Backport all flutter & flutter package changes to 23.05#257166
Merged
mkg20001 merged 31 commits intoNixOS:release-23.05from Sep 25, 2023
Merged
Backport all flutter & flutter package changes to 23.05#257166mkg20001 merged 31 commits intoNixOS:release-23.05from
mkg20001 merged 31 commits intoNixOS:release-23.05from
Conversation
mkg20001
changed the title
(cherry picked from commit b1efbff)
(cherry picked from commit dcf789f)
flutter-unwrapped will now not come with engine artifacts in its cache directory(`$out/bin/cache`). To specify a different cache directory, set FLUTTER_CACHE_DIR. Flutter's wrapper now sets FLUTTER_CACHE_DIR to set engine artifacts. The sh file `$out/bin/internal/shared.sh` runs when launching Flutter and calls `"$FLUTTER_ROOT/bin/cache/` instead of our environment variable `FLUTTER_CACHE_DIR`. I decided not to patch it since the script doesn't require engine artifacts(which are the only thing not added by the unwrapped derivation), so it shouldn't fail, and patching it will just be harder to maintain. (cherry picked from commit 570f3ef)
ofborg
bot
added
11.by: package-maintainer
Signed-off-by: Sunghoon Kang <[email protected]> (cherry picked from commit 7770274)
Signed-off-by: Sunghoon Kang <[email protected]> (cherry picked from commit 8cb8349)
Signed-off-by: Sunghoon Kang <[email protected]> (cherry picked from commit 77618bd)
Signed-off-by: Sunghoon Kang <[email protected]> (cherry picked from commit 37a10c3)
The flutter team has also started doing this, but only for new artifacts. This way, we also do it for older artifacts. (cherry picked from commit c34385b)
…0a6fd5db59314 Using fetchurl like this means that, if you build the `flutter` derivation first, you will get a file named "LICENSE" in your store with the correct hash. `flutter37` will then build because this file is already in your store, even though the LICENSE to which _it_ refers is different. This is dangerous in this case - but an intentional design decision in the way fetchurl works to allow artifacts which are the same to be fetched from arbitrary sources, or even pre-populated into the store. To avoid this, explicitly tag the fetchurl with a name and the commit hash we're fetching from. This means we _must_ fetch these separately for each flutter version and avoids the problem of accidentally reusing artifacts for a different build. (cherry picked from commit 19cd58a)
flutter: Update remaining engine artifact hashes for v3.13.0 Co-Authored-By: hacker1024 <[email protected]> (cherry picked from commit 40e8205)
(cherry picked from commit 41bbc2c)
(cherry picked from commit c511f60)
(cherry picked from commit 64b86c1)
(cherry picked from commit 0df5c9a)
Flutter's Linux desktop embedding uses GTK. wrapGAppsHook should be used. (cherry picked from commit 84347c2)
(cherry picked from commit bc95815)
… to Flutter 3.13.0 (cherry picked from commit d5ef1bc)
(cherry picked from commit 3a034cb)
(cherry picked from commit 91f441c)
(cherry picked from commit 895889f)
mkg20001
force-pushed
the
flutterupgrade
branch
from
e0293d5 to
cc6ca82
Compare
mkg20001
changed the title
Member
Author
|
Result of 16 packages built:
|
mkg20001
force-pushed
the
flutterupgrade
branch
from
4541a11 to
cad648f
Compare
mkg20001
force-pushed
the
flutterupgrade
branch
from
cad648f to
c57ff84
Compare
ofborg
bot
requested review from
FlafyDev,
babariviere,
ericdallo,
hacker1024 and
lukegb
ofborg
bot
added
10.rebuild-darwin: 1-10
Member
|
Don't we have to mark old flutters as insecure anyways (or try to patch them?) |
Member
Author
|
Propably. I'd go for just marking them insecure. |
Member
|
We should still check if the patch is easy to apply (it should probably still be marked as insecure until) |
mkg20001
force-pushed
the
flutterupgrade
branch
from
7e2ad2c to
9f15ef0
Compare
Member
Author
|
I don't know if it's worth the effort, considering there might be other security issues aswell. |
90 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of changes
This PR upgrades fluffychat and flutter to migtate CVE-2023-4863
Note that this requires pulling in all flutter upgrades and subsequently all package updates, since they depend on those.
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)