[20.03] ant: 1.10.2 -> 1.10.9 [20.03] #102838
Conversation
redvers
added
the
1.severity: security
There was a problem hiding this comment.
Please backport all version bumps leading up to this one from master.
https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#backporting-changes
Do I then squash those commits to one, or leave them as two/more commits? |
redvers
changed the title
|
We like to keep the papertrail intact, which |
When you say cherry-pick from master - does that always mean from nixos/nixpkgs master? ... or can thhat be from my master? |
|
We need to wait for commits to be on nixpkgs master before you pick them, since the commit Ids can still change. So in case of a backport you can only do that, once the commits have hit nixpkgs/master. |
Guess I'll have to redo all those pull requests then - darn it. About to tag you on one I think I've followed your procedure on. Please poke me if I'm wrong on it. |
|
Please also pick commit |
|
This is my problem... I can't cherry pick these: More than one update in that commit. |
|
That mentioned commit is a merge commit. If you look at `git log
--graph` you see the following two commits in that branch that was
merged:
```
* commit d93c4e2
|\ Merge: 9ca1f49 c7224f1
| | Author: Florian Klink <flokli@flokli.de>
| | Date: Mon Aug 17 00:34:42 2020 +0200
| |
| | Merge pull request #95600 from dasj19/ant-updates
| |
| | apache ant: 1.9.6 -> 1.9.15; 1.10.2 -> 1.10.8
| |
| * commit c7224f1
| | Author: Daniel Șerbănescu <daniel@serbanescu.dk>
| | Date: Sun Aug 16 17:19:35 2020 +0200
| |
| | ant: 1.10.2 -> 1.10.8
| |
| * commit 9072b63
| | Author: Daniel Șerbănescu <daniel@serbanescu.dk>
| | Date: Sun Aug 16 17:19:01 2020 +0200
| |
| | ant: 1.9.6 -> 1.9.15
| |
```
You should pick each of them (in order) individually instead of trying
to pick the merge commit.
…On 17:34 11.11.20, Redvers Davies wrote:
This is my problem... I can't cherry pick these:
```
commit d93c4e2
Merge: 9ca1f49 c7224f1
Author: Florian Klink ***@***.***>
Date: Mon Aug 17 00:34:42 2020 +0200
Merge pull request #95600 from dasj19/ant-updates
apache ant: 1.9.6 -> 1.9.15; 1.10.2 -> 1.10.8
```
More than one update in that commit.
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#102838 (comment)
|
|
They won't commit because the git log history for that file looks like this: 84cf00f has never been applied to 20.03 and since that has changes for 9,648 files I can't really apply that one first. I don't know how to proceed. |
|
Just the apply the two ant commits and fix the conflict locally. |
|
Thank you for your contribution. Unfortunately it is not in a state to be merged as-is, and NixOS 20.03 is EOL as of today. Closing. |
Motivation for this change
Addresses #88268 - CVE-2020-1945
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)