Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

thunderbird, thunderbird-bin: 68.2.2 -> 68.3.0 [High security fixes] #74973

Closed
wants to merge 2 commits into from
Closed

thunderbird, thunderbird-bin: 68.2.2 -> 68.3.0 [High security fixes] #74973

wants to merge 2 commits into from

Conversation

taku0
Copy link
Contributor

@taku0 taku0 commented Dec 4, 2019
edited

Motivation for this change
  • High security fixes.
  • Other bug fixes and updates.

https://www.thunderbird.net/en-US/thunderbird/68.3.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Tested both thunderbird-bin and thunderbird.

Notify maintainers

cc @Fuuzetsu, @nbp, @edolstra

@ofborg ofborg bot requested review from edolstra and nbp December 4, 2019 11:44
@das-g das-g mentioned this pull request Dec 7, 2019
Closed
10 tasks
@taku0 taku0 changed the title thunderbird, thunderbird-bin: 68.2.2 -> 68.3.0 thunderbird, thunderbird-bin: 68.2.2 -> 68.3.0 [High security fixes] Dec 7, 2019
das-g
das-g reviewed Dec 7, 2019
View reviewed changes
Copy link
Member

@das-g das-g left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, but I have a question:

pkgs/applications/networking/mailreaders/thunderbird/default.nix Outdated
@@ -53,7 +53,7 @@ in stdenv.mkDerivation rec {
# Remove buildconfig.html to prevent a dependency on clang etc.
./no-buildconfig.patch
]
++ lib.optional (lib.versionOlder version "69")
++ lib.optional (lib.versionOlder version "68.3.0")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean that 68.3.0 itself shall not have this patch applied?

If so, is it nonetheless best practice to leave that lib.optional clause in the derivation, now that the version is at that level?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the patch.

@lovesegfault
Copy link
Member

I'll suggest that this be superseded by #75328.

@das-g
Copy link
Member

das-g commented Dec 9, 2019

I'll suggest that this be superseded by #75328.

#75328 makes much more extensive changes than #74973, which might therefore also be more difficult and time-consuming to review and might warrant more testing. So unless these changes are all needed to be able to bump the version without issues, I'd suggest to get in just the version bump first by reviewing and merging #74973 and then focus on the the remaining changes of #75328.

That way, we'd get the open security issues out of the way sooner and we'll be able also easily backport the version bump to the stable 19.09 channel (already ongoing in #75126) to make it more secure, too, without introducing changes too overreaching for a "stable" branch. We could then (or already in parallel) review #75328 without haste and if some changes of #75328 turn out to be controversial, that won't delay getting out the security fixes.

@lovesegfault
Copy link
Member

@das-g Fair enough, agreed :)

@lovesegfault
Copy link
Member

This should be closed since #75328 was merged.

@taku0 taku0 closed this Dec 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@das-g das-g das-g approved these changes

@edolstra edolstra Awaiting requested review from edolstra

@nbp nbp Awaiting requested review from nbp

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@taku0 @lovesegfault @das-g