Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cfitsio: 3.430 -> 3.450 #61242

Merged
merged 2 commits into from May 12, 2019
Merged

cfitsio: 3.430 -> 3.450 #61242

merged 2 commits into from May 12, 2019

Conversation

xbreak
Copy link
Contributor

@xbreak xbreak commented May 10, 2019
edited

Motivation for this change
  • Update cfits version from 3.430 to 3.450. Please also note that this update contains security fixes made in 3.440 (ChangeLog).
  • Switch src.url to use https (HEASARC will disable FTP as of September 2019, https://heasarc.gsfc.nasa.gov/docs/FTPWarning.html).
  • Added optional bzip2 support in derivation (enabled by default as suggested by @c0bw3b).
Changes from Review
  • This also includes a fixup of the cfitsio.pc file to point to the store path of the bzip2 libraries. Not needed if bzip2.out is used instead.
  • Enabled bzip2 support by default.
  • Minor cleanup.
  • Added myself as maintainer.
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions (CentOS 7.4)
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • *Tested compilation of all pkgs that depend on this change manually
  • Tested compilation with bzip support enabled and manually inspected libraries and pc-file.
  • **Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

* I had to manually build some packages due to error cloning builder process (I'm running single user on CentOS without sandboxing).
** Tested to load fits files with giv

Built ok:

  • cfitsio
  • gimpPlugins.ufraw
  • ufraw
  • indilib
  • gildas
  • gimp-with-plugins
  • giv

tomberek
tomberek approved these changes May 12, 2019
View reviewed changes
Copy link
Contributor

@tomberek tomberek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on Ubuntu.

@c0bw3b
Copy link
Contributor

c0bw3b commented May 12, 2019

Hello @xbreak and welcome around here :)

** There's no maintainer, can I add one?

Yes, definitely! You can add yourself to the maintainer list if you wish to maintain this package.
This should be done in a separate commit. See PR 61137 for a recent example.

c0bw3b
c0bw3b reviewed May 12, 2019
View reviewed changes
Copy link
Contributor

@c0bw3b c0bw3b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also clarify the license in meta? This is MIT so

  license = licenses.mit;

and the comment about BSD-style licensing can be removed

pkgs/development/libraries/cfitsio/default.nix Show resolved Hide resolved
pkgs/development/libraries/cfitsio/default.nix Outdated Show resolved Hide resolved
pkgs/development/libraries/cfitsio/default.nix Outdated Show resolved Hide resolved
@xbreak
cfitsio: 3.430 -> 3.450
152b1e4 
The derivation is also updated to optionally build cfitsio with bzip2
support (enabled by default).
@xbreak
maintainers: add xbreak
6f07c3f
@xbreak
Copy link
Contributor Author

xbreak commented May 12, 2019

@c0bw3b: Thanks for the review. I've updated the PR with the requested changes. Apart from your comments I also changed the url to use https since HEASARC are phasing out unencrypted FTP access.

@c0bw3b
Copy link
Contributor

c0bw3b commented May 12, 2019

Perfect. Thanks for your contribution.

@c0bw3b c0bw3b merged commit 2c86b2c into NixOS:master May 12, 2019
@c0bw3b
Copy link
Contributor

c0bw3b commented May 12, 2019

Forgot to mention: wrt security fixes, the grave public vulnerabilities (4 CVE published) were already fixed in v3.43 that we ship in release 19.03

Now 3.44 may have cleaned up some more codebase but it's undocumented what was fixed exactly and there is no CVE. So exploitability is very close to null.
For this reason I think a backport to stable is not warranted here.

@xbreak xbreak deleted the update/cfitsio-3450 branch May 12, 2019 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomberek tomberek tomberek approved these changes

@c0bw3b c0bw3b c0bw3b approved these changes

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 11.by: package-maintainer 12. first-time contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@xbreak @c0bw3b @tomberek @Janik-Haag