Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[r19.09] qt512.qtbase: add patch for CVE-2019-18281 #73805

Merged
merged 1 commit into from Nov 28, 2019

Conversation

@xfix
Copy link
Contributor

xfix commented Nov 20, 2019

Motivation for this change

#73680

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @qknight @ttuegel @periklis @bkchr

@xfix xfix requested a review from ttuegel as a code owner Nov 20, 2019
@xfix xfix changed the title qt512.qtbase: add patch for CVE-2019-18281 [r19.09] qt512.qtbase: add patch for CVE-2019-18281 Nov 20, 2019
@d-goldin

This comment has been minimized.

Copy link
Contributor

d-goldin commented Nov 23, 2019

LGTM. But would it maybe make sense to bump the version to 5.12.5 instead? The patch releases should be quite compatible and might fix some other minor issues (we already have that on master b3594de) and for 5.11 this was addressed via bumping the version too (2f5d37b).

@xfix

This comment has been minimized.

Copy link
Contributor Author

xfix commented Nov 23, 2019

Maybe. I have no idea how to bump the version however, and there is less risk of issues when applying the patch.

@d-goldin

This comment has been minimized.

Copy link
Contributor

d-goldin commented Nov 27, 2019

@globin globin merged commit 00c2b2c into NixOS:staging-19.09 Nov 28, 2019
15 checks passed
15 checks passed
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
qt512.qtbase on aarch64-linux Success
Details
qt512.qtbase on x86_64-linux Success
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.