Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cups: 2.3.0 -> 2.3.1 #77017

Merged
merged 1 commit into from Jan 20, 2020
Merged

cups: 2.3.0 -> 2.3.1 #77017

merged 1 commit into from Jan 20, 2020

Conversation

@r-ryantm
Copy link
Contributor

@r-ryantm r-ryantm commented Jan 6, 2020

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/cups/versions.

meta.description for cups is: '"A standards-based printing system for UNIX"'.

meta.homepage for cups is: '"https://cups.org/"

Release on GitHub

Compare changes on GitHub

Checks done (click to expand)
Rebuild report (if merged into master) (click to expand)

11833 total rebuild path(s)

4391 package rebuild(s)

4345 x86_64-linux rebuild(s)
3785 i686-linux rebuild(s)
0 x86_64-darwin rebuild(s)
3703 aarch64-linux rebuild(s)

First fifty rebuilds by attrpath
AgdaSheaves
AgdaStdlib
DisnixWebService
R
SDL_mixer
Sylk
TotalParserCombinators
_20kly
abcl
abiword
acoustidFingerprinter
adapta-gtk-theme
adementary-theme
adobe-reader
adoptopenjdk-icedtea-web
adwaita-qt
aegisub
aerc
aesop
afew
afterstep
agdaBase
agdaIowaStdlib
agdaPrelude
ahoviewer
airtame
aj-snapshot
akira-unstable
akonadi
akregator
alarm-clock-applet
albert
alchemy
aldor
alfred
aliceml
aliza
allegro5
alloy
alloy4
alloy5
almanah
alot
alsaTools
alt-ergo
amarok
amarok-kf5
amber-theme
ammonite
ammonite_2_12

Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/gs9l84adfnkpxs5gfzx42lbxbgbqh3ki-cups-2.3.1 \
  --option binary-caches 'https://cache.nixos.org/ https://r-ryantm.cachix.org/' \
  --option trusted-public-keys '
  r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(r-ryantm's Cachix cache is only trusted for this store-path realization.)

Or, build yourself:

nix-build -A cups https://github.com/r-ryantm/nixpkgs/archive/84457be75a8e43bd06d1553caea8b2b621df19d2.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/gs9l84adfnkpxs5gfzx42lbxbgbqh3ki-cups-2.3.1
ls -la /nix/store/gs9l84adfnkpxs5gfzx42lbxbgbqh3ki-cups-2.3.1/bin

cc @matthewbauer for testing.

@ofborg ofborg bot added the 6.topic: printing label Jan 6, 2020
@ofborg ofborg bot requested a review from matthewbauer Jan 6, 2020
@FRidh FRidh added this to WIP in Staging via automation Jan 6, 2020
@FRidh FRidh moved this from WIP to Needs review in Staging Jan 6, 2020
@nh2
Copy link
Contributor

@nh2 nh2 commented Jan 18, 2020

@nh2
Copy link
Contributor

@nh2 nh2 commented Jan 20, 2020

This release fixes CVE-2019-2228 according to the release notes.

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.

@nh2
Copy link
Contributor

@nh2 nh2 commented Jan 20, 2020

I've built this based on master where it builds fine (ofborg can't build it against staging).

Merging.

@nh2 nh2 merged commit 7ebadfe into NixOS:staging Jan 20, 2020
16 checks passed
16 checks passed
cups on aarch64-linux Failure
Details
cups on x86_64-linux Failure
Details
Evaluation Performance Report Evaluator Performance Report
Details
cups on x86_64-darwin Success
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
Staging automation moved this from Needs review to Done Jan 20, 2020
@r-ryantm r-ryantm deleted the r-ryantm:auto-update/cups branch Jan 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Staging
  
Done
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.