Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of mupdf to address various CVEs #71564

Merged
merged 4 commits into from Oct 21, 2019
Merged

Backport of mupdf to address various CVEs #71564

merged 4 commits into from Oct 21, 2019

Conversation

danieldk
Copy link
Contributor

@danieldk danieldk commented Oct 21, 2019
edited

Motivation for this change

This is PR #68506 rebased on the release 19.09 branch. mupdf in 19.09 has various known vulnerabilities:

#70113

I checked the builds of the references derivations and ran the binaries. Since I do not know/use all of these programs, I could not test them extensively.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @vrthra @fpletz

@teto

@flokli
Copy link
Contributor

flokli commented Oct 21, 2019

Hmm, can you cherry-pick backports with -x option?

teto and others added 4 commits October 21, 2019 20:26
@teto @danieldk
mupdf: 1.14.0 -> 1.16.1
74b127a 
(cherry picked from commit 737fcfb)
@teto @danieldk
zathura: 0.3.4 -> 0.3.5
f7e4491 
to fix issues with the new mupdf

(cherry picked from commit 5ded5df)
@teto @danieldk
llpp: 30 -> 31
87779e0 
(cherry picked from commit 4dd698a)
@danielfullmer @danieldk
k2pdfopt: Fix patch for mupdf 1.16.1
6a17d58 
(cherry picked from commit 2390e3f)
@danieldk
Copy link
Contributor Author

@flokli Should be fixed now.

@flokli
Copy link
Contributor

flokli commented Oct 21, 2019

@GrahamcOfBorg build mupdf zathura llpp k2pdfopt

@flokli flokli merged commit ec20b31 into NixOS:release-19.09 Oct 21, 2019
@flokli
Copy link
Contributor

flokli commented Oct 21, 2019

Thanks!

This was referenced Nov 1, 2019
Closed
Closed
Closed
@danieldk danieldk deleted the mupdf-backport branch July 6, 2020 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vrthra vrthra Awaiting requested review from vrthra

@danielfullmer danielfullmer Awaiting requested review from danielfullmer

@pSub pSub Awaiting requested review from pSub

@fpletz fpletz Awaiting requested review from fpletz

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@danieldk @flokli @veprbl @teto @danielfullmer