Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark packages as broken: asterisk, cryptopp, redmine, moodle, opera, openstack-neutron, mesos #19040

Merged
merged 7 commits into from
Sep 28, 2016
Merged

Mark packages as broken: asterisk, cryptopp, redmine, moodle, opera, openstack-neutron, mesos #19040

merged 7 commits into from
Sep 28, 2016

Conversation

grahamc
Copy link
Member

@grahamc grahamc commented Sep 28, 2016
edited

Motivation for this change

These are packages that were difficult to upgrade and have outstanding security issues.

See: #18856

Note: if a maintainer fixes the bug, we'd rather not mark them broken :)

Maintainers / Contributors:

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • OS X
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@grahamc, thanks for your PR! By analyzing the annotation information on this pull request, we identified @vcunat, @domenkozar and @auntieNeo to be potential reviewers

@grahamc grahamc added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Sep 28, 2016
@grahamc grahamc changed the title Mark packages as broken: asterisk, cryptopp, redmine, moodle Mark packages as broken: asterisk, cryptopp, redmine, moodle, opera, openstack-neutron, mesos Sep 28, 2016
@vcunat
Copy link
Member

vcunat commented Sep 28, 2016

Unsetting meta.broken will be trivial for anyone who manages to fix a package. Better have them marked than being vulnerable silently.

@kamilchm
Copy link
Member

I'll try to find time to fix mesos.

@kevincox
Copy link
Contributor

I agree. Ship now and fix later. I was planning to update mesos this weekend but I guess that is being handled.

@grahamc grahamc merged commit 9ebc98e into NixOS:master Sep 28, 2016
@grahamc grahamc removed the 9.needs: port to stable A PR needs a backport to the stable release. label Sep 28, 2016
@grahamc grahamc deleted the broken-mast branch September 28, 2016 20:50
@cstrahan
Copy link
Contributor

Here's a PR to update mesos: #19064

Needs some testing (I'm currently building right now).

@artuuge artuuge mentioned this pull request Sep 29, 2016
Merged
7 tasks
fpletz added a commit that referenced this pull request Sep 29, 2016
@fpletz
cryptopp: 5.6.2 -> 5.6.4
eb6a1c9 
Fix CVE-2016-3995. #18856

Remove broken flag. #19040

cc #19009
fpletz added a commit that referenced this pull request Sep 29, 2016
@fpletz
cryptopp: 5.6.2 -> 5.6.4
bf041b3 
Fix CVE-2016-3995. #18856

Remove broken flag. #19040

cc #19009

(cherry picked from commit eb6a1c9)
@cko cko mentioned this pull request Oct 20, 2016
Closed
7 tasks
adrianpk added a commit to adrianpk/nixpkgs that referenced this pull request May 31, 2024
@adrianpk
cryptopp: 5.6.2 -> 5.6.4
d40a3a9 
Fix CVE-2016-3995. NixOS#18856

Remove broken flag. NixOS#19040

cc NixOS#19009

(cherry picked from commit eb6a1c9)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@grahamc @mention-bot @vcunat @kamilchm @kevincox @cstrahan