Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.03] sigil: add patches for CVE-2019-14452 #95873

Closed
wants to merge 1 commit into from
Closed

[20.03] sigil: add patches for CVE-2019-14452 #95873

wants to merge 1 commit into from

Conversation

risicle
Copy link
Contributor

@risicle risicle commented Aug 20, 2020

Motivation for this change

https://nvd.nist.gov/vuln/detail/CVE-2019-14452

Probably simpler than figuring out misbehaviour on someone else's machine in #95583 is just adding the patches to the existing release.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@risicle risicle mentioned this pull request Aug 20, 2020
Merged
9 tasks
@mweinelt
Copy link
Member

If it works for you let's not get further into this. I'm not using this and I'm on wayland, which might complicate things … idk.

Fontconfig warning: "/etc/fonts/2.11/fonts.conf", line 5: unknown element "description"
Fontconfig error: "/etc/fonts/2.11/fonts.conf", line 5: invalid attribute 'domain'
Fontconfig warning: "/etc/fonts/2.11/conf.d/10-hinting-slight.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/10-scale-bitmap-fonts.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/20-unhint-small-vera.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/30-metric-aliases.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/40-nonlatin.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/45-generic.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/45-latin.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/49-sansserif.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/50-user.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/51-local.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/60-generic.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/60-latin.conf", line 4: unknown element "description"
Fontconfig warning: "/etc/fonts/2.11/conf.d/65-nonlatin.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/10-hinting-slight.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/20-unhint-small-vera.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/30-metric-aliases.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/40-nonlatin.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/45-generic.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/45-latin.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/49-sansserif.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/51-local.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/60-generic.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/60-latin.conf", line 4: unknown element "description"
Fontconfig warning: "/nix/store/4arv3m974gnhl5jyry94bbhp25lv20cr-fontconfig-2.13.92/etc/fonts/conf.d/65-nonlatin.conf", line 4: unknown element "description"
Fontconfig error: Cannot load config file from /etc/fonts/2.11/fonts.conf
Fontconfig warning: FcPattern object weight does not accept value [0 45)
Segmentation fault (core dumped)

@worldofpeace worldofpeace changed the title [r20.03] sigil: add patches for CVE-2019-14452 [20.03] sigil: add patches for CVE-2019-14452 Aug 20, 2020
@risicle
Copy link
Contributor Author

risicle commented Aug 20, 2020

If this segfaults for you too that's really odd, because the patches really just change a few things about zip file handling.

Anyway, both PRs are up, merge whichever ya like...

@infinisil infinisil closed this Aug 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@risicle @mweinelt @infinisil