cnijfilter_2_80: disable fortify hardening #276300
Conversation
|
This has been successfully tested by @ipoupaille in #276125 (comment), I will merge this in a few days. |
|
@ipoupaille is 23.11 affected or only nixos-unstable ? |
|
I produced the problem on nixos-23.11. I have not tested on unstable. I have made the last test pinning the package version |
|
I added the backport to 23.11 tag, then |
ofborg
bot
added
10.rebuild-darwin: 0
10.rebuild-linux: 1-10
10.rebuild-linux: 1
labels
the cups filter crashes with hardening Fixes NixOS#276125
|
I suggest mentioning this to upstream as it signifies a bug (possibly quite a serious one with security implications). |
| @@ -100,6 +100,10 @@ stdenv.mkDerivation { | |||
| them, it undoes the --set-rpath. this prevents that. */ | |||
| dontPatchELF = true; | |||
|
|
|||
| # fortify hardening makes the filter crash | |||
| # https://github.com/NixOS/nixpkgs/issues/276125 | |||
| hardeningDisable = [ "fortify" ]; | |||
There was a problem hiding this comment.
Apparently we can get away with just disabling fortify3
There was a problem hiding this comment.
cool, I did not know about this one.
symphorien
force-pushed
the
issue_276125
branch
from
b326716
to
d4c1c32
Compare
|
About upstream, this is a half-proprietary printer driver last updated in 2007 (version bumps drop support for old printers so we have to keep old versions). I'm not optimistic enough to spend time over contacting upstream. |
|
😿 |
|
Successfully created backport PR for |
the cups filter crashes with hardening
Fixes #276125
Description of changes
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.