Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: bump musl from 1.1.24 (2019-10-13) #194

Closed
ee7 opened this issue Feb 21, 2021 · 2 comments · Fixed by #590
Closed

build: bump musl from 1.1.24 (2019-10-13) #194

ee7 opened this issue Feb 21, 2021 · 2 comments · Fixed by #590
Labels
kind: build Non-.nim changes that affect the release binary

Comments

@ee7
Copy link
Member

ee7 commented Feb 21, 2021
edited
Loading

The musl 1.1 series is end-of-life, and we currently use musl 1.1.24. From the build log for configlet 4.0.0-beta.1:

2022-04-13T21:33:18Z The following NEW packages will be installed:
2022-04-13T21:33:18Z   musl musl-dev musl-tools
2022-04-13T21:33:18Z 0 upgraded, 3 newly installed, 0 to remove and 13 not upgraded.
2022-04-13T21:33:18Z Need to get 948 kB of archives.
2022-04-13T21:33:18Z After this operation, 4367 kB of additional disk space will be used.
2022-04-13T21:33:18Z Get:1 http://azure.archive.ubuntu.com/ubuntu focal/universe amd64 musl amd64 1.1.24-1 [377 kB]
2022-04-13T21:33:18Z Get:2 http://azure.archive.ubuntu.com/ubuntu focal/universe amd64 musl-dev amd64 1.1.24-1 [565 kB]
2022-04-13T21:33:18Z Get:3 http://azure.archive.ubuntu.com/ubuntu focal/universe amd64 musl-tools amd64 1.1.24-1 [5868 B]

Links:

Security advisory:

Please take notice of the following advisories if you intend to use versions other than the latest release.

All versions prior to 1.2.2 are affected by CVE-2020-28928, a buffer overflow in the input-length-limited wcsnrtombs function, potentially affecting any program which uses this function.
@ee7 ee7 added the kind: build Non-.nim changes that affect the release binary label May 10, 2021
@ee7 ee7 mentioned this issue Oct 24, 2021
Closed
17 tasks
@ee7
Copy link
Member Author

ee7 commented Oct 24, 2021

Possible solutions:

  • Wait for the new Ubuntu release
  • Build via docker
  • Build via Zig

@ee7 ee7 mentioned this issue Oct 26, 2021
Merged
19 tasks
@ee7
Copy link
Member Author

ee7 commented Apr 8, 2022

musl 1.2.3 released: https://www.openwall.com/lists/musl/2022/04/07/1

@ee7 ee7 mentioned this issue Apr 21, 2022
Closed
@ee7 ee7 changed the title build: use the latest stable release of musl build: bump musl from 1.1.24 (2019-10-13) Apr 21, 2022
@ee7 ee7 mentioned this issue May 7, 2022
Merged
@ee7 ee7 closed this as completed in 6b6a780 Aug 17, 2022
@ee7 ee7 closed this as completed in #590 Aug 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind: build Non-.nim changes that affect the release binary
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

github(workflows): bump Ubuntu from 20.04 to 22.04 ee7/exercism-configlet
1 participant
@ee7