Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

graphite2: 1.3.6 -> 1.3.13 #74155

Merged
merged 1 commit into from
Nov 29, 2019
Merged

graphite2: 1.3.6 -> 1.3.13 #74155

merged 1 commit into from
Nov 29, 2019
+3 −3

Conversation

nh2
Copy link
Contributor

@nh2 nh2 commented Nov 25, 2019

Fixes various security bugs with CVEs since 2017.

Fixes #73645.

Note that for 1.3.6 ONLY, the file was called graphite-*.tgz
and not graphite2-*.tgz, that's why the URL changes as well.

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @7c6f434c

Sorry, something went wrong.

@nh2 nh2 added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Nov 25, 2019
@nh2 nh2 requested a review from 7c6f434c November 25, 2019 14:47
@nh2 nh2 self-assigned this Nov 25, 2019
@nh2 nh2 mentioned this pull request Nov 25, 2019
Closed
7 tasks
@nh2
Copy link
Contributor Author

nh2 commented Nov 25, 2019

@GrahamcOfBorg build

@ckauhaus
Copy link
Contributor

should go to staging due to the amount of rebuilds

@nh2
graphite2: 1.3.6 -> 1.3.13
de97cb7 
Fixes various security bugs with CVEs since 2017.

Fixes NixOS#73645.

Note that for 1.3.6 *ONLY*, the file was called `graphite-*.tgz`
and not `graphite2-*.tgz`, that's why the URL changes as well.
@nh2 nh2 force-pushed the issue-73645-graphite2-1.3.13 branch from 34775f0 to de97cb7 Compare November 26, 2019 16:51
@nh2 nh2 changed the base branch from master to staging November 26, 2019 16:51
@nh2
Copy link
Contributor Author

nh2 commented Nov 26, 2019

@GrahamcOfBorg build

@nh2
Copy link
Contributor Author

nh2 commented Nov 26, 2019

should go to staging due to the amount of rebuilds

Done; I wasn't quite sure if I should put it on staging given that it's security

@7c6f434c
Copy link
Member

Hm, some of these seem to have been remotely abusable in Firefox?

@ofborg ofborg bot added 6.topic: erlang 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: haskell labels Nov 26, 2019
@ofborg ofborg bot added 6.topic: python 6.topic: qt/kde 6.topic: ruby 8.has: documentation This PR adds or changes documentation 2.status: merge conflict This PR has merge conflicts with the target branch and removed 6.topic: erlang 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: haskell 6.topic: python 6.topic: qt/kde 6.topic: ruby 8.has: documentation This PR adds or changes documentation 2.status: merge conflict This PR has merge conflicts with the target branch labels Nov 26, 2019
@nh2
Copy link
Contributor Author

nh2 commented Nov 26, 2019

Hm, some of these seem to have been remotely abusable in Firefox?

@7c6f434c Yes that's how I understood it.

@7c6f434c
Copy link
Member

@ckauhaus Do we have any procedure for PRs against staging-merge for high-impact but very high-rebuild fixes?

@jonringer
Copy link
Contributor

staging to bring in large rebuilds, then staging-next is used for stabilization of the affected packages.

@alyssais alyssais removed their request for review November 28, 2019 09:06
@ckauhaus ckauhaus merged commit 4da13bc into NixOS:staging Nov 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@7c6f434c 7c6f434c

@basvandijk basvandijk

@cdepillabout cdepillabout

@Ericson2314 Ericson2314

@FRidh FRidh

@jonringer jonringer

@matthewbauer matthewbauer

@peti peti

@thoughtpolice thoughtpolice

@ttuegel ttuegel

@zimbatm zimbatm

Assignees

@nh2 nh2

Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 2501-5000
Projects
Staging
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nh2 @ckauhaus @7c6f434c @jonringer