Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[24.05] libtiff: patches for CVEs from libtiff 4.7.0 #340569

Merged
merged 1 commit into from
Sep 27, 2024

Conversation

Yarny0
Copy link
Contributor

@Yarny0 Yarny0 commented Sep 8, 2024

Description of changes

Add two patches from newest libtiff 4.7.0 which fix security problems.

Note (2024-09-08): libtiff 4.7.0 is already announced on the libtiff homepage, however, that version isn't available in the source repo yet, nor on the download page. Therefore, the pull request at hand uses 4.7.0rc1 and is marked as draft. As soon as version 4.7.0 is published, I intend to remove the draft status after possibly adding more patches to the branch.

Note (2024-09-11): libtiff 4.7.0rc2 is available, without any additional patches relevant for the pull request at hand.

Note (2024-09-18): libtiff 4.7.0 finally got released. There are no changes compared to v4.7.0rc2, so there are no additional patches relevant for the pull request at hand.

Reference: pull request for nixpkgs unstable

Notifying libtiff maintainer team (geospatial): @autra @imincik @l0b0 @nh2 @nialov @sikmir @willcohen

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

More:

  • successfully built libtiff.tests

Add a 👍 reaction to pull requests you find important.

These are backported from new version 4.7.0

https://libtiff.gitlab.io/libtiff/releases/v4.7.0.html

Note that libtiff_t v4.6.0t already contains these patches.
@Yarny0 Yarny0 marked this pull request as ready for review September 18, 2024 17:58
@l0b0 l0b0 removed their request for review September 18, 2024 21:29
@fabianhjr fabianhjr added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 27, 2024
Copy link
Member

@fabianhjr fabianhjr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ofborg built

@fabianhjr
Copy link
Member

Patches correspond to commits merged into the main branch of libtiff:

@fabianhjr
Copy link
Member

Both 7.5 High, merging as is

@fabianhjr fabianhjr merged commit 27c9a69 into NixOS:staging-24.05 Sep 27, 2024
35 of 36 checks passed
@Yarny0 Yarny0 deleted the 2405-libtiff-4-7-patches branch September 27, 2024 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants