Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wordpress: 5.4.2 -> 5.5.1 #98302

Merged
merged 1 commit into from Oct 1, 2020
Merged

wordpress: 5.4.2 -> 5.5.1 #98302

merged 1 commit into from Oct 1, 2020

Conversation

@ajs124
Copy link
Member

@ajs124 ajs124 commented Sep 19, 2020

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
@aanderse
Copy link
Member

@aanderse aanderse commented Sep 30, 2020

This package badly needs a maintainer. @basvandijk does not maintain anymore, so it is effectively orphaned.

If someone doesn't step up during the 20.09 release cycle we might be best to remove before 21.09...

Any volunteers? 😆

@ajs124
Copy link
Member Author

@ajs124 ajs124 commented Sep 30, 2020

@dasJ how about it?

@mohe2015
Copy link
Contributor

@mohe2015 mohe2015 commented Oct 1, 2020

@aanderse I started working on Wordpress in #96910 but I'm still pretty new to NixOS. So I would probably be fine to be a maintainer but I can't guarantee that this will improve the current situation. I will probably update my PR tomorrow btw. Also what are your issues with the wordpress package currently?

@aanderse
Copy link
Member

@aanderse aanderse commented Oct 1, 2020

@mohe2015 the issue is just having someone stay on top of security updates/releases from upstream, making sure to backport when appropriate. Without an active maintainer it feels irresponsible to ship web based software with known CVEs. It isn't a huge job or anything... we just need one or more people to step up and be willing to create/review/test the PRs. If you're interested that is great.

Copy link
Member

@aanderse aanderse left a comment

Thanks @ajs124 🎉 Does this need a backport to 20.09 and 20.03? Any security vulnerabilities patched here?

@aanderse aanderse merged commit b7520a3 into NixOS:master Oct 1, 2020
19 checks passed
@ajs124 ajs124 deleted the upd/wordpress branch Oct 1, 2020
@ajs124
Copy link
Member Author

@ajs124 ajs124 commented Oct 1, 2020

I can add myself as a maintainer, we run probably a dozen or so WordPress instances on NixOS. We don't use the module etc from nixpkgs though, as far as I remember.

@mohe2015
Copy link
Contributor

@mohe2015 mohe2015 commented Oct 2, 2020

@ajs124 "The only current officially supported version is WordPress 5.5.1. Previous major releases before this may or may not get security updates as serious exploits are discovered." https://codex.wordpress.org/Supported_Versions
This needs a backport.

@aanderse
Copy link
Member

@aanderse aanderse commented Oct 3, 2020

Thanks for mentioning @mohe2015. If someone could open backport PRs it would be much appreciated.

@ajs124
Copy link
Member Author

@ajs124 ajs124 commented Oct 3, 2020

I opened a backport to 20.09 in #99388, 20.03 is on 5.4.3, which was never on master. We could still backport, but there aren't any CVEs (I think), just a general policy of "we probably closed some security issues".

@mohe2015
Copy link
Contributor

@mohe2015 mohe2015 commented Oct 3, 2020

I agree but for safety I would personally prefer a backport also for 20.03. (I can do it if you don't want to @ajs124 )

@mohe2015 mohe2015 mentioned this pull request Oct 6, 2020
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants