Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability roundup 84: fontconfig-2.10.2: 1 advisory #88289

Closed
1 task
ckauhaus opened this issue May 20, 2020 · 8 comments · Fixed by #93562
Closed
1 task

Vulnerability roundup 84: fontconfig-2.10.2: 1 advisory #88289

ckauhaus opened this issue May 20, 2020 · 8 comments · Fixed by #93562
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one

Comments

@ckauhaus
Copy link
Contributor

search, files

Scanned versions: nixos-20.03: 82b5f87. May contain false positives.
@ckauhaus ckauhaus added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 20, 2020
@ckauhaus
Copy link
Contributor Author

See also: #73630

@flokli flokli mentioned this issue Jul 11, 2020
Closed
10 tasks
@flokli
Copy link
Contributor

flokli commented Jul 11, 2020

PR for unstable: #92919
PR for 20.03: #92921

@flokli flokli reopened this Jul 14, 2020
@flokli
Copy link
Contributor

flokli commented Jul 14, 2020

This is still an issue.

@ckauhaus
Copy link
Contributor Author

oops, sorry

@jtojnar
Copy link
Member

jtojnar commented Jul 16, 2020

We only use config files. We could probably just delete everything but /etc from the derivation, or remove it from top-level.

@flokli
Copy link
Contributor

flokli commented Jul 16, 2020

Yeah, but we still ship the fontconfig binary in nixpkgs. Is there any reason we still need to provide config files parse-able by 2.10.x fontconfig implementations?

@jtojnar
Copy link
Member

jtojnar commented Jul 16, 2020

I doubt there is much of a reason these days, nobody will be running programs compiled against fontconfig 2.10. I just do not want to remove it now so that possible breakage caused by #73795 is not mixed with potential downfall from removing the unversioned path.

@flokli flokli mentioned this issue Jul 20, 2020
Merged
10 tasks
@flokli
Copy link
Contributor

flokli commented Jul 21, 2020

#93562 is a new attempt to address this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fontconfig_210: remove package flokli/nixpkgs
3 participants
@flokli @jtojnar @ckauhaus