Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

thunderbird, thunderbird-bin: 68.1.1 -> 68.2.2 [Critical security fixes] #72006

Merged
merged 6 commits into from Nov 8, 2019
Merged

thunderbird, thunderbird-bin: 68.1.1 -> 68.2.2 [Critical security fixes] #72006

merged 6 commits into from Nov 8, 2019

Conversation

taku0
Copy link
Contributor

@taku0 taku0 commented Oct 26, 2019

Motivation for this change
  • Critical security fixes
  • Other updates

https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @Fuuzetsu, @nbp, @edolstra

@ofborg ofborg bot requested review from edolstra, Fuuzetsu and nbp October 26, 2019 07:11
@taku0 taku0 changed the title thunderbird, thunderbird-bin: 68.1.1 -> 68.2.0 [Critical security fixes] thunderbird, thunderbird-bin: 68.1.1 -> 68.2.1 [Critical security fixes] Nov 1, 2019
@taku0
Copy link
Contributor Author

taku0 commented Nov 1, 2019

Updated to 68.2.1.
cc @Fuuzetsu, @nbp, @edolstra

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

Updated to 68.2.2.
cc @Fuuzetsu, @nbp, @edolstra, @vcunat
Please review this. Critical security fixes have been not merged for 2 weeks.

@taku0 taku0 changed the title thunderbird, thunderbird-bin: 68.1.1 -> 68.2.1 [Critical security fixes] thunderbird, thunderbird-bin: 68.1.1 -> 68.2.2 [Critical security fixes] Nov 8, 2019
@andir andir self-assigned this Nov 8, 2019
@andir
Copy link
Member

andir commented Nov 8, 2019

The compilation fails on master. Probably due to some rustc version changes. On my 19.09 backport branch it works fine.

@taku0 Any idea if they already have a patch for newer rustc?

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

@taku0 Any idea if they already have a patch for newer rustc?

I have no idea. FYI, firefox also suffers from the issue.
#73023

@andir
Copy link
Member

andir commented Nov 8, 2019

https://bugzilla.mozilla.org/show_bug.cgi?id=1585223 seems to be relevant

@andir
Copy link
Member

andir commented Nov 8, 2019

As it looks this time around Mozilla tries to dicatate older versions of rustc..
Here is another bugzilla entry on the same topic https://bugzilla.mozilla.org/show_bug.cgi?id=1585099

@andir
Copy link
Member

andir commented Nov 8, 2019

@taku0 seems like you want to pick https://hg.mozilla.org/releases/mozilla-esr68/rev/f0020f517832 as patch on top of this

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019
edited

@andir
The patch is already applied to 68.2.2, and I removed it from thunderbird/default.nix.

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

Possible options:

  • Wait for an upstream patch.
  • Change rustc and related packages to have multiple rustc packages in nixpkgs.
  • Write a patch ourselves.

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

Or just reverting rustc?

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

I'll try to have multiple rustc packages in nixpkgs.

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

I have confirmed that the error is same as firefox (#73023):

error[E0204]: the trait `Copy` may not be implemented for this type
  --> /build/objdir/x86_64-unknown-linux-gnu/release/build/style-f0201ccbb62104fd/out/gecko/structs.rs:23:297444

@taku0 taku0 mentioned this pull request Nov 8, 2019
Merged
10 tasks
@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

Made PR #73039 for rustc. When #73039 is merged, I will rebase on it.

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

Built and ran thunderbird successfully with #73039.

vcunat added a commit that referenced this pull request Nov 8, 2019
@vcunat
Merge: thunderbird*: 68.1.1 -> 68.2.2 (security)
87376e8 
...into release-19.09.  Picked from PR #72006.
@vcunat
Copy link
Member

vcunat commented Nov 8, 2019

For 19.09 this seemed clear and worked for me well, so I pushed there already.

@taku0
Copy link
Contributor Author

taku0 commented Nov 8, 2019

#73039 is merged. Rebased on the master. Now it's ready to merge.

@andir andir merged commit b62f324 into NixOS:master Nov 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra Awaiting requested review from edolstra

@Fuuzetsu Fuuzetsu Awaiting requested review from Fuuzetsu

@nbp nbp Awaiting requested review from nbp

Assignees

@andir andir

Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@taku0 @andir @vcunat @veprbl