Skip to content

discord: Darwin updates#257496

Merged
Artturin merged 5 commits intoNixOS:masterfrom
Scrumplex:pkgs/discord/darwin-bumps
Sep 27, 2023
Merged

discord: Darwin updates#257496
Artturin merged 5 commits intoNixOS:masterfrom
Scrumplex:pkgs/discord/darwin-bumps

Conversation

@Scrumplex
Copy link
Member

@Scrumplex Scrumplex commented Sep 26, 2023
edited
Loading

Description of changes

  • discord: use hash instead of sha256
  • discord: 0.0.273 -> 0.0.278
  • discord-ptb: 0.0.59 -> 0.0.77
  • discord-canary: 0.0.283 -> 0.0.312
  • discord-development: 0.0.8778 -> 0.0.8795

Potentially fixes CVE-2023-5129/CVE-2023-4863 (See #254798)

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@Scrumplex Scrumplex added backport release-23.05 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. labels Sep 26, 2023
@Scrumplex Scrumplex mentioned this pull request Sep 26, 2023
Closed
90 tasks
@nixos-discourse
Copy link

nixos-discourse commented Sep 26, 2023

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/2688

@delroth
Copy link
Contributor

delroth commented Sep 26, 2023 

$ wget https://dl.discordapp.net/apps/osx/0.0.278/Discord.dmg
$ 7z x Discord.img
$ strings Discord/Discord.app/Contents/Frameworks/Electron\ Framework.framework/Versions/A/Electron\ Framework | grep Electron/
Chrome/108.0.5359.215 Electron/22.3.24

So I think it indeed fixes CVE-2023-5129.

@ofborg ofborg bot added the 6.topic: darwin Running or building packages on Darwin label Sep 26, 2023
@xyzeva
Copy link

xyzeva commented Sep 26, 2023

stable and canary tested on Darwin, and works.

@Artturin
Copy link
Member

Artturin commented Sep 26, 2023
edited
Loading

@devins2518 the person who added darwin support
@siraben who merged darwin support
@shaunsingh who tested darwin support

Someone needs to pick up the darwin package

@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Sep 26, 2023
@Scrumplex Scrumplex added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 27, 2023
@Artturin Artturin merged commit e9054d2 into NixOS:master Sep 27, 2023
@github-actions github-actions bot mentioned this pull request Sep 27, 2023
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Sep 27, 2023

Successfully created backport PR for release-23.05:

@Artturin
Copy link
Member

Artturin commented Oct 2, 2023
edited
Loading

Adding an update script which can be run on linux #258525

@Scrumplex Scrumplex deleted the pkgs/discord/darwin-bumps branch September 29, 2024 08:59
@github-actions
Copy link
Contributor

github-actions bot commented Oct 12, 2024

Backport failed for release-24.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-24.05
git worktree add -d .worktree/backport-257496-to-release-24.05 origin/release-24.05
cd .worktree/backport-257496-to-release-24.05
git switch --create backport-257496-to-release-24.05
git cherry-pick -x b615684e4277397199dbcc0b324b213b6de680e2 0f1de953ff174af5e93aaff8e1733f4b6228a70e 7db11673e68cad001d06805c8212a5ef104622d7 2d9823a00643b20678da5b9fee421142f48d6d1a c64011bbf2cabb4c6ea4ef95bdc03311cfa47d79

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MP2E MP2E Awaiting requested review from MP2E

@Artturin Artturin Awaiting requested review from Artturin

@jopejoe1 jopejoe1 Awaiting requested review from jopejoe1

@Infinidoge Infinidoge Awaiting requested review from Infinidoge

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: darwin Running or building packages on Darwin 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Scrumplex @nixos-discourse @delroth @xyzeva @Artturin