Skip to content

[22.05] pixman: Apply fix for integer overflow in pixman_sample_floor_y#199676

Merged
vcunat merged 1 commit intoNixOS:staging-22.05from
mweinelt:22.05/pixman
Nov 8, 2022
Merged

[22.05] pixman: Apply fix for integer overflow in pixman_sample_floor_y#199676
vcunat merged 1 commit intoNixOS:staging-22.05from
mweinelt:22.05/pixman

Conversation

@mweinelt
Copy link
Member

@mweinelt mweinelt commented Nov 5, 2022

https://gitlab.freedesktop.org/pixman/pixman/-/issues/63

Fixes: CVE-2022-44638

Description of changes
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@mweinelt mweinelt added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Nov 5, 2022
@mweinelt mweinelt mentioned this pull request Nov 5, 2022
13 tasks
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Nov 5, 2022
@vcunat vcunat changed the title pixman: Apply fix for integer overflow in pixman_sample_floor_y [22.05] pixman: Apply fix for integer overflow in pixman_sample_floor_y Nov 5, 2022
@risicle
Copy link
Contributor

risicle commented Nov 7, 2022

Libreoffice has a bundled pixman

@risicle
Copy link
Contributor

risicle commented Nov 7, 2022

Actually having said that I'm really confused over whether all of the contents of download.nix are actually used, because if we take poppler for example, the derivation contains patches to make it work with poppler 22.x (presumably the system poppler). Perhaps @7c6f434c can throw some light on this?

@vcunat vcunat merged commit 52c2134 into NixOS:staging-22.05 Nov 8, 2022
@vcunat
Copy link
Member

vcunat commented Nov 8, 2022

If it's bundled, we'll need to resolve it on nixpkgs master as well. (and it won't block this PR anyway)

@mweinelt mweinelt deleted the 22.05/pixman branch November 8, 2022 11:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments