Skip to content

libfpx: drop#409063

Merged
philiptaron merged 1 commit intoNixOS:masterfrom
emilazy:push-solmqnuvupxo
May 20, 2025
Merged

libfpx: drop#409063
philiptaron merged 1 commit intoNixOS:masterfrom
emilazy:push-solmqnuvupxo

Conversation

@emilazy
Copy link
Member

@emilazy emilazy commented May 20, 2025

Unused, unmaintained image processing library stuck on an outdated version from 2016 and untouched outside of treewides/ZHF since that bump. Per https://github.com/ImageMagick/libfpx/blob/9b547af9651c7147ecebbda567543cc802c8135c/ChangeLog, this version has known vulnerabilities. The source tarball has also vanished from all of the mirrors.

cc @leona-ya I’ll mark this as vulnerable on 24.11 but I’d like to backport this to 25.05 so we don’t ship the release with this thing.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Nixpkgs 25.11 Release Notes (or backporting 24.11 and 25.05 Nixpkgs Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
  • NixOS 25.11 Release Notes (or backporting 24.11 and 25.05 NixOS Release notes)
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@emilazy emilazy added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 20, 2025
@ofborg ofborg bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label May 20, 2025
@emilazy emilazy mentioned this pull request May 20, 2025
Merged
13 tasks
@leona-ya
Copy link
Member

leona-ya commented May 20, 2025

ack for backport to 25.05

@emilazy
libfpx: drop
ced8a6a 
Unused, unmaintained image processing library
stuck on an outdated version from 2016 and
untouched outside of treewides/ZHF since that bump. Per
<https://github.com/ImageMagick/libfpx/blob/9b547af9651c7147ecebbda567543cc802c8135c/ChangeLog>,
this version has known vulnerabilities. The source tarball has also
vanished from all of the mirrors.
@emilazy emilazy force-pushed the push-solmqnuvupxo branch from 878b4ea to ced8a6a Compare May 20, 2025 13:24
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label May 20, 2025
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels May 20, 2025
@emilazy emilazy mentioned this pull request May 20, 2025
Open
13 tasks
@philiptaron philiptaron merged commit c3f7075 into NixOS:master May 20, 2025
20 of 22 checks passed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented May 20, 2025

Backport failed for release-25.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-25.05
git worktree add -d .worktree/backport-409063-to-release-25.05 origin/release-25.05
cd .worktree/backport-409063-to-release-25.05
git switch --create backport-409063-to-release-25.05
git cherry-pick -x ced8a6aef6f2cab09a8d7650d4ee333114d11bcb

@FliegendeWurst FliegendeWurst added the 9.needs: port to stable A PR needs a backport to the stable release. label May 20, 2025
@mdaniels5757 mdaniels5757 mentioned this pull request Jun 22, 2025
Merged
1 task
@mdaniels5757 mdaniels5757 added 8.has: port to stable This PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. backport release-25.05 labels Jun 22, 2025
@emilazy emilazy deleted the push-solmqnuvupxo branch July 17, 2025 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philiptaron philiptaron philiptaron approved these changes

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@emilazy @leona-ya @philiptaron @mdaniels5757 @FliegendeWurst