Skip to content

Security fixes#182834

Merged
Ma27 merged 3 commits intoNixOS:staging-nextfrom
mayflower:security-fixes
Jul 25, 2022
Merged

Security fixes#182834
Ma27 merged 3 commits intoNixOS:staging-nextfrom
mayflower:security-fixes

Conversation

@globin
Copy link
Copy Markdown
Member

@globin globin commented Jul 25, 2022

Description of changes
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@globin globin added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-22.05 labels Jul 25, 2022
@github-actions github-actions bot added the 6.topic: vim Advanced text editor label Jul 25, 2022
@ofborg ofborg bot added 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches. labels Jul 25, 2022
samueldr
samueldr approved these changes Jul 25, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@samueldr samueldr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the tiny grub change.

pkgs/tools/misc/grub/2.0x.nix
# Pull upstream patch to fix linkage against binutils-2.36.
(fetchpatch {
name = "binutils-2.36";
name = "binutils-2.36.patch";
Copy link
Copy Markdown
Member

@samueldr samueldr Jul 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✔️ (see the commit for details if you're reviewing and confused)

@Ma27
Copy link
Copy Markdown
Member

Ma27 commented Jul 25, 2022

  • 1000 rebuilds IMHO warrants a retarget to staging-next, will take care of that later tonight.

  • the qemu patch should be easy to backport to 22.05 (Mayflower already uses this patch on 22.05), not sure what to do about vim considering that we're on vim8 on 22.05 (cc @NixOS/security )

@Ma27 Ma27 changed the base branch from master to staging-next July 25, 2022 18:24
@ofborg ofborg bot requested a review from samueldr July 25, 2022 18:33
@Ma27 Ma27 merged commit 7be3a05 into NixOS:staging-next Jul 25, 2022
@Ma27 Ma27 deleted the security-fixes branch July 25, 2022 19:19
@Ma27 Ma27 mentioned this pull request Jul 25, 2022
Merged
13 tasks
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jul 25, 2022

Backport failed for release-22.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-22.05
git worktree add -d .worktree/backport-182834-to-release-22.05 origin/release-22.05
cd .worktree/backport-182834-to-release-22.05
git checkout -b backport-182834-to-release-22.05
ancref=$(git merge-base db04e3c1433334aa4db89281f0506336406e3019 b2d221795b355b6646c046077f3a58aedb1efa82)
git cherry-pick -x $ancref..b2d221795b355b6646c046077f3a58aedb1efa82

@Mindavi
Copy link
Copy Markdown
Contributor

Mindavi commented Jul 26, 2022
edited
Loading

Broke cross, but already fixed upstream so on a new update it should be good again: vim/vim#10777. Of course we do need to set that flag then, but that's fine.

@Artturin
Copy link
Copy Markdown
Member

Artturin commented Jul 30, 2022

#184025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ma27 Ma27 Ma27 approved these changes

@alyssais alyssais Awaiting requested review from alyssais

@equirosa equirosa Awaiting requested review from equirosa

@lovek323 lovek323 Awaiting requested review from lovek323

@edolstra edolstra Awaiting requested review from edolstra

@samueldr samueldr Awaiting requested review from samueldr

Assignees

@Ma27 Ma27

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: vim Advanced text editor 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@globin @Ma27 @Mindavi @Artturin @samueldr