-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gnupg: 2.3.4 -> 2.3.6, patch for CVE-2022-34903 #176598
Conversation
@GrahamcOfBorg build gnupg |
@GrahamcOfBorg build gnupg |
What's the status here? A GnuPG vulnerability has just been disclosed, and the patch doesn't apply cleanly to 2.3.4, so it would be great to get this in. |
I believe this is ready to go, will test a bit today with TPM2 and smart cards. (I've not verified that all patches still are relevant though) |
@GrahamcOfBorg build gnupg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The 2.3.5 changelog also doesn't indicate any obvious breakages: https://lists.gnupg.org/pipermail/gnupg-announce/2022q2/000472.html
Retargeted to staging next since I think the aforementioned vuln needs to be fixed and this makes sense as a prerequisitie. |
So perhaps even include the patch in this PR, so that we don't rebuild everything twice on |
The vulnerability has been assigned CVE-2022-34903, added patch from https://dev.gnupg.org/rG34c649b3601383cd11dbc76221747ec16fd68e1b |
efeb0f3
to
3d0e70a
Compare
Description of changes
Update
gnupg
to 2.3.6https://lists.gnu.org/archive/html/info-gnu/2022-04/msg00014.html
Add patch for CVE-2022-34903
https://dev.gnupg.org/rG34c649b3601383cd11dbc76221747ec16fd68e1b
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes