[staging] git: 2.39.0 → 2.39.1#211281
Conversation
|
Currently building/testing. |
|
Built on NixOS (x86_64-linux) |
|
Previous update went trough staging: #205682 |
|
I think we should go through staging. |
|
I am concerned that this would affect Hydra. As far as I understand this an adversary could use a new PR to get RCE. |
|
Hydra.nixos.org doesn't touch PRs (automatically). |
|
How do you imagine this could happen? |
|
AFAIK it does not. |
Advisories: - https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/ CVEs: - CVE-2022-23521 - CVE-2022-41903 - CVE-2022-41953
|
Can we get a rebuild count estimation first? |
|
Rebased on merge-base of origin/staging origin/master so it should be easy to change target and merge to either staging or main branch. |
there is none open right now. |
|
Currently running |
|
Probably very similar amounts as recent git updates: #205682 |
|
There was a problem hiding this comment.
There seems to be no follow up to #209180 yet, so staging it yes.
Not sure why ofborg failed to build it but I can't load the logs.
Edit: related to passthru tests, to be exact buildbot.
@ofborg build git
Planning to merge this rather sooner than later.
@vcunat maybe we can do a fast staging-next run?
|
Oh, yeah 22.11 was already merged. |
Advisories:
CVEs:
Description of changes
Things done
gitFull)gitFull)gitFull)sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes