Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport release-23.05] openssh: 9.3p2 -> 9.6p1 #275587

Merged
merged 3 commits into from
Jan 3, 2024
Merged

[Backport release-23.05] openssh: 9.3p2 -> 9.6p1 #275587

merged 3 commits into from
Jan 3, 2024

Conversation

leona-ya
Copy link
Member

@leona-ya leona-ya commented Dec 20, 2023
edited

Description of changes

https://www.openssh.com/txt/release-9.6

unstable bump: #275249

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 馃憤 reaction to pull requests you find important.

kloenk
kloenk approved these changes Dec 20, 2023
View reviewed changes
Copy link
Member

@kloenk kloenk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

build on aarch64-darwin and aarch64-linux

@ofborg ofborg bot requested a review from dasJ December 20, 2023 15:59
@fpletz
Copy link
Member

fpletz commented Dec 20, 2023

Any particular reason why you didn't cherry-pick -x the individual commits like we normally do for backporting? See https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#manually-backporting-changes.

@leona-ya
Copy link
Member Author

It seems wrong to do this, as it is a different upgrade (meaning: 9.3p2 -> 9.6p1 instead of 9.5p2 -> 9.6p1). But I can also cherry-pick, if I'm wrong

@risicle
Copy link
Contributor

risicle commented Dec 23, 2023

Normally we would cherry-pick all the intermediate bumps from the unstable branch.

dasJ and others added 3 commits December 24, 2023 09:48
@dasJ @leona-ya
openssh: 9.3p2 -> 9.4p1
72a3ad0 
(cherry picked from commit df8ba79)
@dasJ @leona-ya
openssh: 9.4p1 -> 9.5p1
fac0ce3 
(cherry picked from commit 2d99e37)
@SuperSandro2000 @leona-ya
openssh: 9.5p1 -> 9.6p1
77fc014 
(cherry picked from commit 7d56522)
@leona-ya
Copy link
Member Author

Normally we would cherry-pick all the intermediate bumps from the unstable branch.

Okay, done that now

risicle
risicle approved these changes Dec 25, 2023
View reviewed changes
Copy link
Contributor

@risicle risicle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nixpkgs-review reveals no new failures, macos 12 x86_64, nixos x86_64. passthru.tests pass. pkgsMusl, pkgsCross.aarch64-multiplatform, pkgsi686Linux variants build.

Normally I'd probably argue we should be patching this instead because a 9.3 -> 9.6 jump is pretty big, but in this case I think we'd have trouble getting the patch ready before 23.05 goes EOL 馃し

@wegank
Copy link
Member

wegank commented Jan 3, 2024

Closing since NixOS 23.05 is EOL.

@wegank wegank closed this Jan 3, 2024
@pvgoran
Copy link
Contributor

pvgoran commented Jan 3, 2024

Closing since NixOS 23.05 is EOL.

Great, now 23.05 users are left without an (arguably) important security update. Even though it was ready for merge almost a week before EOL.

@risicle risicle reopened this Jan 3, 2024
@risicle risicle merged commit 70bdade into NixOS:release-23.05 Jan 3, 2024
24 of 26 checks passed
@leona-ya leona-ya deleted the leona/23.05-openssh-9.6p1 branch January 3, 2024 14:27
@pvgoran
Copy link
Contributor

pvgoran commented Jan 3, 2024

Much appreciated!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@risicle risicle risicle approved these changes

@kloenk kloenk kloenk approved these changes

@dasJ dasJ Awaiting requested review from dasJ

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 101-500 10.rebuild-linux: 101-500 12.approvals: 2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@leona-ya @fpletz @risicle @wegank @pvgoran @kloenk @delroth @dasJ @SuperSandro2000