ghostscript: 10.01.1 -> 10.01.2#243316
Conversation
|
I have really done the bare minimum here, ie update the version number and the hash, and tested the build locally. I understand this may cause a lot of changes around nixpkgs. Should this PR target staging instead of master? About testing, what else can I do to help show it's not breaking everything? |
|
This PR rebuilds a lot of packages which means we must target staging. Please follow the contributing guide to not potentially ping a lot of people. |
|
There, did a rebase "on the merge base between the current and target branch" (master and staging). I checked with the "new PR UI thingy" from github, from my branch to staging, and it showed only one change, so I think this is good? |
|
Please fix the typo in the commit message |
Minor update to counter CVE-2023-36664 Closes NixOS#243250
|
CVE-2023-36664 is a critical security vulnerability, so this update needs to be merged and backported ASAP. |
|
Backport failed for Please cherry-pick the changes locally. git fetch origin staging-23.05
git worktree add -d .worktree/backport-243316-to-staging-23.05 origin/staging-23.05
cd .worktree/backport-243316-to-staging-23.05
git checkout -b backport-243316-to-staging-23.05
ancref=$(git merge-base 3020304ac52f07e3d314e3a339fc73cc94079b7c cd5749c5b05da7cf1b7053391e8918eaa26a9079)
git cherry-pick -x $ancref..cd5749c5b05da7cf1b7053391e8918eaa26a9079 |
|
A bit confused with the procedure to manually create a backport to 23.05. The docs assume the change is merged to |
|
@jpotier since its just 1 commit you can checkout |
|
Is it my responsibility to merge this to staging-next, and then master after some time? From (https://nixos.org/manual/nixpkgs/unstable/#submitting-changes-branches) I can see that the process is manual. And if not me, then who does it? |
your PR is merged into at some point current that will be merged into master at some point long story short, you don't need to do anything |
|
Mostly I am coordinating it, in the past few years.
|
..into staging-next. This is a topologically earlier re-merge, as it seems fairly important security fix and not that huge rebuild.
|
Cheers! Thanks for all the hard work |
|
Likewise 🙂 |


Minor update to counter CVE-2023-36664
Closes #243250
Description of changes
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)