-
-
Notifications
You must be signed in to change notification settings - Fork 13.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stunnel: 5.64 -> 5.65 #183617
stunnel: 5.64 -> 5.65 #183617
Conversation
sha256 = "sha256-7r5T7RFrpDsueGdisMK5FRHnt0hXrUdlgk5xmeb6+IM="; | ||
# please use the contents of "https://www.stunnel.org/downloads/${name}.tar.gz.sha256", | ||
sha256 = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc"; | ||
# please use the contents of "https://www.stunnel.org/downloads/${pname}-${version}.tar.gz.sha256", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# please use the contents of "https://www.stunnel.org/downloads/${pname}-${version}.tar.gz.sha256", | |
# please use the contents of "https://www.stunnel.org/downloads/stunnel-${version}.tar.gz.sha256", |
sha256 = "sha256-7r5T7RFrpDsueGdisMK5FRHnt0hXrUdlgk5xmeb6+IM="; | ||
# please use the contents of "https://www.stunnel.org/downloads/${name}.tar.gz.sha256", | ||
sha256 = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc"; | ||
# please use the contents of "https://www.stunnel.org/downloads/${pname}-${version}.tar.gz.sha256", | ||
# not the output of `nix-prefetch-url` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI well, yeah but no. If nix-prefetch-url shows a different hash that will not work
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that was the point of this advice? If the server's .sha256 file and nix-prefetch-url produce different results, something has gone wrong and one shouldn't just charge ahead with whatever nix-prefetch-url says, but stop to figure out what the trouble is.
My thought in updating this advice was to follow the name -> pname+version change (46420bb) so that the suggested action was easier to perform by copy/pasting the pname and version lines into a shell to set the variables so then one could copy/paste the advice's URL and have it expand correctly.
I've reverted the change to the advice comment to keep this PR narrowly focused on the version bump that's required to fix the build for non-tarball-cache-users.
Description of changes
From the NEWS file:
Version 5.65, 2022.07.17, urgency: HIGH
The "urgency: HIGH" security fix in this release only affects Microsoft Windows builds, but upstream has pulled down the tarball for 5.64 that contains the (windows-affecting) security problem, which means that this package cannot be fetched & built until this version bump is merged (though most users will still be able to fetch from tarballs.nixos.org)
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usageI'm not sure I have enough RAM for this.
./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notesFYI Maintainer: @thoughtpolice