Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport teams workaround fix for 20.09 #105225

Closed
wants to merge 2,090 commits into from
Closed

Backport teams workaround fix for 20.09 #105225

wants to merge 2,090 commits into from

Conversation

otavio
Copy link
Contributor

@otavio otavio commented Nov 28, 2020

Motivation for this change

This is a backport of a fix from unstable which I've been using for some days.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

primeos and others added 30 commits November 13, 2020 11:21
@primeos
chromium: 86.0.4240.193 -> 86.0.4240.198
ded16fc 
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html

This update includes 2 security fixes. Google is aware of reports that
exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

CVEs: CVE-2020-16013 CVE-2020-16017
(cherry picked from commit b91153f)
Backport of NixOS#103595.
@primeos
Merge pull request NixOS#102758 from primeos/chromium-backport
caadf99 
[20.09] chromium, llvm_11: Backport additional patches
@chkno @erictapen
tor-browser-bundle-bin: Fix extension path. Fixes NoScript.
306596c 
(cherry picked from commit 4117c0b)
@xaverdh @erictapen
tor-browser-bundle-bin: 10.0.2 -> 10.0.4
932c65a 
(cherry picked from commit 9e8f4ff)
@mweinelt @erictapen
librdf_raptor2: add patch for CVE-2017-18926
a62679c 
Fixes two heap overflows in the raptor2 rdf parsing library.

https://www.openwall.com/lists/oss-security/2017/06/07/1
(cherry picked from commit 22140b2)
@mweinelt
microcodeIntel: 20200616 -> 20201110
c89ffdc 
Release notes:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201110

Security advisories:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

Fixes: CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
(cherry picked from commit a79902f)
@mweinelt
microcodeIntel: 20201110 -> 20201112
3daf409 
Update to Pentium Silver N/J5xxx, Celeron N/J4xxx

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

Fixes: CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
(cherry picked from commit eaf889a)
@bennyandresen
babashka: remove meta.broken flag
9e75778
@bennyandresen
clj-kondo: remove meta.broken flag
6e8a00d
@timokau
Merge pull request NixOS#103598 from bennyandresen/backport__gralvm_b…
4b81fc8 
…abashka_clj-kondo

[20.09] backport of graalvm{8,11}-ce, babashka clj kondo
@srhb
Merge pull request NixOS#103621 from srhb/k8s-1.19.4-20.09
29e9c10 
kubernetes: 1.19.3 -> 1.19.4
@andir
Merge pull request NixOS#103708 from mweinelt/20.09/microcodeIntel
1532d7b 
[20.09] microcodeIntel: 20200616 -> 20201112
@marsam
vscode: 1.48.2 -> 1.49.1
2c36643 
(cherry picked from commit d34dafc)
@marsam
vscodium: 1.48.2 -> 1.49.1
d135469 
(cherry picked from commit 0e6477d)
@marsam
vscode: 1.49.1 -> 1.49.3
51bd438 
(cherry picked from commit 234f8fb)
@marsam
vscodium: 1.49.1 -> 1.49.3
94bb0c2 
(cherry picked from commit 0d4b52a)
@marsam
vscode: 1.49.3 -> 1.50.0
f109b56 
(cherry picked from commit 3303b8a)
@marsam
vscodium: 1.49.3 -> 1.50.0
da68dbc 
(cherry picked from commit c29e980)
@turion @marsam
vscode, vscodium: 1.50.0 -> 1.50.1
b1d6c9d 
(cherry picked from commit ffb7a61)
@marsam
vscodium: 1.50.1 -> 1.51.0
6d7b89f 
(cherry picked from commit d8d1dc1)
@marsam
vscode: 1.50.1 -> 1.51.0
245cdfc 
(cherry picked from commit 55fc82d)
@JesusMtnez @marsam
vscodium: 1.51.0 -> 1.51.1
8bdd825 
(cherry picked from commit bca0c78)
@JesusMtnez @marsam
vscode: 1.51.0 -> 1.51.1
7f5d9ec 
(cherry picked from commit aa9a29c)
@zowoq
go_1_14: 1.14.9 -> 1.14.10
9330680 
(cherry picked from commit 4f282b1)
@zowoq
go_1_15: 1.15.2 -> 1.15.3
1c6f850 
(cherry picked from commit 6084c2e)
@zowoq
go_1_14: 1.14.10 -> 1.14.11
afaf860 
(cherry picked from commit ffb658f)
@zowoq
go_1_15: 1.15.3 -> 1.15.4
73c2044 
(cherry picked from commit d1febbe)
@zowoq
go_1_14: 1.14.11 -> 1.14.12
6d90a7f 
(cherry picked from commit 1692a8a)
@zowoq
go_1_15: 1.15.4 -> 1.15.5
808f249 
(cherry picked from commit a259136)
@jmpunkt
libreoffice-qt: wrap application
9ec5ef5 
Libreoffice-qt is not wrapped, thus does not launch. Notice that
wrapQtQAppsHook is used manually since all executables are shell
scripts which are not wrapped automatically.

(cherry picked from commit ea12d88)
@FRidh FRidh closed this Nov 28, 2020
@FRidh
Copy link
Member

FRidh commented Nov 28, 2020

Pushed 5d382be.

@otavio
Copy link
Contributor Author

otavio commented Nov 28, 2020

@FredeEB how should I send backport request?

@FredeEB
Copy link
Contributor

FredeEB commented Nov 28, 2020

@otavio I am not sure what you mean, i haven't had anything to do with nixpkgs in a long time as far as i remember

@jonringer
Copy link
Contributor

@otavio

When backporting changes, please follow https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#backporting-changes.

Namely, you should be doing git cherry-pick -x <rev> from a commit that has already landed in master. If the branches have diverged, you may alter the commit or add another commit to ensure that the package is able to still evaluate and build

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adisbladis adisbladis Awaiting requested review from adisbladis adisbladis is a code owner

@alyssais alyssais Awaiting requested review from alyssais alyssais is a code owner

@andir andir Awaiting requested review from andir

@cdepillabout cdepillabout Awaiting requested review from cdepillabout

@edwtjo edwtjo Awaiting requested review from edwtjo edwtjo is a code owner

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

@FRidh FRidh Awaiting requested review from FRidh

@infinisil infinisil Awaiting requested review from infinisil infinisil is a code owner

@joachifm joachifm Awaiting requested review from joachifm joachifm is a code owner

@jonringer jonringer Awaiting requested review from jonringer

@kalbasit kalbasit Awaiting requested review from kalbasit kalbasit is a code owner

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

@Mic92 Mic92 Awaiting requested review from Mic92 Mic92 is a code owner

@mmahut mmahut Awaiting requested review from mmahut mmahut is a code owner

@nbp nbp Awaiting requested review from nbp

@Profpatsch Profpatsch Awaiting requested review from Profpatsch Profpatsch is a code owner

@RaghavSood RaghavSood Awaiting requested review from RaghavSood RaghavSood is a code owner

@roberth roberth Awaiting requested review from roberth roberth is a code owner

@stigtsp stigtsp Awaiting requested review from stigtsp stigtsp is a code owner

@tfc tfc Awaiting requested review from tfc tfc is a code owner

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice thoughtpolice is a code owner

@ttuegel ttuegel Awaiting requested review from ttuegel ttuegel is a code owner

@zowoq zowoq Awaiting requested review from zowoq zowoq is a code owner

@edolstra edolstra Awaiting requested review from edolstra

Assignees
No one assigned
Labels
2.status: merge conflict 6.topic: cinnamon 6.topic: emacs 6.topic: erlang 6.topic: fetch 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: golang 6.topic: haskell 6.topic: lua 6.topic: nixos 6.topic: pantheon The Pantheon desktop environment 6.topic: policy discussion 6.topic: python 6.topic: qt/kde 6.topic: ruby 6.topic: rust 6.topic: steam 6.topic: TeX Issues regarding texlive and TeX in general 6.topic: vim 8.has: changelog 8.has: documentation 8.has: module (update)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet