Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Staging next #74795

Merged
merged 160 commits into from Dec 5, 2019
Merged

Staging next #74795

merged 160 commits into from Dec 5, 2019

Conversation

FRidh
Copy link
Member

@FRidh FRidh commented Dec 1, 2019

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

tmplt and others added 30 commits November 17, 2019 18:51
@tmplt
gdb: wrap, making libstdc++ plugin safe to load
800f280
@c0bw3b
saga: remove jasper from inputs
9315000 
It is unused since v2.2.6 (2016)
https://sourceforge.net/p/saga-gis/bugs/224/
@c0bw3b
digikam: disable JPEG2000 support by default
acd9058 
jasper has several unfixed CVE and seems unmaintained
Upstream open bug to replace it with OpenJPEG is:
https://bugs.kde.org/show_bug.cgi?id=364231
@c0bw3b
k2pdfopt: disable JPEG2000 support by default
ab8889d 
jasper has unfixed CVE
@c0bw3b
kodi: drop jasper dependency
0a443f4 
Unused since:
xbmc/xbmc@424c513
@tmplt
Merge remote-tracking branch 'upstream/staging' into wrap-gdb
9569273
darwin.cctools: 895 -> 927.0.2
7b77c09 
Update the version of `cctools` on darwin.  The older version fails
to work on some modern packages, such as `bazel 1.1`.
@tmplt
gdb: don't propagate unwrapped gdb
6cff4ce
@kmcopper
llvm/compiler-rt: default to compatible scudo options
19adae3
@tmplt
gdb: configure a safe path instead of wrapping
a3e0084
@c0bw3b
gdk-pixbuf: disable JPEG2000 support
9aa6232 
jasper has unfixed CVE
Upstream has no plan to switch to openjpeg AFAICT
@tmplt
gdb: use a safePaths parameter instead
75348fa
@c0bw3b
grib-api: replace jasper with openjpeg
652a178
@c0bw3b
libicns: replace jasper with openjpeg
329270e
@c0bw3b
libraw: disable JPEG2000 support by default
9ee141e 
jasper has many security issues and it's only used for some
old Redcine cameras. See:
LibRaw/LibRaw#69
@c0bw3b
openscenegraph: disable jasper by default
d2a536f
@c0bw3b
opencv: disable jasper by default
a13779a 
jasper has many unfixed CVEs, upstream disable its use by default
opencv/opencv#14058
@c0bw3b
dcraw: mark as vulnerable
9a48332
@c0bw3b
jasper: mark as vulnerable
a0d335f 
Many memory issues remain unfixed or partially fixed:
CVE-2018-18873 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541
CVE-2018-9252 CVE-2018-19542 CVE-2018-19543 CVE-2018-20570
CVE-2018-20584 CVE-2018-20622 CVE-2018-9252

Debian/Ubuntu, OpenSuSE and Gentoo removed it entirely. See:
jasper-software/jasper#208
perl: 5.30.0 -> 5.30.1
83bacb1
perlPackages.XMLParser: 2.46 -> 2.44
ca04f87
[cpan2nix] perlPackages.CPANPerlReleases: 4.14 -> 4.22
cdea5b4
[cpan2nix] perlPackages.CompressRawBzip2: 2.087 -> 2.090
a89074d
[cpan2nix] perlPackages.CompressRawZlib: 2.087 -> 2.090
84702be
[cpan2nix] perlPackages.CpanelJSONXS: 4.14 -> 4.17
11584ef
[cpan2nix] perlPackages.CryptX: 0.064 -> 0.066
70d32e8
[cpan2nix] perlPackages.DevelPPPort: 3.54 -> 3.55
4d16061
[cpan2nix] perlPackages.IOCaptureOutput: 1.1104 -> 1.1105
2722ef2
[cpan2nix] perlPackages.LogJournald: cleanup
6e0d164
[cpan2nix] perlPackages.Mojolicious: 8.25 -> 8.26
7ff256c
r-ryantm and others added 7 commits December 1, 2019 18:50
@r-ryantm @FRidh
libidn2: 2.2.0 -> 2.3.0
27810a0
@r-ryantm @FRidh
jsoncpp: 1.9.1 -> 1.9.2
256a373
@timokau @FRidh
python.pkgs.Cython: backport fix for non-int hashes
a240728 
cython/cython#2752 has already been accepted
upstream, is minimally invasive (only adds a feature, shouldn't break
any existing code) and is needed for the sage python3 update. Sage needs
this capability because it defines its own integer type.
@timokau @FRidh
python.pkgs.Cython: 0.29.14 -> 0.29.15
47f4ddf
@jtojnar @FRidh
gdk-pixbuf: fix setup hook
d4b4bcd 
b78e840 tried to make the script better but used the wrong test
syntax: [[ 113 > 99 ]] is false. This caused the librsvg not being added
to $GDK_PIXBUF_MODULE_FILE.

Fixes: #73586 (comment)
@FRidh
Merge staging into staging-next
d7bf92b
@FRidh
Merge master into staging-next
6662f5b
@Ericson2314
Copy link
Member

Ericson2314 commented Dec 1, 2019
edited

OK fixed one thing with gdb. I think we are good otherwise as far as things I am aware of.

@jtojnar jtojnar mentioned this pull request Dec 2, 2019
Merged
10 tasks
jtojnar and others added 2 commits December 2, 2019 13:22
@jtojnar
Merge pull request #74790 from d-goldin/gegl_0_4_jasper
65a0078 
gegl_0_4: disabling jasper, fixing build
@timokau
Revert "python.pkgs.Cython: 0.29.14 -> 0.29.15"
12b167e 
This reverts commit fa4bbef.

The update seems to be no longer available. See
#74388 (comment).
@andir andir mentioned this pull request Dec 3, 2019
Merged
10 tasks
@FRidh FRidh merged commit 273ec23 into master Dec 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

@jonringer jonringer Awaiting requested review from jonringer

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

Assignees
No one assigned
Labels
6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: python 8.has: package (new) 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 10.rebuild-linux-stdenv
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet