Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mutt: 2.0.4 -> 2.0.5 #110449

Merged
merged 1 commit into from Jan 22, 2021
Merged

mutt: 2.0.4 -> 2.0.5 #110449

merged 1 commit into from Jan 22, 2021

Conversation

matthiasbeyer
Copy link
Contributor

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@matthiasbeyer
mutt: 2.0.4 -> 2.0.5
3609a43 
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
@ofborg ofborg bot requested a review from rnhmjoj January 22, 2021 08:44
@rnhmjoj
Copy link
Contributor

rnhmjoj commented Jan 22, 2021

It contains a security fix for CVE-2021-3181. We should probably backport this commit: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17i, but I would wait for the more information.

@SuperSandro2000 SuperSandro2000 added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Jan 22, 2021
@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review which is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch).
If you have any questions or problems please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 110449 run on x86_64-linux 1

2 packages built:
  • grepm
  • mutt (mutt-with-sidebar)

@matthiasbeyer
Copy link
Contributor Author

@rnhmjoj why would we need to backport a commit from mutt if the release contains a security fix?

@rnhmjoj
Copy link
Contributor

rnhmjoj commented Jan 22, 2021
edited

@matthiasbeyer I mean backport to the NixOS 20.09. We can't simply bump the version to 2.0.4 because 2.0 has breaking changes.

@matthiasbeyer
Copy link
Contributor Author

Agreed. Sad that the "1.y.z" branch of mutt is not maintained anymore... would be nice for security fixes like this.

@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review which is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch).
If you have any questions or problems please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 110449 run on x86_64-darwin 1

2 packages built:
  • grepm
  • mutt (mutt-with-sidebar)

@matthiasbeyer
Copy link
Contributor Author

I will stop contributing via the github UI now. It starts to annoy me.

rnhmjoj
rnhmjoj approved these changes Jan 22, 2021
View reviewed changes
Copy link
Contributor

@rnhmjoj rnhmjoj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks all good.

@rnhmjoj rnhmjoj merged commit 1bf54f0 into NixOS:master Jan 22, 2021
@matthiasbeyer matthiasbeyer deleted the update-mutt branch January 23, 2021 07:58
@tu-maurice tu-maurice mentioned this pull request Jan 24, 2021
Merged
10 tasks
@TredwellGit TredwellGit added 8.has: port to stable A PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. labels Aug 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rnhmjoj rnhmjoj rnhmjoj approved these changes

@SuperSandro2000 SuperSandro2000 SuperSandro2000 approved these changes

Assignees
No one assigned
Labels
1.severity: security 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@matthiasbeyer @rnhmjoj @SuperSandro2000 @TredwellGit