Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update nixpkgs #812

Merged
merged 4 commits into from
Oct 18, 2023
Merged

Update nixpkgs #812

merged 4 commits into from
Oct 18, 2023

Conversation

dpausp
Copy link
Member

@dpausp dpausp commented Oct 16, 2023
edited
Loading

Pull upstream NixOS changes, security fixes and package updates:

  • clamav: 1.0.1 -> 1.0.3
  • curl: apply patch for CVE-2023-38039
  • curl: apply patch for CVE-2023-38545
  • ghostscript: 10.01.2 -> 10.02.0
  • gitlab-runner: 16.1.0 -> 16.4.0
  • github-runner: 2.309.0 -> 2.310.2
  • go_1_19: 1.19.12 -> 1.19.13
  • imagemagick: 7.1.1-18 -> 7.1.1-19
  • libwebp: 1.3.1 -> 1.3.2 (CVE-2023-4863)
  • linux: 6.1.55 -> 6.1.57
  • nss_latest: 3.93 -> 3.94
  • openssl: 3.0.10 -> 3.0.11 (CVE-2023-4807)
  • percona-xtrabackup_8_0: 8.0.32-26 -> 8.0.34-29
  • python310: 3.10.12 -> 3.10.13 (CVE-2023-40217)
  • python311: 3.11.4 -> 3.11.5 (CVE-2023-40217)
  • redis: 7.0.12 -> 7.0.13 (CVE-2023-41053)
  • xorg.libX11: 1.8.6 -> 1.8.7

Additional changes:

  • gitlab-runner: remove override so we get 16.4.0 instead of 16.1.0.
  • percona-xtrabackup_8_0: remove override to use newer package from upstream
  • Add more important packages: Adds packages like chromium and various libraries which are used by our
    internal tooling but are also of general interest.

PL-131842

@flyingcircusio/release-managers

Release process

Impact:

  • [NixOS 23.05] VMs will reboot after the update.

Changelog:

  • Pull upstream NixOS changes, security fixes and package updates (PL-131842):
    (include changes from above)

Security Implications

  • Security requirements defined? (WHERE)
    • pull in upstream security fixes regularly
  • Security requirements tested? (EVIDENCE)
    • automated tests still run, works on various test VM, checked that gitlab-runner on staging Gitlab works properly
    • checked commit log for fixed CVEs and possible problems with updates

dpausp added 4 commits October 18, 2023 10:32
@dpausp
gitlab-runner: remove override so we get 16.4.0 instead of 16.1.0.
aeda79b 
PL-131842
@dpausp
Update nixpkgs
f882d4a 
Pull upstream NixOS changes, security fixes and package updates:

- clamav: 1.0.1 -> 1.0.3
- curl: apply patch for CVE-2023-38039
- curl: apply patch for CVE-2023-38545
- ghostscript: 10.01.2 -> 10.02.0
- github-runner: 2.309.0 -> 2.310.2
- go_1_19: 1.19.12 -> 1.19.13
- imagemagick: 7.1.1-18 -> 7.1.1-19
- libwebp: 1.3.1 -> 1.3.2 (CVE-2023-4863)
- nss_latest: 3.93 -> 3.94
- openssl: 3.0.10 -> 3.0.11 (CVE-2023-4807)
- python310: 3.10.12 -> 3.10.13 (CVE-2023-40217)
- python311: 3.11.4 -> 3.11.5 (CVE-2023-40217)
- redis: 7.0.12 -> 7.0.13 (CVE-2023-41053)
- xorg.libX11: 1.8.6 -> 1.8.7

PL-131842
@dpausp
percona-xtrabackup_8_0: use newer package from upstream
bc2394a 
- percona-xtrabackup_8_0: 8.0.32-26 -> 8.0.34-29

PL-131842
@dpausp
Add more important packages
3704bfa 
Adds packages like chromium and various libraries which are used by our
internal tooling but are also of general interest.

PL-131842
@dpausp dpausp force-pushed the PL-131842-update-nixpkgs branch from 653f0ce to 3704bfa Compare October 18, 2023 08:45
@dpausp dpausp requested a review from osnyx October 18, 2023 14:12
@dpausp dpausp marked this pull request as ready for review October 18, 2023 14:13
osnyx
osnyx approved these changes Oct 18, 2023
View reviewed changes
Copy link
Member

@osnyx osnyx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

This could be an opportunity to add some further important packages from https://github.com/flyingcircusio/fc-nixos/pull/810/files#diff-d38943e0f8cb4837f3247f265b42d1f03996bf06f5f0938be8878e669f024b2b

@dpausp
Copy link
Member Author

dpausp commented Oct 18, 2023

LGTM.

This could be an opportunity to add some further important packages from https://github.com/flyingcircusio/fc-nixos/pull/810/files#diff-d38943e0f8cb4837f3247f265b42d1f03996bf06f5f0938be8878e669f024b2b

yes, they are included.

@dpausp dpausp merged commit 7d30be6 into fc-23.05-dev Oct 18, 2023
1 check passed
@dpausp dpausp deleted the PL-131842-update-nixpkgs branch October 18, 2023 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@osnyx osnyx osnyx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dpausp @osnyx