New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cryptopp: 8.2.0 -> 8.4.0 #110555
cryptopp: 8.2.0 -> 8.4.0 #110555
Conversation
The build of dependent package Result of 2 packages marked as broken and skipped:
1 package failed to build:
10 packages built:
It looks like the issue is caused by a change in |
Broke on master since a longer time, too. Feel free to mark it broken. |
67b9c0e
to
c7cd88d
Compare
This is a semi-automatic executed nixpkgs-review which is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch). Result of 3 packages marked as broken and skipped:
1 package built:
|
This is a semi-automatic executed nixpkgs-review which is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch). Result of 2 packages marked as broken and skipped:
10 packages built:
The following issues got detected with the above build packages. megasync: Please consider this feature to be alpha. A substituteInPlace with an unmatched pattern got detected:
Please check the offending substituteInPlace for typos or changes in source. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please put the scylladb change in a separate commit.
c7cd88d
to
13a9576
Compare
Done, thanks for the review @dotlambda. |
The docker-compose commit shouldn't be here. |
The package does not build due to changes in Boost.
13a9576
to
eefdd09
Compare
Sorry about that :/ |
@LeSuisse Will you do the PR for 20.09? |
Yes I'm going to open it. |
@LeSuisse Are you sure that this fixes CVE-2019-14318? The release notes and this comment read like the vuln was actually reintroduced in 8.4.0, which might be still better as before, according to the commiter. I guess its still good to have the newest version on unstable, I'll just vouch to revert the backport then, as it also broke a few packages. Also pinging the maintainer here: @c0bw3b |
It looks like you are right. I got confused by the release notes (and it's not very common to re-introduce voluntarily a vulnerability). |
Motivation for this change
Fixes CVE-2019-14318.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)