Skip to content

[25.05] headscale: patch /machine/map endpoint vulnerability #414589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
phaer merged 1 commit into from
Jun 7, 2025
Merged

[25.05] headscale: patch /machine/map endpoint vulnerability #414589

phaer merged 1 commit into from
Jun 7, 2025

Conversation

@dotlambda
Copy link
Member

@dotlambda dotlambda commented Jun 6, 2025

We can't backport #414539.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Nixpkgs 25.11 Release Notes (or backporting 24.11 and 25.05 Nixpkgs Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
  • NixOS 25.11 Release Notes (or backporting 24.11 and 25.05 NixOS Release notes)
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@dotlambda dotlambda requested review from kradalby and phaer June 6, 2025 21:23
@dotlambda dotlambda added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-24.11 labels Jun 6, 2025
@dotlambda dotlambda changed the title headscale: patch /machine/map endpoint vulnerability [25.05] headscale: patch /machine/map endpoint vulnerability Jun 6, 2025
@github-actions github-actions bot added the 4.workflow: backport This targets a stable branch label Jun 6, 2025
github-actions[bot]
github-actions bot previously requested changes Jun 6, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This report is automatically generated by the check-cherry-picks CI workflow.

Some of the commits in this PR have not been cherry-picked exactly and require the author's and reviewer's attention.

Please make sure to follow the backporting guidelines and cherry-pick with the -x flag. This requires changes to go to the unstable branches (master / staging) first, before backporting them.

Occasionally, it is not possible to cherry-pick exactly the same patch. This most frequently happens when resolving merge conflicts while cherry-picking or when updating minor versions of packages which have already advanced to the next major on unstable. If you need to merge this PR despite the warnings, please dismiss this review.

Warning

Couldn't locate original commit hash in message of 6879530.

Hint: The full diffs are also available in the runner logs with slightly better highlighting.

@github-actions github-actions bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Jun 6, 2025
@nix-owners nix-owners bot requested a review from Misterio77 June 6, 2025 21:28
@dotlambda dotlambda dismissed github-actions[bot]’s stale review June 7, 2025 05:26

Backporting version 0.26 would cause breaking changes.

@phaer
Copy link
Member

phaer commented Jun 7, 2025

Thanks @dotlambda

@phaer phaer merged commit 8977813 into NixOS:release-25.05 Jun 7, 2025
19 of 21 checks passed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Jun 7, 2025

Backport failed for release-24.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-24.11
git worktree add -d .worktree/backport-414589-to-release-24.11 origin/release-24.11
cd .worktree/backport-414589-to-release-24.11
git switch --create backport-414589-to-release-24.11
git cherry-pick -x 6879530a886ae6d0a85e310f9520dd2a3bc1c784

@dotlambda dotlambda deleted the headscale branch June 7, 2025 11:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@kradalby kradalby Awaiting requested review from kradalby

@phaer phaer Awaiting requested review from phaer

@Misterio77 Misterio77 Awaiting requested review from Misterio77

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: backport This targets a stable branch 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dotlambda @phaer