle commented Aug 27, 2022
edited
Loading

Description of changes

https://nvd.nist.gov/vuln/detail/CVE-2022-0216
https://nvd.nist.gov/vuln/detail/CVE-2020-14394

CVE-2022-0216 patch comes with a test covering the issue. For this test to pass we need to apply an earlier patch which simple stops trying to run the fuzz tests for non-x86 as they were only ever really meant to apply to x86 anyway.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@risicle risicle added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Aug 27, 2022
@risicle risicle mentioned this pull request Aug 27, 2022
Merged
13 tasks
@ofborg ofborg bot requested review from alyssais and edolstra August 27, 2022 13:41
@ofborg ofborg bot added 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. labels Aug 27, 2022
@risicle risicle force-pushed the ris-qemu-CVE-2022-0216 branch from 83a8f22 to 4817658 Compare August 27, 2022 20:43
@risicle risicle changed the title qemu: add patches for CVE-2022-0216 qemu: add patches for CVE-2022-0216 & CVE-2020-14394 Aug 27, 2022
@risicle risicle marked this pull request as ready for review August 28, 2022 14:29
@alyssais alyssais merged commit 4442087 into NixOS:master Aug 28, 2022
@github-actions github-actions bot mentioned this pull request Aug 28, 2022
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Aug 28, 2022

Successfully created backport PR #188684 for release-22.05.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alyssais alyssais Awaiting requested review from alyssais

@edolstra edolstra Awaiting requested review from edolstra

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@risicle @alyssais