New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[r19.09] musl: 1.1.2x -> 1.1.24 (security) #73758
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nix-review
is happy with this:
[58 built, 1735 copied (9701.9 MiB), 1176.3 MiB DL]
https://github.com/NixOS/nixpkgs/pull/73758
1 package are marked as broken and were skipped:
nix-exec
50 package were build:
bundix busybox-sandbox-shell cabal2nix cachix common-updater-scripts crystal2nix dep2nix discover disnix disnixos fusionInventory gnome3.gnome-packagekit gnome3.gnome-software simple-scan go2nix haskellPackages.cachix haskellPackages.nix-paths hydra lispPackages.quicklisp-to-nix lispPackages.quicklisp-to-nix-system-info lorri musl nix nix-bundle nix-du nix-index nix-pin nix-plugins nix-prefetch nix-prefetch-bzr nix-prefetch-cvs nix-prefetch-docker nix-prefetch-git nix-prefetch-hg nix-prefetch-scripts nix-prefetch-svn nix-review nix-serve nix-update-source nixFlakes nixUnstable nixos-generators nixui packagekit packagekit-qt pypi2nix python37Packages.nixpkgs python37Packages.pythonix vgo2nix vulnix
https://www.openwall.com/lists/musl/2019/10/13/5 Apparently 1.1.23 never made it to nixpkgs proper (?!), see: https://git.musl-libc.org/cgit/musl/commit/?id=b07d45eb01e900f0176894fdedab62285f5cb8be (sorry I apparently dropped the ball here) (cherry picked from commit 1263a71)
6b92fa3
to
30843ef
Compare
Cherry-picked with |
Currently checking if some of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for backporting!
I'm unaware of anything other than fixes and improvements in this set of upgrades, I think it's safe. And well motivated by the security fix.
@dtzWill: Well, there was pretty much zero effort of "backporting", just noticed that this could be useful for 19.09 too, that's all. Thanks for taking a look! |
Motivation for this change
I think it's worth considering to backport this fix for 19.09 too, as it's rated as critical.
Addresses: #73668
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @dtzWill