Merge branch 'staging-21.11' into staging-next-21.11

author: Vladimír Čunát <v@cunat.cz> 2022-01-25 13:27:47 +0100
committer: Vladimír Čunát <v@cunat.cz> 2022-01-25 13:27:47 +0100
commit: 25b2f4479c44b81958dc9b0c1acdfe143ab80ec6 (patch)
tree: b9f5eeabeec0385964922b7b196d5e48be0cb48c
parent: Merge staging-next-21.11 into staging-21.11 (diff)
parent: Merge #156692: glibc: 2.33-71 -> 2.33-78 (into staging-21.11) (diff)
download: nixpkgs-25b2f4479c44b81958dc9b0c1acdfe143ab80ec6.tar.gz
8 files changed, 101 insertions, 6 deletions
diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix
index e068f7df50b4..51a9b9af5bfd 100644
--- a/pkgs/applications/editors/vim/common.nix
+++ b/pkgs/applications/editors/vim/common.nix
@@ -1,12 +1,12 @@
 { lib, fetchFromGitHub }:
 rec {
-  version = "8.2.3451";
+  version = "8.2.4186";
 
   src = fetchFromGitHub {
     owner = "vim";
     repo = "vim";
     rev = "v${version}";
-    sha256 = "sha256-8OaEaFyOaL59j0EZkUY+kuR6si79H2dN09f8SnltxbQ=";
+    sha256 = "0g276mbmq69z7c4kgj59r0azxmx9ih2sd8v83dx2gfph6wgw65ph";
   };
 
   enableParallelBuilding = true;
diff --git a/pkgs/development/libraries/expat/CVE-2022-23852-fix.patch b/pkgs/development/libraries/expat/CVE-2022-23852-fix.patch
new file mode 100644
index 000000000000..fbbd080db4ed
--- /dev/null
+++ b/pkgs/development/libraries/expat/CVE-2022-23852-fix.patch
@@ -0,0 +1,26 @@
+From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Sat, 22 Jan 2022 17:48:00 +0100
+Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer
+ (CVE-2022-23852)
+
+---
+ expat/lib/xmlparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index d54af683..5ce31402 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
+     keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
+     if (keep > XML_CONTEXT_BYTES)
+       keep = XML_CONTEXT_BYTES;
++    /* Detect and prevent integer overflow */
++    if (keep > INT_MAX - neededSize) {
++      parser->m_errorCode = XML_ERROR_NO_MEMORY;
++      return NULL;
++    }
+     neededSize += keep;
+ #endif /* defined XML_CONTEXT_BYTES */
+     if (neededSize
diff --git a/pkgs/development/libraries/expat/CVE-2022-23852-test.patch b/pkgs/development/libraries/expat/CVE-2022-23852-test.patch
new file mode 100644
index 000000000000..3dca8f914a8f
--- /dev/null
+++ b/pkgs/development/libraries/expat/CVE-2022-23852-test.patch
@@ -0,0 +1,55 @@
+From acf956f14bf79a5e6383a969aaffec98bfbc2e44 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 23 Jan 2022 18:17:04 +0100
+Subject: [PATCH] tests: Cover integer overflow in XML_GetBuffer
+ (CVE-2022-23852)
+
+---
+ expat/tests/runtests.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
+index e89e8220..579dad1a 100644
+--- a/expat/tests/runtests.c
++++ b/expat/tests/runtests.c
+@@ -3847,6 +3847,30 @@ START_TEST(test_get_buffer_2) {
+ }
+ END_TEST
+ 
++/* Test for signed integer overflow CVE-2022-23852 */
++#if defined(XML_CONTEXT_BYTES)
++START_TEST(test_get_buffer_3_overflow) {
++  XML_Parser parser = XML_ParserCreate(NULL);
++  assert(parser != NULL);
++
++  const char *const text = "\n";
++  const int expectedKeepValue = (int)strlen(text);
++
++  // After this call, variable "keep" in XML_GetBuffer will
++  // have value expectedKeepValue
++  if (XML_Parse(parser, text, (int)strlen(text), XML_FALSE /* isFinal */)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  assert(expectedKeepValue > 0);
++  if (XML_GetBuffer(parser, INT_MAX - expectedKeepValue + 1) != NULL)
++    fail("enlarging buffer not failed");
++
++  XML_ParserFree(parser);
++}
++END_TEST
++#endif // defined(XML_CONTEXT_BYTES)
++
+ /* Test position information macros */
+ START_TEST(test_byte_info_at_end) {
+   const char *text = "<doc></doc>";
+@@ -11731,6 +11755,9 @@ make_suite(void) {
+   tcase_add_test(tc_basic, test_empty_parse);
+   tcase_add_test(tc_basic, test_get_buffer_1);
+   tcase_add_test(tc_basic, test_get_buffer_2);
++#if defined(XML_CONTEXT_BYTES)
++  tcase_add_test(tc_basic, test_get_buffer_3_overflow);
++#endif
+   tcase_add_test(tc_basic, test_byte_info_at_end);
+   tcase_add_test(tc_basic, test_byte_info_at_error);
+   tcase_add_test(tc_basic, test_byte_info_at_cdata);
diff --git a/pkgs/development/libraries/expat/default.nix b/pkgs/development/libraries/expat/default.nix
index 6abbd9567478..5bd03824441a 100644
--- a/pkgs/development/libraries/expat/default.nix
+++ b/pkgs/development/libraries/expat/default.nix
@@ -14,6 +14,12 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-sfnxsaXrsKyqiMn/eb+k4UWCO3iqUYXlxdhfBggkd4o=";
   };
 
+  patches = [
+    ./CVE-2022-23852-fix.patch
+    ./CVE-2022-23852-test.patch
+  ];
+  patchFlags = "-p2";
+
   outputs = [ "out" "dev" ]; # TODO: fix referrers
   outputBin = "dev";
 
diff --git a/pkgs/development/libraries/glibc/2.33-master.patch.gz b/pkgs/development/libraries/glibc/2.33-master.patch.gz
index fd78d3a5e8a8..13ef601408c5 100644
--- a/pkgs/development/libraries/glibc/2.33-master.patch.gz
+++ b/pkgs/development/libraries/glibc/2.33-master.patch.gz
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index 7cf5f8c536bc..d633a202025d 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -44,7 +44,7 @@
 
 let
   version = "2.33";
-  patchSuffix = "-71";
+  patchSuffix = "-78";
   sha256 = "sha256-LiVWAA4QXb1X8Layoy/yzxc73k8Nhd/8z9i35RoGd/8=";
 in
 
diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix
index ace18afdeed8..1b4c4212def2 100644
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@@ -1,4 +1,5 @@
 { config, lib, stdenv, fetchurl, zlib, lzo, libtasn1, nettle, pkg-config, lzip
+, fetchpatch
 , perl, gmp, autoconf, automake, libidn, p11-kit, libiconv
 , unbound, dns-root-data, gettext, util-linux
 , guileBindings ? config.gnutls.guile or false, guile
@@ -31,7 +32,14 @@ stdenv.mkDerivation rec {
   outputInfo = "devdoc";
   outputDoc  = "devdoc";
 
-  patches = [ ./nix-ssl-cert-file.patch ]
+  patches = [
+    ./nix-ssl-cert-file.patch
+    (fetchpatch {
+      name = "GNUTLS-SA-2022-01-17.diff"; # no CVE number (yet)
+      url = "https://gitlab.com/gnutls/gnutls/-/commit/22f837ba0bc7d13c3d738a8583566368fc12aee1.diff";
+      sha256 = "bLutc0Uc64B7MiR/dxZuE9zUkHQjjtUO1cSa4ODfuwQ=";
+    })
+  ]
     # Disable native add_system_trust.
     ++ lib.optional (isDarwin && !withSecurity) ./no-security-framework.patch;
 
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix
index 0818d7bde794..86838b29fbda 100644
--- a/pkgs/os-specific/linux/util-linux/default.nix
+++ b/pkgs/os-specific/linux/util-linux/default.nix
@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   pname = "util-linux";
-  version = "2.37.2";
+  version = "2.37.3";
 
   src = fetchurl {
     url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "sha256-agdkwarn+2B++KbdLA9sR9Xl/SeqCIIKuq2ewU4o6dk=";
+    sha256 = "sha256-WQxZLljNa/OFGctGevBc5qGrGAQOPjQY8kvPsvVfl3Y=";
   };
 
   patches = [
author	Vladimír Čunát <v@cunat.cz>	2022-01-25 13:27:47 +0100
committer	Vladimír Čunát <v@cunat.cz>	2022-01-25 13:27:47 +0100
commit	25b2f4479c44b81958dc9b0c1acdfe143ab80ec6 (patch)
tree	b9f5eeabeec0385964922b7b196d5e48be0cb48c
parent	Merge staging-next-21.11 into staging-21.11 (diff)
parent	Merge #156692: glibc: 2.33-71 -> 2.33-78 (into staging-21.11) (diff)
download	nixpkgs-25b2f4479c44b81958dc9b0c1acdfe143ab80ec6.tar.gz