Skip to content

[23.11] ghostscript: add patches for CVE-2024-33870, CVE-2024-33869 & CVE-2024-33871#314655

Merged
LeSuisse merged 1 commit intoNixOS:staging-23.11from
risicle:ris-ghostscript-CVEs-2024-05-r23.11
Jun 2, 2024
Merged

[23.11] ghostscript: add patches for CVE-2024-33870, CVE-2024-33869 & CVE-2024-33871#314655
LeSuisse merged 1 commit intoNixOS:staging-23.11from
risicle:ris-ghostscript-CVEs-2024-05-r23.11

Conversation

@risicle
Copy link
Contributor

@risicle risicle commented May 25, 2024
edited
Loading

Description of changes

https://security-tracker.debian.org/tracker/CVE-2024-33869
https://security-tracker.debian.org/tracker/CVE-2024-33870
https://security-tracker.debian.org/tracker/CVE-2024-33871

Addressed for unstable and 24.05 by #296602 & #314266 respectively

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@risicle risicle added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 25, 2024
@risicle risicle marked this pull request as draft May 25, 2024 18:43
@ofborg ofborg bot requested a review from viric May 25, 2024 19:08
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels May 25, 2024
@risicle risicle marked this pull request as ready for review May 25, 2024 19:09
LeSuisse
LeSuisse approved these changes Jun 2, 2024
View reviewed changes
Copy link
Member

@LeSuisse LeSuisse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The set of patches looks good to me, I successfully built ghostscript.tests on Linux x86_64 and aarch64.

@LeSuisse LeSuisse merged commit 547946a into NixOS:staging-23.11 Jun 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LeSuisse LeSuisse LeSuisse approved these changes

@viric viric Awaiting requested review from viric

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@risicle @LeSuisse