Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update nixpkgs (2024-08-26) #1089

Merged
merged 2 commits into from
Aug 29, 2024
Merged

Update nixpkgs (2024-08-26) #1089

merged 2 commits into from
Aug 29, 2024

Conversation

dpausp
Copy link
Member

@dpausp dpausp commented Aug 26, 2024
edited
Loading

Update nixpkgs (2024-08-28)

Pull upstream NixOS changes, security fixes and package updates:

  • asterisk: 20.9.1 -> 20.9.2
  • bash: 5.2p26 -> 5.2p32
  • chromedriver: 127.0.6533.99 -> 128.0.6613.84
  • chromium: 127.0.6533.99 -> 128.0.6613.84
  • curl: fix CVE-2024-6197
  • dovecot: 2.3.21 -> 2.3.21.1 (CVE-2024-23184, CVE-2024-23185)
  • element-web: 1.11.73 -> 1.11.75
  • github-runner: 2.319.0 -> 2.319.1
  • gitlab: 17.1.3 -> 17.2.4
  • go: 1.22.5 -> 1.22.6
  • grafana: 10.4.6 -> 10.4.7 (CVE-2024-6837)
  • k3s: 1.30.2+k3s2 -> 1.30.3+k3s1
  • linux: 5.15.164 -> 5.15.165
  • mastodon: 4.2.10 -> 4.2.12
  • matrix-synapse: 1.112.0 -> 1.113.0
  • mysql80: 8.0.37 -> 8.0.39
  • nginx: 1.26.1 -> 1.26.2
  • openldap: 2.6.7 -> 2.6.8
  • openvpn: 2.6.10 -> 2.6.12
  • postgresql_12: 12.19 -> 12.20 (CVE-2024-7348)
  • postgresql_13: 13.15 -> 13.16
  • postgresql_14: 14.12 -> 14.13
  • postgresql_15: 15.7 -> 15.8
  • postgresql_16: 16.3 -> 16.4
  • webkitgtk: 2.44.2 → 2.44.3
  • wget: add patch for CVE-2024-38428

Fix rich-cli build failure, add to important packages

Building it with updated dependencies (they are pinned to older
versions in the upstream package) works.

PL-132940

@flyingcircusio/release-managers

Release process

Impact:

  • [NixOS 24.05] Machines will reboot after the update to activate the
    changed kernel.

Changelog:

(include PR description)

PR release workflow (internal)

  • PR has internal ticket
  • internal issue ID (PL-…) part of branch name
  • internal issue ID mentioned in PR description text
  • ticket is on Platform agile board
  • ticket state set to Pull request ready
  • if ticket is more urgent than within the next few days, directly contact a member of the Platform team

Design notes

  • Provide a feature toggle if the change might need to be adjusted/reverted quickly depending on context. Consider whether the default should be on or off. Example: rate limiting.
  • All customer-facing features and (NixOS) options need to be discoverable from documentation. Add or update relevant documentation such that hosted and guided customers can understand it as well.

Security implications

@dpausp dpausp force-pushed the PL-132940-update-nixpkgs branch 2 times, most recently from 85998f1 to c2da14e Compare August 29, 2024 08:38
@dpausp
Update nixpkgs (2024-08-28)
0ea54d9 
Pull upstream NixOS changes, security fixes and package updates:

- asterisk: 20.9.1 -> 20.9.2
- bash: 5.2p26 -> 5.2p32
- chromedriver: 127.0.6533.99 -> 128.0.6613.84
- chromium: 127.0.6533.99 -> 128.0.6613.84
- curl: fix CVE-2024-6197
- dovecot: 2.3.21 -> 2.3.21.1 (CVE-2024-23184, CVE-2024-23185)
- element-web: 1.11.73 -> 1.11.75
- github-runner: 2.319.0 -> 2.319.1
- gitlab: 17.1.3 -> 17.2.4
- go: 1.22.5 -> 1.22.6
- grafana: 10.4.6 -> 10.4.7 (CVE-2024-6837)
- k3s: 1.30.2+k3s2 -> 1.30.3+k3s1
- linux: 5.15.164 -> 5.15.165
- mastodon: 4.2.10 -> 4.2.12
- matrix-synapse: 1.112.0 -> 1.113.0
- mysql80: 8.0.37 -> 8.0.39
- nginx: 1.26.1 -> 1.26.2
- openldap: 2.6.7 -> 2.6.8
- openvpn: 2.6.10 -> 2.6.12
- postgresql_12: 12.19 -> 12.20 (CVE-2024-7348)
- postgresql_13: 13.15 -> 13.16
- postgresql_14: 14.12 -> 14.13
- postgresql_15: 15.7 -> 15.8
- postgresql_16: 16.3 -> 16.4
- webkitgtk: 2.44.2 → 2.44.3
- wget: add patch for CVE-2024-38428

PL-132940
@dpausp
Fix rich-cli build failure, add to important packages
6b886b6 
Building it with updated dependencies (they are pinned to older
versions in the upstream package) works.

PL-132940
@dpausp dpausp requested a review from sysvinit August 29, 2024 10:01
@dpausp dpausp marked this pull request as ready for review August 29, 2024 10:01
@osnyx osnyx merged commit 163f360 into fc-24.05-dev Aug 29, 2024
1 check passed
@osnyx osnyx deleted the PL-132940-update-nixpkgs branch August 29, 2024 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@osnyx osnyx osnyx approved these changes

@sysvinit sysvinit Awaiting requested review from sysvinit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dpausp @osnyx