New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gdk-pixbuf: 2.42.0 → 2.42.2 #106302
gdk-pixbuf: 2.42.0 → 2.42.2 #106302
Conversation
20829a6
to
3141ee4
Compare
ofborg vm tests seemed to fail |
Opened https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/94, can be tested using diff --git a/nixos/tests/installed-tests/gdk-pixbuf.nix b/nixos/tests/installed-tests/gdk-pixbuf.nix
index 3d0011a427a..b6e3a9fa225 100644
--- a/nixos/tests/installed-tests/gdk-pixbuf.nix
+++ b/nixos/tests/installed-tests/gdk-pixbuf.nix
@@ -1,7 +1,22 @@
{ pkgs, makeInstalledTest, ... }:
makeInstalledTest {
- tested = pkgs.gdk-pixbuf;
+ tested = pkgs.gdk-pixbuf.overrideAttrs (attrs: rec {
+ inherit (attrs) pname;
+ version = "2.42.2";
+ src = pkgs.fetchurl {
+ url = "mirror://gnome/sources/${pname}/${pkgs.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
+ sha256 = "05ggmzwvrxq9w4zcvmrnnd6qplsmb4n95lj4q607c7arzlf6mil3";
+ };
+ patches = attrs.patches ++ [
+ # Skip tests that are not built.
+ # https://gitlab.gnome.org/GNOME/gdk-pixbuf/merge_requests/94
+ (pkgs.fetchpatch {
+ url = "https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7611c4bcb5e728db5dba63f46aa71e4473dc23e.patch";
+ sha256 = "73rmPnUgjVKKN+18vFezPIBV5UZC51Hryc99WEN7uDA=";
+ })
+ ];
+ });
testConfig = {
# Tests allocate a lot of memory trying to exploit a CVE |
Please target staging. |
This is a security fix so it should go to master |
This is only true for non 5000+ mass rebuilds. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I rebuilt my personal system with this while testing #104091.
@jtojnar I commented at NixOS/rfcs#26 (comment) |
Actually, the patch for CVE-2020-29385 applies cleanly: #111542 |
Motivation for this change
Fixes CVE-2020-29385
https://ftp.gnome.org/pub/GNOME/sources/gdk-pixbuf/2.42/gdk-pixbuf-2.42.2.news
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)