Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opentsdb: mark as insecure #110775

Merged
merged 1 commit into from Jan 25, 2021
Merged

opentsdb: mark as insecure #110775

merged 1 commit into from Jan 25, 2021

Conversation

dotlambda
Copy link
Member

Motivation for this change

OpenTSDB/opentsdb#2051 has not been addressed yet
fixes #109205

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

cc @ocharles

@dotlambda dotlambda added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Jan 25, 2021
SuperSandro2000
SuperSandro2000 reviewed Jan 25, 2021
View reviewed changes
Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we want to remove it entirely because it has no maintainer either.

@dotlambda
Copy link
Member Author

Maybe we want to remove it entirely because it has no maintainer either.

It is at the most recent version (see https://github.com/OpenTSDB/opentsdb/releases) and the repo had a commit as recently as October, so as long as it's working I wouldn't remove it.

@SuperSandro2000 SuperSandro2000 merged commit b7097b6 into NixOS:master Jan 25, 2021
@dotlambda dotlambda deleted the opentsdb-insecure branch January 25, 2021 17:56
@dotlambda
Copy link
Member Author

backport: #110801

@erictapen erictapen added 8.has: port to stable A PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. labels Jan 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@rickynils rickynils Awaiting requested review from rickynils

@gebner gebner Awaiting requested review from gebner

@vcunat vcunat Awaiting requested review from vcunat

Assignees
No one assigned
Labels
1.severity: security 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability roundup 98: opentsdb-2.4.0: 1 advisory [9.8]
3 participants
@dotlambda @SuperSandro2000 @erictapen