[r19.03] ghostscript: catch up with many CVE patches #75121
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(cherry picked from commit f55969b)
…-14812, CVE-2019-14813 and some of CVE-2019-14817 as with master, not all of the CVE-2019-14817 patch applies cleanly, but the parts that do should provide some protection (cherry picked from commit bd3f644)
context-adjusted patches cribbed from debian's 9.26a~dfsg-0+deb9u6, also requiring further adjustment of patch for CVE-2019-10216 (cherry picked from commit 59ea6fc)
again, context-adjusted patches cribbed from debian's 9.26a~dfsg-0+deb9u6 (cherry picked from commit 4e28989)
again, context-adjusted patch cribbed from debian's 9.26a~dfsg-0+deb9u6 (cherry picked from commit 0fba5b9)
doronbehar
reviewed
Mar 4, 2020
| @@ -51,6 +51,37 @@ stdenv.mkDerivation rec { | |||
| url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d3537a54740d78c5895ec83694a07b3e4f616f61"; | |||
| sha256 = "1hr8bpi87bbg1kvv28kflmfh1dhzxw66p9q0ddvbrj72qd86p3kx"; | |||
| }) | |||
| ./9.26-CVE-2019-3835-part-1.patch | |||
There was a problem hiding this comment.
So why did you use fetchpatch for some patches and local files for other patches?
There was a problem hiding this comment.
I think a couple of them needed manual adaptation. But this was a long time ago now.
|
@risicle this PR targets an unmaintained branch right? Perhaps we should close it now? |
|
If ya like, I don't see any harm in throwing a bone to people stuck on an old release tho 🤷 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
Having the same base version as 19.09, it's easy enough to bring all the relevant patches up to the level of #73590.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @