build(deps): bump technote-space/get-diff-action from v2.0.3 to v3 by dependabot[bot] · Pull Request #2 · SFrijters/nixpkgs

dependabot · 2020-08-09T09:38:25Z

Bumps technote-space/get-diff-action from v2.0.3 to v3.

Changelog

Sourced from technote-space/get-diff-action's changelog.

{ "inputs": { "OUTPUT_BUILD_INFO_FILENAME": "build.json", "TEST_TAG_PREFIX": "test/", "CLEAN_TEST_TAG": "true" } }

Commits

d2f0f31 feat: build for release
7d7edc4 feat: build for release
86805e8 feat: build for release
3eb7bf5 feat: build for release
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [technote-space/get-diff-action](https://github.com/technote-space/get-diff-action) from v2.0.3 to v3. - [Release notes](https://github.com/technote-space/get-diff-action/releases) - [Changelog](https://github.com/technote-space/get-diff-action/blob/master/.releasegarc) - [Commits](technote-space/get-diff-action@v2.0.3...d2f0f31) Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2020-09-30T13:19:09Z

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

The test failed with > Test "test5 user should not be able to run commands under root" failed with > error: "invalid literal for int() with base 10: ''" since 2492da8. The reason for this is that `sudo(8)` writes the lecture to the tty[1] and only as a fallback to stdout[2]. This means that the `base64 --wrap 0` executed by `machine.execute()` doesn't affect the text written to the terminal, however the lecture is part of the string that's read from the VM via `shell.recv()`. I confirmed the problem in an interactive test session[3]: >>> command = "sudo -u test5 sudo -n -u root true" >>> out_command = f"( set -euo pipefail; {command} ) | (base64 --wrap 0; echo)\n" >>> machine.shell.send(out_command.encode()) 84 >>> machine # [ 99.015512] sudo[877]: root : TTY=hvc0 ; PWD=/tmp ; USER=test5 ; COMMAND=/run/wrappers/bin/sudo -n -u root true machine # [ 99.019373] sudo[877]: pam_unix(sudo:session): session opened for user test5(uid=1005) by (uid=0) machine # [ 99.038692] sudo[879]: pam_unix(sudo:auth): conversation failed machine # sudo: a password is required machine # [ 99.041860] sudo[879]: pam_unix(sudo:auth): auth could not identify password for [test5] machine # [ 99.046901] sudo[877]: pam_unix(sudo:session): session closed for user test5 >>> >>> x=machine._next_newline_closed_block_from_shell() >>> print(x) <newline> We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: <newline> #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. <newline> <newline> <newline> >>> Since the lecture isn't strictly necessary to confirm that `security.sudo` works as expected, I decided to disable lecturing inside the test, however we may want to fix the underlying problem in the test-driver at some point. [1] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/plugins/sudoers/check.c#L275-L283 [2] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/src/conversation.c#L95-L120 [3] I replaced each empty line with `<newline>` to make sure these aren't swallowed by git.

…lib.importJSON ./file.json #2

flutter: Separate cache and unwrapped derivations #2

1.2.1: Bug fix release: Single bug fix (#1) that fixes regression in `perf` tool caused by libbpf resetting its custom catch-all `SEC()` handler on explicit `bpf_program__set_type()` call. Given setting custom `SEC()` handlers is rarely used and pretty esoteric feature of libbpf, most users should not be affected. 1.2.2: One more fix: - Fix (#2) possible double-free in USDT-related libbpf code, which happens when libbpf runs out of space in `__bpf_usdt_specs` map due to having too many unique USDT specs. Running out of space can be mitigated by bumping up `BPF_USDT_MAX_SPEC_CNT` define before including `bpf/usdt.bpf.h` header in BPF-side code. This will prevent the double-free as a side effect (and will make it possible to successfully attach all requested USDTs), which is a recommended work-around for libbpf versions prior to v1.2.2. Link: libbpf/libbpf@e4d3827 #1 Link: libbpf/libbpf@f117080 #2

gh: 2.41.0 -> 2.42.1

Since ba83271 the build fails with applying patch /nix/store/46rxbbvl2l3mrxb50y9rzy7ahgx0lraj-d741901dddd731895346636c0d3556c6fa51fbe6.patch patching file tests/hazmat/primitives/test_aead.py Hunk #1 FAILED at 56. Hunk #2 FAILED at 197. Hunk #3 FAILED at 378. Hunk #4 FAILED at 525. Hunk NixOS#5 FAILED at 700. Hunk NixOS#6 FAILED at 844. 6 out of 6 hunks FAILED -- saving rejects to file tests/hazmat/primitives/test_aead.py.rej

Without the change `unnethack` startup crashes as: (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f734250c0e3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f73424bce06 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f73424a58f5 in __GI_abort () at abort.c:79 #4 0x00007f73424a67a1 in __libc_message (fmt=fmt@entry=0x7f734261e2f8 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 NixOS#5 0x00007f734259b1d9 in __GI___fortify_fail (msg=msg@entry=0x7f734261e2df "buffer overflow detected") at fortify_fail.c:24 NixOS#6 0x00007f734259ab94 in __GI___chk_fail () at chk_fail.c:28 NixOS#7 0x00000000005b2ac5 in strcpy (__src=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)", __dest=0x7ffe68838990 "\001") at /nix/store/B0S2LKF593R3585038WS4JD3LYLF2WDX-glibc-2.38-44-dev/include/bits/string_fortified.h:79 NixOS#8 curses_break_str (str=str@entry=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)", width=width@entry=163, line_num=line_num@entry=1) at ../win/curses/cursmisc.c:275 NixOS#9 0x00000000005b3f51 in curses_character_input_dialog (prompt=prompt@entry=0x7ffe68838cf0 "Shall I pick a character's race, role, gender and alignment for you?", choices=choices@entry=0x7ffe68838d70 "YNTQ", def=def@entry=121) at ../win/curses/cursdial.c:211 NixOS#10 0x00000000005b9ca0 in curses_choose_character () at ../win/curses/cursinit.c:556 NixOS#11 0x0000000000404eb1 in main (argc=<optimized out>, argv=<optimized out>) at ./../sys/unix/unixmain.c:309 which corresponds to `gcc` warning: ../win/curses/cursmisc.c: In function 'curses_break_str': ../win/curses/cursmisc.c:275:5: warning: '__builtin___strcpy_chk' writing one too many bytes into a region of a size that depends on 'strlen' [-Wstringop-overflow=] 275 | strcpy(substr, str); | ^ I did not find a single small upstream change that fixes it. Let's disable `fortify3` until next release. Closes: NixOS#292113

This test crashes the python interpreter in libx265_encode_stream: ``` #0 0x00007feefe2a7a7e in free () from /nix/store/81mi7m3k3wsiz9rrrg636sx21psj20hc-glibc-2.40-66/lib/libc.so.6 No symbol table info available. #1 0x00007fee98059295 in av_free (ptr=<optimized out>) at libavutil/mem.c:243 No locals. #2 0x00007fee98059352 in av_freep (arg=<optimized out>) at libavutil/mem.c:253 val = <optimized out> #3 0x00007fee997a4713 in libx265_encode_frame (avctx=<optimized out>, pkt=<optimized out>, pic=<optimized out>, got_packet=0x7ffe35c7e3f4) at libavcodec/libx265.c:821 [...] #4 0x00007fee99526ff6 in ff_encode_encode_cb (avctx=avctx@entry=0x16d1f00, avpkt=avpkt@entry=0x16ad440, frame=0x16f5e80, got_packet=got_packet@entry=0x7ffe35c7e3f4) at libavcodec/encode.c:254 codec = 0x7fee9a25e5c0 <ff_libx265_encoder> [...] ```

Prior to this the `dev` output was also propagated, when it's not actually used ```console $ nix-store --query --references /nix/store/ppw0flx4dbksxsnr84hq1gz4k0s0hpcq-nixos-rebuild-ng-0.0.0 /nix/store/11ciq72n4fdv8rw6wgjgasfv4mjs1jrw-bash-5.2p37 /nix/store/26yi95240650jxp5dj78xzch70i1kzlz-python3-3.12.9 /nix/store/xxh7mivp64xmzyw5wir2c2xbhy6cjzjd-nix-2.24.12 /nix/store/8jai5cxdfzgj9nsz4i26fh9sx5zsgilz-nix-2.24.12-dev /nix/store/ppw0flx4dbksxsnr84hq1gz4k0s0hpcq-nixos-rebuild-ng-0.0.0 ``` ```console $ nix why-depends --all --precise /nix/store/ppw0flx4dbksxsnr84hq1gz4k0s0hpcq-nixos-rebuild-ng-0.0.0 /nix/store/8jai5cxdfzgj9nsz4i26fh9sx5zsgilz-nix-2.24.12-dev /nix/store/ppw0flx4dbksxsnr84hq1gz4k0s0hpcq-nixos-rebuild-ng-0.0.0 └───nix-support/propagated-build-inputs: …/nix/store/8jai5cxdfzgj9nsz4i26fh9sx5zsgilz-nix-2.24.12-dev /nix/store/26yi… → /nix/store/8jai5cxdfzgj9nsz4i26fh9sx5zsgilz-nix-2.24.12-dev ``` ```console $ nvd diff /nix/store/ppw0flx4dbksxsnr84hq1gz4k0s0hpcq-nixos-rebuild-ng-0.0.0 /nix/store/fqm81bhggzkqh7033np2z0jr8c0qrpbw-nixos-rebuild-ng-0.0.0 <<< /nix/store/ppw0flx4dbksxsnr84hq1gz4k0s0hpcq-nixos-rebuild-ng-0.0.0 >>> /nix/store/fqm81bhggzkqh7033np2z0jr8c0qrpbw-nixos-rebuild-ng-0.0.0 Version changes: [C.] #1 boehm-gc 8.2.8, 8.2.8-dev -> 8.2.8 [C*] #2 nix 2.24.12, 2.24.12-dev, 2.24.12-man -> 2.24.12, 2.24.12-man Removed packages: [R.] #1 nlohmann_json 3.11.3 Closure size: 66 -> 63 (1 paths added, 4 paths removed, delta -3, disk usage -1.9MiB). ```

fluent-bit 3.2.7, 3.2.8 and 3.2.9 are segfaulting when used in combination with the systemd input. Lets revert to 3.2.6 for now. Upstream bug: fluent/fluent-bit#10139 Note that fluent-bit-3.2.7 fixes two high CVEs which we are now reintroducing. However they are only exploitable if you are using the OpenTelemetry input or the Prometheus Remote Write input. OpenTelemetry input: [CVE-2024-50609](https://nvd.nist.gov/vuln/detail/CVE-2024-50609) Prometheus Remote Write input: [CVE-2024-50608](https://nvd.nist.gov/vuln/detail/CVE-2024-50608) The problem is as follows: 3.2.7 started vendoring a copy of `libzstd` in tree and statically linking against it. Also, the fluent-bit binary exports the symbols of static libraries it links against. This is a problem because `libzstd` gets `dlopen()`ed by `libsystemd` when enumerating the journal (as journal logs are zstd compressed). and `libzstd` in Nixpkgs is built with `-DZSTD_LEGACY_SUPPORT=0` which causes `struct ZSTD_DCtx` to be 16 bytes smaller than without this flag https://github.com/facebook/zstd/blob/dev/lib/decompress/zstd_decompress_internal.h#L183-L187 `libsystemd` calls [`sym_ZSTD_createDCtx()`](https://github.com/systemd/systemd/blob/1e79a2923364b65fc9f347884dd5b9b2087f6e32/src/basic/compress.c#L480) which calls the function pointer returned by `dlsym()` which is calling into the `libzstd` that comes with `nixpkgs` and thus allocates a struct that is 16 bytes smaller. Later then `sym_ZSTD_freeDCtx()` is called. However because fluent-bit has `zstd` in its global symbol table, any functions that `sym_ZSTD_freeDCtx()` calls will be calls to the functions in the vendored fluent-bit version of the library which expects the larger struct. This then causes enough heap corruption to cause a segfault. E.g. the subsequent calls to `ZSTD_clearDict(dctx)` and `ZSTD_customFree(dctx->inBuff)` in https://github.com/facebook/zstd/blob/dev/lib/decompress/zstd_decompress.c#L324 will be working on a struct that is 16 bytes smaller than the one that was allocated by `libsystemd` and will cause a segfault at some point and thus are probably modifying pieces of memory that they shouldn't (gdb) bt #0 0x00007f10e7e9916c in __pthread_kill_implementation () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #1 0x00007f10e7e40e86 in raise () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #2 0x00007f10e7e2893a in abort () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #3 0x000000000046a938 in flb_signal_handler () #4 <signal handler called> NixOS#5 0x00007f10e7ea42b7 in unlink_chunk.isra () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 NixOS#6 0x00007f10e7ea45cd in _int_free_create_chunk () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 NixOS#7 0x00007f10e7ea5a1c in _int_free_merge_chunk () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 NixOS#8 0x00007f10e7ea5dc9 in _int_free () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 NixOS#9 0x00007f10e7ea8613 in free () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 NixOS#10 0x00007f10e80ad3b5 in ZSTD_freeDCtx () from /nix/store/wy0slah6yvchgra8nhp6vgrqa6ay72cq-zstd-1.5.6/lib/libzstd.so.1 NixOS#11 0x00007f10e8c90f6b in decompress_blob_zstd () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 NixOS#12 0x00007f10e8bf0efe in journal_file_data_payload () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 NixOS#13 0x00007f10e8c00f74 in sd_journal_enumerate_data () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 NixOS#14 0x00000000004eae2f in in_systemd_collect () NixOS#15 0x00000000004eb5a0 in in_systemd_collect_archive () NixOS#16 0x000000000047aa18 in flb_input_collector_fd () NixOS#17 0x0000000000495223 in flb_engine_start () NixOS#18 0x000000000046f304 in flb_lib_worker () NixOS#19 0x00007f10e7e972e3 in start_thread () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 NixOS#20 0x00007f10e7f1b2fc in __clone3 () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 Reverts 7310ab3 Reverts 4fbc6cf

…392512)

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 9, 2020

dependabot bot mentioned this pull request Aug 9, 2020

build(deps): bump technote-space/get-diff-action from v2.0.2 to v2.0.3 #1

Closed

dependabot bot force-pushed the dependabot/github_actions/technote-space/get-diff-action-v3 branch from fb7be70 to 19c2b39 Compare August 9, 2020 20:51

SFrijters closed this Sep 30, 2020

SFrijters deleted the dependabot/github_actions/technote-space/get-diff-action-v3 branch September 30, 2020 13:19

SFrijters pushed a commit that referenced this pull request May 8, 2023

treewide: switch builtins.fromJSON(builtins.readFile ./file.json) to …

0000000

…lib.importJSON ./file.json #2

SFrijters pushed a commit that referenced this pull request Jul 6, 2023

Merge pull request NixOS#240715 from FlafyDev/flutter-cache-drv-2

d625c36

flutter: Separate cache and unwrapped derivations #2

SFrijters pushed a commit that referenced this pull request Jan 18, 2024

Merge pull request NixOS#281498 from mfrw/mfrw/gh-2.42.1

f7e6ecd

gh: 2.41.0 -> 2.42.1

SFrijters pushed a commit that referenced this pull request Jul 1, 2025

nixos/xrdp: use --replace-fail with substituteInPlace, try #2

8fd6f73

SFrijters pushed a commit that referenced this pull request Jul 1, 2025

nixos/xrdp: use --replace-fail with substituteInPlace, try #2 (NixOS#…

ace047b

…392512)

SFrijters pushed a commit that referenced this pull request Feb 8, 2026

First class team reviews (try #2) (NixOS#487955)

d8a1199

SFrijters pushed a commit that referenced this pull request Feb 14, 2026

various: migrate ocaml packages to finalAttrs pattern #2 (NixOS#482503)

e4660f3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump technote-space/get-diff-action from v2.0.3 to v3#2

build(deps): bump technote-space/get-diff-action from v2.0.3 to v3#2
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/technote-space/get-diff-action-v3

dependabot bot commented on behalf of github Aug 9, 2020 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Sep 30, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Aug 9, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Sep 30, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Aug 9, 2020 •

edited

Loading