Skip to content

arangodb_3_3: drop, arangodb_3_4, arangodb_3_5: mark vulnerable to CVE-2021-25938#198549

Closed
LeSuisse wants to merge 2 commits intoNixOS:masterfrom
LeSuisse:arangodb-drop-3.3
Closed

arangodb_3_3: drop, arangodb_3_4, arangodb_3_5: mark vulnerable to CVE-2021-25938#198549
LeSuisse wants to merge 2 commits intoNixOS:masterfrom
LeSuisse:arangodb-drop-3.3

Conversation

@LeSuisse
Copy link
Member

@LeSuisse LeSuisse commented Oct 29, 2022

Description of changes

ArangoDB 3.3 is broken and not supported upstream anymore.
3.4 and 3.5 are also not supported anymore but at least they build.
Upgrading to 3.10 seems to require some additional work so for the time being the contribution removes the broken package and mark the remaining as vulnerable.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@LeSuisse
arangodb_3_3: drop
bf57cc7 
ArangoDB 3.3 is broken and no more supported upstream.
3.4 and 3.5 are not supported anymore but at least they build.
Upgrading to 3.10 seems to require some additional work.
@LeSuisse
arangodb_3_4, arangodb_3_5: mark vulnerable to CVE-2021-25938
4b9d1b9
@ofborg ofborg bot added 8.has: clean-up This PR removes packages or removes other cruft 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Oct 29, 2022
@ajs124
Copy link
Member

ajs124 commented Nov 11, 2022

needs a rebase

@LeSuisse
Copy link
Member Author

LeSuisse commented Nov 12, 2022

A more aggressive change was merged, this is not needed anymore. See #194670

@LeSuisse LeSuisse closed this Nov 12, 2022
@LeSuisse LeSuisse deleted the arangodb-drop-3.3 branch November 12, 2022 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anthonyroussel anthonyroussel anthonyroussel approved these changes

Assignees

No one assigned

Labels

8.has: clean-up This PR removes packages or removes other cruft 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LeSuisse @ajs124 @anthonyroussel