Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vim: 9.1.0689 -> 9.1.0707 #338683

Merged
merged 1 commit into from
Sep 2, 2024
Merged

vim: 9.1.0689 -> 9.1.0707 #338683

merged 1 commit into from
Sep 2, 2024

Conversation

LeSuisse
Copy link
Contributor

Description of changes

Fixes 2 heap-buffer-overflows (GHSA-4ghr-c62x-cqfh / CVE-2024-43802, GHSA-wxf9-c5gx-qrwr).

https://www.openwall.com/lists/oss-security/2024/08/31/1
https://www.openwall.com/lists/oss-security/2024/08/25/1

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-24.05 labels Aug 31, 2024
@ofborg ofborg bot requested review from philiptaron, dasJ and equirosa August 31, 2024 23:26
equirosa
equirosa approved these changes Sep 2, 2024
View reviewed changes
Copy link
Contributor

@equirosa equirosa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

philiptaron
philiptaron approved these changes Sep 2, 2024
View reviewed changes
Copy link
Contributor

@philiptaron philiptaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Result of nixpkgs-review pr 338683 -p vim run on x86_64-linux 1

2 packages built:
  • vim
  • vim.xxd (vim.xxd.xxd)

@philiptaron philiptaron merged commit ba04cb5 into NixOS:staging Sep 2, 2024
31 of 32 checks passed
@github-actions github-actions bot mentioned this pull request Sep 2, 2024
Merged
1 task
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 2, 2024

Successfully created backport PR for staging-24.05:

@emilazy
Copy link
Member

emilazy commented Sep 2, 2024

This could go on top of staging-next, or to master after the cycle completes, because the xxd change is in the current cycle (#338840). That seems better than waiting several more weeks to get this security update to unstable users.

@philiptaron
Copy link
Contributor

@emilazy could you do the necessary pull into staging-next?

@emilazy
Copy link
Member

emilazy commented Sep 2, 2024

Maybe? Probably? I don’t know if it’ll cause merge conflicts later on. I’ll ask about it.

@emilazy emilazy mentioned this pull request Sep 3, 2024
Merged
13 tasks
@LeSuisse
Copy link
Contributor Author

LeSuisse commented Sep 3, 2024

Thanks, I did not see that the xxd change was already in staging-next when I opened this :)

@LeSuisse LeSuisse deleted the vim-9.1.0707 branch September 3, 2024 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@equirosa equirosa equirosa approved these changes

@philiptaron philiptaron philiptaron approved these changes

@dasJ dasJ Awaiting requested review from dasJ

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: vim 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 1001-2500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@LeSuisse @emilazy @philiptaron @equirosa