New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[r19.03] ghostscript: catch up with many CVE patches #75121
[r19.03] ghostscript: catch up with many CVE patches #75121
Conversation
(cherry picked from commit f55969b)
…-14812, CVE-2019-14813 and some of CVE-2019-14817 as with master, not all of the CVE-2019-14817 patch applies cleanly, but the parts that do should provide some protection (cherry picked from commit bd3f644)
context-adjusted patches cribbed from debian's 9.26a~dfsg-0+deb9u6, also requiring further adjustment of patch for CVE-2019-10216 (cherry picked from commit 59ea6fc)
again, context-adjusted patches cribbed from debian's 9.26a~dfsg-0+deb9u6 (cherry picked from commit 4e28989)
again, context-adjusted patch cribbed from debian's 9.26a~dfsg-0+deb9u6 (cherry picked from commit 0fba5b9)
@@ -51,6 +51,37 @@ stdenv.mkDerivation rec { | |||
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d3537a54740d78c5895ec83694a07b3e4f616f61"; | |||
sha256 = "1hr8bpi87bbg1kvv28kflmfh1dhzxw66p9q0ddvbrj72qd86p3kx"; | |||
}) | |||
./9.26-CVE-2019-3835-part-1.patch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So why did you use fetchpatch
for some patches and local files for other patches?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a couple of them needed manual adaptation. But this was a long time ago now.
@risicle this PR targets an unmaintained branch right? Perhaps we should close it now? |
If ya like, I don't see any harm in throwing a bone to people stuck on an old release tho 🤷 |
Motivation for this change
Having the same base version as 19.09, it's easy enough to bring all the relevant patches up to the level of #73590.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @