Skip to content

[20.09] gdk-pixbuf: add patch for CVE-2020-29385 #111542

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
roberth merged 1 commit into from
Feb 1, 2021
Merged

[20.09] gdk-pixbuf: add patch for CVE-2020-29385 #111542

roberth merged 1 commit into from
Feb 1, 2021

Conversation

@dotlambda
Copy link
Member

@dotlambda dotlambda commented Feb 1, 2021

Motivation for this change

fixes #109165
I did not check whether the patch actually fixes the vulnerability on version 2.40.0.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@dotlambda dotlambda added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Feb 1, 2021
@dotlambda dotlambda mentioned this pull request Feb 1, 2021
Merged
10 tasks
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 1001-2500 This PR causes many rebuilds on Darwin and should most likely target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Feb 1, 2021
@roberth
Copy link
Member

roberth commented Feb 1, 2021

It's the only change in the accompanying issue https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164

I'll merge this assuming it is complete.

Perhaps someone from @NixOS/gnome can confirm?

@roberth roberth merged commit 9e87613 into NixOS:staging-20.09 Feb 1, 2021
@dotlambda dotlambda deleted the CVE-2020-29385 branch February 2, 2021 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jtojnar jtojnar Awaiting requested review from jtojnar

@worldofpeace worldofpeace Awaiting requested review from worldofpeace

@dasj19 dasj19 Awaiting requested review from dasj19

@hedning hedning Awaiting requested review from hedning

@edolstra edolstra Awaiting requested review from edolstra

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 1001-2500 This PR causes many rebuilds on Darwin and should most likely target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dotlambda @roberth