Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[19.09] aspell: 0.60.6.1 -> 0.60.8 #79772

Merged
merged 1 commit into from
Apr 15, 2020
Merged

[19.09] aspell: 0.60.6.1 -> 0.60.8 #79772

merged 1 commit into from
Apr 15, 2020

Conversation

wamserma
Copy link
Member

Motivation for this change

See http://aspell.net/aspell-0.60.8.txt for release information.
(#71242)

The fix for CVE-2019-20433 may break compatibility for some
applications, hence a version bump instead of adding a patch.

Also: backport of 648678f

Fixes #79719
Fixes #73616

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@lsix @wamserma
aspell: 0.60.6.1 -> 0.60.8
24ad802 
See http://aspell.net/aspell-0.60.8.txt for release information.
(NixOS#71242)

The fix for CVE-2019-20433 may break compatibility for some
applications, hence a version bump instead of adding a patch.

Also: backport of 648678f
@wamserma wamserma changed the base branch from master to release-19.09 February 10, 2020 22:40
@veprbl veprbl changed the title aspell: 0.60.6.1 -> 0.60.8 (security, backport) [19.09] aspell: 0.60.6.1 -> 0.60.8 Feb 10, 2020
@ofborg ofborg bot added 10.rebuild-darwin: 101-500 10.rebuild-linux: 101-500 and removed 6.topic: golang 6.topic: haskell 6.topic: lua 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: pantheon The Pantheon desktop environment 6.topic: policy discussion 6.topic: printing 6.topic: python 6.topic: qt/kde 6.topic: ruby 6.topic: rust 6.topic: stdenv Standard environment 6.topic: steam Steam game store/launcher (store.steampowered.com) 6.topic: vim 6.topic: xfce The Xfce Desktop Environment 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 2.status: merge conflict This PR has merge conflicts with the target branch labels Feb 10, 2020
@wamserma wamserma requested review from vcunat and risicle and removed request for vcunat February 11, 2020 09:35
@risicle
Copy link
Contributor

risicle commented Feb 12, 2020

Seems sensible and WFM on non-nixos linux x86_64 (obviously not done a full rebuild though)

@wamserma
Copy link
Member Author

@risicle any chance of getting this merged? 19.09 is not EOL yet

@risicle
Copy link
Contributor

risicle commented Apr 15, 2020

@GrahamcOfBorg build aspell abiword

@risicle
Copy link
Contributor

risicle commented Apr 15, 2020

@GrahamcOfBorg eval

@risicle risicle merged commit b67bc34 into NixOS:release-19.09 Apr 15, 2020
@wamserma wamserma deleted the fix-aspell-CVEs-backport branch April 15, 2020 23:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@risicle risicle Awaiting requested review from risicle

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 101-500 10.rebuild-linux: 101-500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability roundup 83: aspell-0.60.6.1: 1 advisory Vulnerability roundup 77: aspell-0.60.6.1: 1 advisory
4 participants
@wamserma @risicle @veprbl @lsix