Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[24.05] cups: apply patches for CVE-2024-47175 #345101

Merged
merged 1 commit into from
Oct 3, 2024
Merged

[24.05] cups: apply patches for CVE-2024-47175 #345101

merged 1 commit into from
Oct 3, 2024

Conversation

LeSuisse
Copy link
Contributor

@LeSuisse LeSuisse commented Sep 28, 2024
edited
Loading

Description of changes

Based on the information provided in https://www.openwall.com/lists/oss-security/2024/09/27/3

GHSA-7xfx-47qg-grp6

Cherry picked from commit 053e3fe see #344919

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@LeSuisse LeSuisse mentioned this pull request Sep 28, 2024
Merged
13 tasks
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/cups-cups-filters-and-libppd-security-issues/52780/1

@LeSuisse LeSuisse marked this pull request as ready for review September 28, 2024 13:40
@ofborg ofborg bot requested a review from matthewbauer September 28, 2024 14:18
nbdd0121
nbdd0121 approved these changes Sep 30, 2024
View reviewed changes
Copy link
Contributor

@nbdd0121 nbdd0121 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The failed CI check is a patch difference warning. The difference is caused by 24.05 cups already carrying patches and thus doesn't need to reintroduce fetchpatch and patches = [];, so the warning could be safely dismissed.

@leona-ya leona-ya merged commit a0cf8e2 into NixOS:staging-24.05 Oct 3, 2024
34 of 35 checks passed
@LeSuisse LeSuisse deleted the cups-CVE-2024-47175-24.05 branch October 3, 2024 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nbdd0121 nbdd0121 nbdd0121 approved these changes

@leona-ya leona-ya leona-ya approved these changes

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

Assignees
No one assigned
Labels
1.severity: security 6.topic: printing 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 12.approvals: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@LeSuisse @nixos-discourse @nbdd0121 @leona-ya @wegank