Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apacheHttpd: 2.4.37 -> 2.4.38 #55925

Closed
wants to merge 1 commit into from
Closed

apacheHttpd: 2.4.37 -> 2.4.38 #55925

wants to merge 1 commit into from

Conversation

aanderse
Copy link
Member

@aanderse aanderse commented Feb 17, 2019
edited

Motivation for this change

Version bump. I also notice that apacheHttpd hasn't been bumped in 18.09 for a while. Any reason?

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@aanderse
Copy link
Member Author

@GrahamcOfBorg test proxy

@aanderse
Copy link
Member Author

I'll also note that there are 3 CVE security items mentioned, 2 of which likely apply to us:

https://www-us.apache.org/dist/httpd/CHANGES_2.4

If there is no specific reason against I would suggest be backport this to 18.09.

@aanderse
Copy link
Member Author

@peti I just noticed this was merged into staging 21 data ago #54862 but not master. Is apache supposed to go into staging before master? What is the workflow for apache so I don't make this mistake again?

My question regarding backport to 18.09 still stands... do you know why 18.09 hasn't received apache updates in a while?

Thanks!

@aanderse aanderse closed this Feb 19, 2019
@aanderse aanderse deleted the apacheHttpd branch February 19, 2019 01:09
@aanderse aanderse mentioned this pull request Feb 26, 2019
Closed
10 tasks
@peti
Copy link
Member

peti commented Feb 26, 2019

I just noticed this was merged into staging 21 data ago #54862 but not master. Is apache supposed to go into staging before master?

No, I wouldn't do it that way. I'd merge directly to master.

My question regarding backport to 18.09 still stands... do you know why 18.09 hasn't received apache updates in a while?

We don't update the stable branch unless the new version is backwards-compatible with a high degree of certainty. We don't want to break anyone's installation.

@aanderse
Copy link
Member Author

I just noticed this was merged into staging 21 data ago #54862 but not master. Is apache supposed to go into staging before master?

No, I wouldn't do it that way. I'd merge directly to master.

My question regarding backport to 18.09 still stands... do you know why 18.09 hasn't received apache updates in a while?

We don't update the stable branch unless the new version is backwards-compatible with a high degree of certainty. We don't want to break anyone's installation.

@peti thanks for clarification! Apache minor version updates are supposed to be backwards-compatible. Have issues happened in the past which makes you think a minor version update in apache will cause breakage? This seems especially worth while to push into 18.09 because of the 2 CVEs which potentially impact us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peti peti Awaiting requested review from peti

@lovek323 lovek323 Awaiting requested review from lovek323

Assignees
No one assigned
Labels
10.rebuild-darwin: 11-100 10.rebuild-linux: 101-500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@aanderse @peti @GrahamcOfBorg