Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vim: 9.1.0707 -> 9.1.0765 #347158

Merged
merged 1 commit into from
Oct 8, 2024
Merged

vim: 9.1.0707 -> 9.1.0765 #347158

merged 1 commit into from
Oct 8, 2024

Conversation

LeSuisse
Copy link
Contributor

@LeSuisse LeSuisse commented Oct 7, 2024

Fixes CVE-2024-47814 / GHSA-rj48-v4mq-j4vg.

Changes:
vim/vim@v9.1.0707...v9.1.0765

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@philiptaron
Copy link
Contributor

@emilazy, I thought we fixed the everything-depend-on-vim problem with #335277. I guess there's more wood to chop.

@LeSuisse
Copy link
Contributor Author

LeSuisse commented Oct 7, 2024

Yup I thought that too 😅

Rebasing on staging.

@LeSuisse LeSuisse marked this pull request as draft October 7, 2024 20:43
@LeSuisse LeSuisse marked this pull request as ready for review October 7, 2024 20:45
@emilazy
Copy link
Member

emilazy commented Oct 7, 2024

What was the ofborg rebuilds list before the force push?

Edit: I guess we’ll see the same list now anyway, so no worries.

@philiptaron
Copy link
Contributor

@philiptaron
Copy link
Contributor

Basically, I think we could merge this against master and it'd be fine.

@emilazy
Copy link
Member

emilazy commented Oct 7, 2024

As @vcunat often says, Hydra’s bottlenecks are not what you expect: it’s not building large derivations that is necessarily the problem, but rather the job count, because of stuff around scheduling and compressing and uploading outputs that I don’t fully understand myself. I don’t know whether or not this would pass the threshold for being too much.

@vcunat
Copy link
Member

vcunat commented Oct 8, 2024

The CVE doesn't seem urgent, but it's just the plugins. What about staging-next as a compromise?

@vcunat vcunat changed the base branch from master to staging-next October 8, 2024 07:36
@vcunat vcunat merged commit 273673e into NixOS:staging-next Oct 8, 2024
28 of 29 checks passed
Copy link
Contributor

github-actions bot commented Oct 8, 2024

Successfully created backport PR for staging-24.05:

@vcunat
Copy link
Member

vcunat commented Oct 8, 2024

Yes, I believe so. It should get into master in just a few days, and we still save infra time by not doubling the rebuilds (master + staging-next) + maybe some plugins for darwin haven't even built for staging-next yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants