Description of changes

https://nvd.nist.gov/vuln/detail/CVE-2022-0891
https://nvd.nist.gov/vuln/detail/CVE-2022-0865
https://nvd.nist.gov/vuln/detail/CVE-2022-0924
https://nvd.nist.gov/vuln/detail/CVE-2022-0907
https://nvd.nist.gov/vuln/detail/CVE-2022-0909
https://nvd.nist.gov/vuln/detail/CVE-2022-0908

Each tested against the PoC input provided for the issue before and after its respective fix to check its validity.

We're technically not vulnerable to CVE-2022-0865 as it requires jbig2 support, which we don't have enabled. Included the patch anyway for completeness and in case anyone is enabling it via an override (all it takes is adding jbigkit to the buildInputs - considered proposing that addition, but it would be a bit of a funny reason to do so - so that we're not missing out on all the vulnerability fun?)

As for testing this, don't you think #162110 would make it so much easier to do so?

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.