Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vim: 9.1.0707 -> 9.1.0765 #347158

Merged
merged 1 commit into from
Oct 8, 2024
Merged

vim: 9.1.0707 -> 9.1.0765 #347158

merged 1 commit into from
Oct 8, 2024

Conversation

LeSuisse
Copy link
Contributor

@LeSuisse LeSuisse commented Oct 7, 2024

Fixes CVE-2024-47814 / GHSA-rj48-v4mq-j4vg.

Changes:
vim/vim@v9.1.0707...v9.1.0765

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-24.05 Backport PR automatically labels Oct 7, 2024
@LeSuisse LeSuisse added backport staging-24.05 Backport PR automatically and removed backport release-24.05 Backport PR automatically labels Oct 7, 2024
@ofborg ofborg bot requested review from equirosa, philiptaron and dasJ October 7, 2024 20:31
@philiptaron
Copy link
Contributor

@emilazy, I thought we fixed the everything-depend-on-vim problem with #335277. I guess there's more wood to chop.

@LeSuisse
Copy link
Contributor Author

LeSuisse commented Oct 7, 2024

Yup I thought that too 😅

Rebasing on staging.

@LeSuisse LeSuisse marked this pull request as draft October 7, 2024 20:43
@LeSuisse LeSuisse marked this pull request as ready for review October 7, 2024 20:45
@emilazy
Copy link
Member

emilazy commented Oct 7, 2024
edited
Loading

What was the ofborg rebuilds list before the force push?

Edit: I guess we’ll see the same list now anyway, so no worries.

@philiptaron
Copy link
Contributor

... it's full of vimPlugins.

https://gist.github.com/GrahamcOfBorg/905b1d3e525c759363eaeb4b026df9e6

@philiptaron
Copy link
Contributor

Basically, I think we could merge this against master and it'd be fine.

@emilazy
Copy link
Member

emilazy commented Oct 7, 2024

As @vcunat often says, Hydra’s bottlenecks are not what you expect: it’s not building large derivations that is necessarily the problem, but rather the job count, because of stuff around scheduling and compressing and uploading outputs that I don’t fully understand myself. I don’t know whether or not this would pass the threshold for being too much.

@vcunat
Copy link
Member

vcunat commented Oct 8, 2024

The CVE doesn't seem urgent, but it's just the plugins. What about staging-next as a compromise?

@vcunat vcunat changed the base branch from master to staging-next October 8, 2024 07:36
@vcunat vcunat merged commit 273673e into NixOS:staging-next Oct 8, 2024
28 of 29 checks passed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 8, 2024

Successfully created backport PR for staging-24.05:

@github-actions github-actions bot mentioned this pull request Oct 8, 2024
Merged
1 task
@vcunat
Copy link
Member

vcunat commented Oct 8, 2024

Yes, I believe so. It should get into master in just a few days, and we still save infra time by not doubling the rebuilds (master + staging-next) + maybe some plugins for darwin haven't even built for staging-next yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@equirosa equirosa Awaiting requested review from equirosa

@philiptaron philiptaron Awaiting requested review from philiptaron

@dasJ dasJ Awaiting requested review from dasJ

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: vim 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 1001-2500 backport staging-24.05 Backport PR automatically
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@LeSuisse @philiptaron @emilazy @vcunat