Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[24.05] libtiff: patches for CVEs from libtiff 4.7.0 #340569

Open
wants to merge 1 commit into
base: staging-24.05
Choose a base branch
from
Open

[24.05] libtiff: patches for CVEs from libtiff 4.7.0 #340569

wants to merge 1 commit into from

Conversation

Yarny0
Copy link
Contributor

@Yarny0 Yarny0 commented Sep 8, 2024
edited
Loading

Description of changes

Add two patches from newest libtiff 4.7.0 which fix security problems.

Note (2024-09-08): libtiff 4.7.0 is already announced on the libtiff homepage, however, that version isn't available in the source repo yet, nor on the download page. Therefore, the pull request at hand uses 4.7.0rc1 and is marked as draft. As soon as version 4.7.0 is published, I intend to remove the draft status after possibly adding more patches to the branch.

Note (2024-09-11): libtiff 4.7.0rc2 is available, without any additional patches relevant for the pull request at hand.

Note (2024-09-18): libtiff 4.7.0 finally got released. There are no changes compared to v4.7.0rc2, so there are no additional patches relevant for the pull request at hand.

Reference: pull request for nixpkgs unstable

Notifying libtiff maintainer team (geospatial): @autra @imincik @l0b0 @nh2 @nialov @sikmir @willcohen

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

More:

  • successfully built libtiff.tests

Add a 👍 reaction to pull requests you find important.

@Yarny0
libtiff: patch for CVE-2023-52356 & CVE-2024-7006
95e8350 
These are backported from new version 4.7.0

https://libtiff.gitlab.io/libtiff/releases/v4.7.0.html

Note that libtiff_t v4.6.0t already contains these patches.
@Yarny0 Yarny0 marked this pull request as ready for review September 18, 2024 17:58
@l0b0 l0b0 removed their request for review September 18, 2024 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willcohen willcohen Awaiting requested review from willcohen

@imincik imincik Awaiting requested review from imincik

@nialov nialov Awaiting requested review from nialov

@nh2 nh2 Awaiting requested review from nh2

@sikmir sikmir Awaiting requested review from sikmir

Assignees
No one assigned
Labels
10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Yarny0