Skip to content

[staging-20.09] shadow: 4.8 -> 4.8.1#102992

Merged
roberth merged 1 commit intoNixOS:staging-20.09from
redvers:update_shadow_4.8_to_4.8.1
Nov 11, 2020
Merged

[staging-20.09] shadow: 4.8 -> 4.8.1#102992
roberth merged 1 commit intoNixOS:staging-20.09from
redvers:update_shadow_4.8_to_4.8.1

Conversation

@redvers
Copy link
Member

@redvers redvers commented Nov 6, 2020

https://nvd.nist.gov/vuln/detail/CVE-2019-19882
(cherry picked from commit 17d4902)

Motivation for this change

Addresses: #88398 - CVE-2019-19882

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@redvers redvers added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Nov 6, 2020
@redvers redvers changed the title shadow: 4.8 -> 4.8.1 shadow: 4.8 -> 4.8.1 [20.09] Nov 6, 2020
@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Nov 6, 2020
@jonringer
Copy link
Contributor

jonringer commented Nov 6, 2020
edited
Loading

this is a mass rebuild, please target staging-20.09

git rebase --onto=origin/staging-20.09 HEAD^
git push .. .. --force

then change target branch

@redvers
Copy link
Member Author

redvers commented Nov 6, 2020
edited
Loading

git rebase --onto=origin/staging-20.09 HEAD^

[root@evil:/home/red/projects/nixpkgs]# git rebase --onto=origin/staging-20.09 HEAD^
fatal: Does not point to a valid commit 'origin/staging-20.09'

Sorry - I'm git impaired :/

@jonringer
Copy link
Contributor

jonringer commented Nov 6, 2020

please do git remote -v, you probably just have upstream named differently from me

@redvers
Copy link
Member Author

redvers commented Nov 6, 2020

please do git remote -v, you probably just have upstream named differently from me

[root@evil:/home/red/projects/nixpkgs]# git remote -v
origin  git@github.com:redvers/nixpkgs (fetch)
origin  git@github.com:redvers/nixpkgs (push)
upstream        https://github.com/nixos/nixpkgs.git (fetch)
upstream        https://github.com/nixos/nixpkgs.git (push)

@jonringer
Copy link
Contributor

jonringer commented Nov 6, 2020

ah, you cloned from your fork:

git rebase --onto=upstream/staging-20.09 HEAD^
git push .. .. --force

should work

@redvers redvers force-pushed the update_shadow_4.8_to_4.8.1 branch from 6055c39 to ad28728 Compare November 6, 2020 20:13
@redvers redvers changed the base branch from release-20.09 to staging-20.09 November 6, 2020 20:14
@redvers
Copy link
Member Author

redvers commented Nov 6, 2020

ah, you cloned from your fork:

git rebase --onto=upstream/staging-20.09 HEAD^
git push .. .. --force

should work

Okay - I think we're good now?

Thanks for your due diligence.

@jonringer
Copy link
Contributor

jonringer commented Nov 6, 2020

git history looks good now

@ofborg ofborg bot added 6.topic: haskell General-purpose, statically typed, purely functional programming language 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: python Python is a high-level, general-purpose programming language. labels Nov 6, 2020
@redvers
Copy link
Member Author

redvers commented Nov 6, 2020

@andir

@jonringer
Copy link
Contributor

jonringer commented Nov 6, 2020

This likely wont get merged until the current staging-20.09 gets merged

@ofborg ofborg bot added 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. and removed 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. labels Nov 6, 2020
@jonringer
Copy link
Contributor

jonringer commented Nov 6, 2020
edited
Loading

@GrahamcOfBorg eval

shouldn't have "package new"

@ofborg ofborg bot removed the 6.topic: haskell General-purpose, statically typed, purely functional programming language label Nov 6, 2020
@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. and removed 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: python Python is a high-level, general-purpose programming language. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. labels Nov 6, 2020
@roberth
Copy link
Member

roberth commented Nov 9, 2020

@jonringer Hydra is not picking up on the new build timeout for GHC, blocking staging-20.09. A mass rebuild may be exactly what we need, so we get a new hash, therefore a new "Build" and possibly an increased timeout.

See also NixOS/hydra#830
and https://hydra.nixos.org/build/129420286

@roberth roberth merged commit 8d08d51 into NixOS:staging-20.09 Nov 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cdepillabout cdepillabout Awaiting requested review from cdepillabout

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@redvers @jonringer @roberth @TredwellGit