Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security fixes #182834

Merged
merged 3 commits into from
Jul 25, 2022
Merged

Security fixes #182834

merged 3 commits into from
Jul 25, 2022

Conversation

globin
Copy link
Member

@globin globin commented Jul 25, 2022

Description of changes
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@globin globin added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-22.05 labels Jul 25, 2022
samueldr
samueldr approved these changes Jul 25, 2022
View reviewed changes
Copy link
Member

@samueldr samueldr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the tiny grub change.

pkgs/tools/misc/grub/2.0x.nix
name = "binutils-2.36";
name = "binutils-2.36.patch";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✔️ (see the commit for details if you're reviewing and confused)

@Ma27
Copy link
Member

Ma27 commented Jul 25, 2022

  • 1000 rebuilds IMHO warrants a retarget to staging-next, will take care of that later tonight.

  • the qemu patch should be easy to backport to 22.05 (Mayflower already uses this patch on 22.05), not sure what to do about vim considering that we're on vim8 on 22.05 (cc @NixOS/security )

@Ma27 Ma27 changed the base branch from master to staging-next July 25, 2022 18:24
@ofborg ofborg bot requested a review from samueldr July 25, 2022 18:33
@Ma27 Ma27 merged commit 7be3a05 into NixOS:staging-next Jul 25, 2022
@Ma27 Ma27 deleted the security-fixes branch July 25, 2022 19:19
@Ma27 Ma27 mentioned this pull request Jul 25, 2022
Merged
13 tasks
@github-actions
Copy link
Contributor

Backport failed for release-22.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-22.05
git worktree add -d .worktree/backport-182834-to-release-22.05 origin/release-22.05
cd .worktree/backport-182834-to-release-22.05
git checkout -b backport-182834-to-release-22.05
ancref=$(git merge-base db04e3c1433334aa4db89281f0506336406e3019 b2d221795b355b6646c046077f3a58aedb1efa82)
git cherry-pick -x $ancref..b2d221795b355b6646c046077f3a58aedb1efa82

@Mindavi
Copy link
Contributor

Mindavi commented Jul 26, 2022
edited
Loading

Broke cross, but already fixed upstream so on a new update it should be good again: vim/vim#10777. Of course we do need to set that flag then, but that's fine.

@Artturin
Copy link
Member

#184025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ma27 Ma27 Ma27 approved these changes

@alyssais alyssais Awaiting requested review from alyssais

@equirosa equirosa Awaiting requested review from equirosa

@lovek323 lovek323 Awaiting requested review from lovek323

@edolstra edolstra Awaiting requested review from edolstra

@samueldr samueldr Awaiting requested review from samueldr

Assignees

@Ma27 Ma27

Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: vim 10.rebuild-darwin: 101-500 10.rebuild-linux: 501+ 10.rebuild-linux: 1001-2500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@globin @Ma27 @Mindavi @Artturin @samueldr