Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.09] connman: 1.38 -> 1.39 #112931

Merged
merged 1 commit into from Feb 16, 2021
Merged

[20.09] connman: 1.38 -> 1.39 #112931

merged 1 commit into from Feb 16, 2021

Conversation

stefano-m
Copy link
Contributor

@stefano-m stefano-m commented Feb 12, 2021
edited

Motivation for this change

Backporting connman 1.39 because it contains important security fixes for
CVE-2021-26675 and CVE-2021-26676 which can be used to trigger a
remote (adjacent network) code execution.

Closes #112420

(cherry picked from commit 0122f51)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot requested a review from matejc February 12, 2021 18:33
sternenseemann
sternenseemann approved these changes Feb 12, 2021
View reviewed changes
Copy link
Member

@sternenseemann sternenseemann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, builds fine on x86_64-linux.

@sternenseemann
Copy link
Member

Reverse dependencies like connman-gtk don't need to be updated, do they?

@stefano-m
Copy link
Contributor Author

Reverse dependencies like connman-gtk don't need to be updated, do they?

I don't think so because the take the connman derivation as input, so they will be rebuilt with the correct version.

@dotlambda
Copy link
Member

You should use git cherry-pick -x: https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#backporting-changes

@r-ryantm @stefano-m
[20.09] connman: 1.38 -> 1.39
c091b80 
Backporting connman 1.39 because it contains important security fixes for
CVE-2021-26675 and CVE-2021-26676 which can be used to trigger a
remote (adjacent network) code execution.

Closes NixOS#112420

(cherry picked from commit 0122f51)
@stefano-m
Copy link
Contributor Author

Updated both commit and PR with

(cherry picked from commit 0122f51)

@dotlambda dotlambda merged commit d2fa871 into NixOS:release-20.09 Feb 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sternenseemann sternenseemann sternenseemann approved these changes

@matejc matejc Awaiting requested review from matejc

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@stefano-m @sternenseemann @dotlambda @r-ryantm