Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.09] mariadb: 10.4.14 -> 10.4.15 (CVE-2020-15180) #101463

Merged
merged 1 commit into from Oct 23, 2020
Merged

[20.09] mariadb: 10.4.14 -> 10.4.15 (CVE-2020-15180) #101463

merged 1 commit into from Oct 23, 2020

Conversation

stigtsp
Copy link
Member

@stigtsp stigtsp commented Oct 23, 2020

Fixes CVE-2020-15180

https://mariadb.com/kb/en/mariadb-10415-release-notes/

Backport of #101452

@NixOS/nixos-release-managers

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@stigtsp
mariadb: 10.4.14 -> 10.4.15
b846989 
Fixes CVE-2020-15180

(cherry picked from commit 2929f5e)
@ofborg ofborg bot requested a review from thoughtpolice October 23, 2020 13:00
@andir andir self-assigned this Oct 23, 2020
@stigtsp stigtsp mentioned this pull request Oct 23, 2020
Merged
10 tasks
@andir
Copy link
Member

andir commented Oct 23, 2020

Result of nixpkgs-review pr 101463 1

56 packages marked as broken and skipped:
  • akonadi
  • akregator
  • calligra
  • kaddressbook
  • kgpg
  • kmail
  • kmymoney
  • kontact
  • korganizer
  • libsForQt5.akonadi-calendar
  • libsForQt5.akonadi-contacts
  • libsForQt5.akonadi-import-wizard
  • libsForQt5.akonadi-mime
  • libsForQt5.akonadi-notes
  • libsForQt5.akonadi-search
  • libsForQt5.calendarsupport
  • libsForQt5.eventviews
  • libsForQt5.incidenceeditor
  • libsForQt5.kalarmcal
  • libsForQt5.kdepim-addons
  • libsForQt5.kdepim-apps-libs
  • libsForQt5.kdepim-runtime
  • libsForQt5.kmail-account-wizard
  • libsForQt5.kmailtransport
  • libsForQt5.libgravatar
  • libsForQt5.libkdepim
  • libsForQt5.libksieve
  • libsForQt5.mailcommon
  • libsForQt5.mailimporter
  • libsForQt5.messagelib
  • libsForQt5.pim-sieve-editor
  • libsForQt5.pimcommon
  • libsForQt515.akonadi-calendar
  • libsForQt515.akonadi-contacts
  • libsForQt515.akonadi-import-wizard
  • libsForQt515.akonadi-mime
  • libsForQt515.akonadi-notes
  • libsForQt515.akonadi-search
  • libsForQt515.calendarsupport
  • libsForQt515.eventviews
  • libsForQt515.incidenceeditor
  • libsForQt515.kalarmcal
  • libsForQt515.kdepim-addons
  • libsForQt515.kdepim-apps-libs
  • libsForQt515.kdepim-runtime
  • libsForQt515.kmail-account-wizard
  • libsForQt515.kmailtransport
  • libsForQt515.libgravatar
  • libsForQt515.libkdepim
  • libsForQt515.libksieve
  • libsForQt515.mailcommon
  • libsForQt515.mailimporter
  • libsForQt515.messagelib
  • libsForQt515.pim-sieve-editor
  • libsForQt515.pimcommon
  • unixODBCDrivers.mysql
24 packages failed to build:
  • libsForQt512.akonadi-calendar
  • libsForQt512.akonadi-contacts
  • libsForQt512.akonadi-import-wizard
  • libsForQt512.akonadi-mime
  • libsForQt512.akonadi-notes
  • libsForQt512.akonadi-search
  • libsForQt512.calendarsupport
  • libsForQt512.eventviews
  • libsForQt512.incidenceeditor
  • libsForQt512.kalarmcal
  • libsForQt512.kdepim-addons
  • libsForQt512.kdepim-apps-libs
  • libsForQt512.kdepim-runtime
  • libsForQt512.kmail-account-wizard
  • libsForQt512.kmailtransport
  • libsForQt512.libgravatar
  • libsForQt512.libkdepim
  • libsForQt512.libksieve
  • libsForQt512.mailcommon
  • libsForQt512.mailimporter
  • libsForQt512.messagelib
  • libsForQt512.pim-sieve-editor
  • libsForQt512.pimcommon
  • zanshin
39 packages built:
  • automysqlbackup
  • diesel-cli
  • digikam
  • libsForQt514.akonadi-calendar
  • libsForQt514.akonadi-contacts
  • libsForQt514.akonadi-import-wizard
  • libsForQt514.akonadi-mime
  • libsForQt514.akonadi-notes
  • libsForQt514.akonadi-search
  • libsForQt514.calendarsupport
  • libsForQt514.eventviews
  • libsForQt514.incidenceeditor
  • libsForQt514.kalarmcal
  • libsForQt514.kdepim-addons
  • libsForQt514.kdepim-apps-libs
  • libsForQt514.kdepim-runtime
  • libsForQt514.kmail-account-wizard
  • libsForQt514.kmailtransport
  • libsForQt514.libgravatar
  • libsForQt514.libkdepim
  • libsForQt514.libksieve
  • libsForQt514.mailcommon
  • libsForQt514.mailimporter
  • libsForQt514.messagelib
  • libsForQt514.pim-sieve-editor
  • libsForQt514.pimcommon
  • lua51Packages.luadbi-mysql
  • luaPackages.luadbi-mysql (lua52Packages.luadbi-mysql)
  • lua53Packages.luadbi-mysql
  • luajitPackages.luadbi-mysql
  • mysql (mariadb)
  • perl530Packages.MySQLDiff
  • perl532Packages.MySQLDiff
  • shmig
  • snabb
  • sogo
  • sope
  • trojita
  • zoneminder

@andir
Copy link
Member

andir commented Oct 23, 2020
edited

Is there anyone that can judge on the baseline of failed kde packages? The unstable PR looked more healthy.

EDIT:

This looks fine after all:

CMake Error at CMakeLists.txt:27 (find_package):
  Could not find a configuration file for package "Qt5" that is compatible
  with requested version "5.13.0".

  The following configuration files were considered but not accepted:

    /nix/store/ggggca1rln77a3nhcrp92f67hhr11sc0-qtbase-5.12.7-dev/lib/cmake/Qt5/Qt5Config.cmake, version: 5.12.7

Those failures are probably almost all the same.

@jonringer
Copy link
Contributor

I got it.

@jonringer
Copy link
Contributor

better question would be, why is mariadb causing kde rebuilds?

@jonringer
Copy link
Contributor

looks to be specific to akonadi, and then other packages import akonadi

@aanderse
Copy link
Member

better question would be, why is mariadb causing kde rebuilds?

Pretty sure mariadb is baked into qt because of the QSql modules.

@jonringer
Copy link
Contributor

better question would be, why is mariadb causing kde rebuilds?

Pretty sure mariadb is baked into qt because of the QSql modules.

I think that's true for the maria-connector but actual mariadb, seems to be akonadi

jonringer
jonringer approved these changes Oct 23, 2020
View reviewed changes
Copy link
Contributor

@jonringer jonringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

failures are broken on target branch

https://github.com/NixOS/nixpkgs/pull/101463
56 packages marked as broken and skipped:
akonadi akregator calligra kaddressbook kgpg kmail kmymoney kontact korganizer libsForQt5.akonadi-calendar libsForQt5.akonadi-contacts libsForQt5.akonadi-import-wizard libsForQt5.akonadi-mime libsForQt5.akonadi-notes libsForQt5.akonadi-search libsForQt5.calendarsupport libsForQt5.eventviews libsForQt5.incidenceeditor libsForQt5.kalarmcal libsForQt5.kdepim-addons libsForQt5.kdepim-apps-libs libsForQt5.kdepim-runtime libsForQt5.kmail-account-wizard libsForQt5.kmailtransport libsForQt5.libgravatar libsForQt5.libkdepim libsForQt5.libksieve libsForQt5.mailcommon libsForQt5.mailimporter libsForQt5.messagelib libsForQt5.pim-sieve-editor libsForQt5.pimcommon libsForQt515.akonadi-calendar libsForQt515.akonadi-contacts libsForQt515.akonadi-import-wizard libsForQt515.akonadi-mime libsForQt515.akonadi-notes libsForQt515.akonadi-search libsForQt515.calendarsupport libsForQt515.eventviews libsForQt515.incidenceeditor libsForQt515.kalarmcal libsForQt515.kdepim-addons libsForQt515.kdepim-apps-libs libsForQt515.kdepim-runtime libsForQt515.kmail-account-wizard libsForQt515.kmailtransport libsForQt515.libgravatar libsForQt515.libkdepim libsForQt515.libksieve libsForQt515.mailcommon libsForQt515.mailimporter libsForQt515.messagelib libsForQt515.pim-sieve-editor libsForQt515.pimcommon unixODBCDrivers.mysql

24 packages failed to build:
libsForQt512.akonadi-calendar libsForQt512.akonadi-contacts libsForQt512.akonadi-import-wizard libsForQt512.akonadi-mime libsForQt512.akonadi-notes libsForQt512.akonadi-search libsForQt512.calendarsupport libsForQt512.eventviews libsForQt512.incidenceeditor libsForQt512.kalarmcal libsForQt512.kdepim-addons libsForQt512.kdepim-apps-libs libsForQt512.kdepim-runtime libsForQt512.kmail-account-wizard libsForQt512.kmailtransport libsForQt512.libgravatar libsForQt512.libkdepim libsForQt512.libksieve libsForQt512.mailcommon libsForQt512.mailimporter libsForQt512.messagelib libsForQt512.pim-sieve-editor libsForQt512.pimcommon zanshin

39 packages built:
automysqlbackup diesel-cli digikam libsForQt514.akonadi-calendar libsForQt514.akonadi-contacts libsForQt514.akonadi-import-wizard libsForQt514.akonadi-mime libsForQt514.akonadi-notes libsForQt514.akonadi-search libsForQt514.calendarsupport libsForQt514.eventviews libsForQt514.incidenceeditor libsForQt514.kalarmcal libsForQt514.kdepim-addons libsForQt514.kdepim-apps-libs libsForQt514.kdepim-runtime libsForQt514.kmail-account-wizard libsForQt514.kmailtransport libsForQt514.libgravatar libsForQt514.libkdepim libsForQt514.libksieve libsForQt514.mailcommon libsForQt514.mailimporter libsForQt514.messagelib libsForQt514.pim-sieve-editor libsForQt514.pimcommon lua51Packages.luadbi-mysql luaPackages.luadbi-mysql lua53Packages.luadbi-mysql luajitPackages.luadbi-mysql mysql perl530Packages.MySQLDiff perl532Packages.MySQLDiff shmig snabb sogo sope trojita zoneminder

@jonringer jonringer merged commit b58f6e4 into NixOS:release-20.09 Oct 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonringer jonringer jonringer approved these changes

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice

Assignees

@andir andir

Labels
1.severity: security 10.rebuild-darwin: 11-100 10.rebuild-linux: 101-500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@stigtsp @andir @jonringer @aanderse