New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libsass: 3.6.1 -> 3.6.3 #82377
libsass: 3.6.1 -> 3.6.3 #82377
Conversation
@grahamc for security. |
Surprised at the reverse dependency size, but But hey, CVE, so yay mass rebuild :( |
would you mind changing the base branch to |
Contains fix for CVE-2019-18798 and CVE-2019-18799. Fixes NixOS#54804, NixOS#53571, NixOS#57155, NixOS#58266, NixOS#73660.
Done, transplanted to staging. |
@danderson you need to change the base branch in the GitHub UI as well as rebasing. (I’ve done it for you this time.) |
fwiw, we have previously not taken this update because of some regressions it introduces. See #72934. Although I don’t think we know about the security issues then. So I guess there’s a trade off to be made here. Fix the CVEs and break packages, or don’t? Cc @FRidh @hedning @lazka. Maybe we could keep 3.6.1, but just apply the fixes for the CVEs? |
Right, given that this is fixed in gtk, and it's hard to backport the needed fixes, it probably makes sense to merge this as is, and deal with any fallout. Breaking a few themes isn't that big of a deal. I guess the main issue could be broken builds on hydra which consumes too much resources. So we should watch out for that and mark offending derivations as broken. |
@danderson please drop the revert commit and we can merge |
Oops, how did that get pushed. Sorry! Fixed. |
@GrahamcOfBorg build arc-theme |
Somebody probably needs to do a nix-review and mark broken any packages that OOM with a reasonable amount of memory |
Ack. I don't have a machine with the resources to nix-review this right now. Will attempt to locate one and do this. |
Checking themes can be done while its in staging-next so we have a stdenv. |
Building Then I added 16GiB of swap and tried again. It ate my swap. I had to revert this patch locally and use Maybe we should mark |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/out-of-memory-rebuilding-nixos-unstable/6786/3 |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/my-laptop-froze-mid-upgrade-and-now-im-getting-strange-errors/6781/3 |
marked |
I was wrong. This actually fixes it. I had version of channel on my machine. |
Motivation for this change
Contains fix for CVE-2019-18798 and CVE-2019-18799.
Fixes #54804, #53571, #57155, #58266, #73660.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)