Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flex: 2.6.0 -> 2.6.1 #18909

Closed
wants to merge 1 commit into from
Closed

flex: 2.6.0 -> 2.6.1 #18909

wants to merge 1 commit into from

Conversation

grahamc
Copy link
Member

@grahamc grahamc commented Sep 24, 2016

Motivation for this change

#18856
https://lwn.net/Vulnerabilities/696808/

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • OS X
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@grahamc grahamc added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Sep 24, 2016
@mention-bot
Copy link

@grahamc, thanks for your PR! By analyzing the annotation information on this pull request, we identified @wkennington, @edolstra and @7c6f434c to be potential reviewers

@vcunat
Copy link
Member

vcunat commented Sep 24, 2016
edited
Loading

AFAIK in most packages we don't re-run flex, so it's up to upstream to update those files in tarballs...

vcunat added a commit that referenced this pull request Sep 24, 2016
@vcunat
Merge #18909: flex: 2.6.0 -> 2.6.1
aaa2984 
It contains security fixes.
vcunat added a commit that referenced this pull request Sep 25, 2016
@vcunat
Merge #18909: flex: 2.6.0 -> 2.6.1
052eaed 
It contains security fixes.

(cherry picked from commit aaa2984)
@vcunat
Copy link
Member

vcunat commented Sep 25, 2016

In staging{,-16.09}.

@grahamc grahamc removed the 9.needs: port to stable A PR needs a backport to the stable release. label Sep 25, 2016
@grahamc grahamc closed this Sep 25, 2016
@grahamc grahamc deleted the flex branch September 25, 2016 16:23
@vcunat
Copy link
Member

vcunat commented Sep 27, 2016
edited
Loading

This introduced some problems; I can't see a solution ATM, unfortunately. Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835542 Example: http://hydra.nixos.org/build/41178572/nixlog/1/raw

vcunat added a commit that referenced this pull request Sep 28, 2016
@vcunat
libsepol: temporary fixup after flex security update
3e1afea 
/cc #18909.
vcunat added a commit that referenced this pull request Sep 28, 2016
@vcunat
libsepol: temporary fixup after flex security update
e7ccb0c 
/cc #18909.

(cherry picked from commit 3e1afea)
@grahamc grahamc mentioned this pull request Oct 14, 2016
Closed
adrianpk added a commit to adrianpk/nixpkgs that referenced this pull request May 31, 2024
@adrianpk
Merge NixOS#18909: flex: 2.6.0 -> 2.6.1
cf1cdd4 
It contains security fixes.

(cherry picked from commit aaa2984)
adrianpk added a commit to adrianpk/nixpkgs that referenced this pull request May 31, 2024
@adrianpk
libsepol: temporary fixup after flex security update
a2d5926 
/cc NixOS#18909.

(cherry picked from commit 3e1afea)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: mass-rebuild 1.severity: security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@grahamc @mention-bot @vcunat @bjornfor