Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sqlite: 3.30.1 -> 3.31.0 (security) #78320

Merged
merged 1 commit into from Feb 11, 2020
Merged

Conversation

wamserma
Copy link
Member

@wamserma wamserma commented Jan 22, 2020

Motivation for this change

Related to #77944
Related to #77271
Related to #76033
Related to #76032

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@alyssais
Copy link
Member

Needs to go to staging.

@wamserma
Copy link
Member Author

Yes. this triggers a mass rebuild, but it also target some severe CVEs.

@alyssais
Copy link
Member

Still needs to go to staging, I think. Otherwise all of master is blocked for a while, and if there was some critical fix to some other thing that didn’t cause so many rebuilds, it wouldn’t be able to get through as quickly as it should be able to because of all the SQLite rebuilds.

@wamserma
Copy link
Member Author

Still needs to go to staging, I think. Otherwise all of master is blocked for a while, and if there was some critical fix to some other thing that didn’t cause so many rebuilds, it wouldn’t be able to get through as quickly as it should be able to because of all the SQLite rebuilds.

Ok, will rebase and update the PR.

@nh2
Copy link
Contributor

nh2 commented Jan 22, 2020

I am still very confused by the fact that the changelog mentiones none of the fixes, though the NVD links to Github commits clearly show that commits were made and are in the 3.31.0 release.

Are these CVEs not release note worthy?

@jonringer
Copy link
Contributor

@GrahamcOfBorg test grafana matrix-synapse

@nh2
Copy link
Contributor

nh2 commented Jan 26, 2020

The tests timed out/failed because dependencies apparently don't currently build on staging.

@FRidh FRidh added this to WIP in Staging via automation Jan 29, 2020
@FRidh FRidh moved this from WIP to Needs review in Staging Jan 29, 2020
@FRidh
Copy link
Member

FRidh commented Feb 11, 2020

@disassembler @worldofpeace we may want this in 20.03, but there are always some regressions when updating sqlite.

@FRidh FRidh added this to the 20.03 milestone Feb 11, 2020
@FRidh FRidh merged commit 4959c97 into NixOS:staging Feb 11, 2020
Staging automation moved this from Needs review to Done Feb 11, 2020
@wamserma wamserma deleted the sqlite-3.31.0 branch February 11, 2020 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Staging
  
Done
Development

Successfully merging this pull request may close these issues.

None yet

6 participants