Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

icu4c: fix #20954: icu_54_1 package does not compile #20955

Merged
merged 1 commit into from Dec 7, 2016
Merged

icu4c: fix #20954: icu_54_1 package does not compile #20955

merged 1 commit into from Dec 7, 2016

Conversation

savannidgerinel
Copy link
Contributor

@savannidgerinel savannidgerinel commented Dec 6, 2016
edited

Motivation for this change

icu4c-54.1 doesn't actually need (and cannot accept) the patches that icu4c-57.1 needs. Instead of fixing it, since we know that icu4c-54.1 is vulnerable and tests show that only zoom-us depends on it and that zoom-us seems to work with icu4c-57.1, we simply remove that older version and make zoom-us depend on the newer one.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@savannidgerinel, thanks for your PR! By analyzing the history of the files in this pull request, we identified @k0001, @grahamc and @chris-martin to be potential reviewers.

@joachifm
Copy link
Contributor

joachifm commented Dec 6, 2016

Looks good to me. Whether keeping icu54 building is a good idea is another matter (last I looked it's known to be vulnerable). It's only used by the zoom.us client, however, so it doesn't make too much of a difference.

@savannidgerinel
Copy link
Contributor Author

For what it's worth, I was able to run zoom-us with icu-57.1 and could discern no difference in behaviour vs icu-54.1.

@joachifm
Copy link
Contributor

joachifm commented Dec 6, 2016

Ah, cool, then I suggest removing icu54 instead of fixing it :) If you care to, you could open a second PR, leaving this one open in case somebody disagrees with me.

@grahamc
Copy link
Member

grahamc commented Dec 6, 2016

I'm 👍 on dumping icu_54_1, seeing as it is vulnerable / out of date, and a maintenance burden.

@savannidgerinel
Copy link
Contributor Author

Should I create a different bug for dumping icu_54_1, or keep it in this branch under this particular bug? (Solution for icu_54_1 doesn't build: dump icu_54_1)

@joachifm
Copy link
Contributor

joachifm commented Dec 6, 2016

In the interest of keeping things simple, let's just go ahead and remove icu54. Generally, if there are alternative solutions, separate PRs would make sense. (Note: it's fine to create PRs without having a corresponding issue).

@grahamc
Copy link
Member

grahamc commented Dec 6, 2016 via email

icu: remove icu4c-54.1
705e290 
Only zoom-us depends on icu4c-54.1. Since we know that version has some vulnerabilities, and zoom-us appears to work with icu4c-57.1, I remove the icu/54.1.nix file, remove icu_54_1 from all-packages.nix, and have zoom-us depend on icu (i.e., icu4c-57.1)
@joachifm joachifm merged commit bf574f3 into NixOS:master Dec 7, 2016
@joachifm
Copy link
Contributor

joachifm commented Dec 7, 2016

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
12. first-time contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@savannidgerinel @mention-bot @joachifm @grahamc @Janik-Haag