Skip to content

[Backport release-24.11] rsync: apply patches for 6 vulnerabilities#373811

Merged
LeSuisse merged 1 commit intorelease-24.11from
backport-373784-to-staging-24.11
Jan 14, 2025
Merged

[Backport release-24.11] rsync: apply patches for 6 vulnerabilities#373811
LeSuisse merged 1 commit intorelease-24.11from
backport-373784-to-staging-24.11

Conversation

@nixpkgs-ci
Copy link
Contributor

@nixpkgs-ci nixpkgs-ci bot commented Jan 14, 2025
edited by LeSuisse
Loading

Bot-based backport to staging-24.11, triggered by a label in #373784.

  • Before merging, ensure that this backport is acceptable for the release.
    • Even as a non-commiter, if you find that it is not acceptable, leave a comment.

@nixpkgs-ci nixpkgs-ci bot added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Jan 14, 2025
@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Jan 14, 2025
Merged
13 tasks
@github-actions github-actions bot added 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jan 14, 2025
@nix-owners nix-owners bot requested review from a user and ivan January 14, 2025 19:10
@LeSuisse
Copy link
Member

LeSuisse commented Jan 14, 2025

Build on Linux x86_64 and aarch64, quick tests show no issue.

@vcunat
Copy link
Member

vcunat commented Jan 14, 2025

I don't know how severe the fixes are, but the rebuild amount doesn't look particularly high to me:

    481 x86_64-darwin
   4394 x86_64-linux

@LeSuisse
Copy link
Member

LeSuisse commented Jan 14, 2025

I don't know how severe the fixes are, but the rebuild amount doesn't look particularly high to me: [...]

It's pretty bad if either the client or server is not trusted.

I can move the target to release-24.11 like we did on master if you think it is acceptable/possible.

@vcunat
Copy link
Member

vcunat commented Jan 14, 2025

I believe it is. nixpkgs:trunk is half-rebuilt already.

@vcunat
Copy link
Member

vcunat commented Jan 14, 2025

Ah, lots of transient failures. But anyway...

@LeSuisse LeSuisse force-pushed the backport-373784-to-staging-24.11 branch from f735243 to 095a971 Compare January 14, 2025 20:48
@LeSuisse LeSuisse changed the base branch from staging-24.11 to release-24.11 January 14, 2025 20:48
@LeSuisse LeSuisse changed the title [Backport staging-24.11] rsync: apply patches for 6 vulnerabilities [Backport release-24.11] rsync: apply patches for 6 vulnerabilities Jan 14, 2025
@LeSuisse
Copy link
Member

LeSuisse commented Jan 14, 2025

Done, thanks!

LeSuisse
LeSuisse approved these changes Jan 14, 2025
View reviewed changes
Copy link
Member

@LeSuisse LeSuisse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated backport and my smoke tests of the affected features look fine.

@LeSuisse LeSuisse merged commit 80361d5 into release-24.11 Jan 14, 2025
40 of 43 checks passed
@vcunat vcunat deleted the backport-373784-to-staging-24.11 branch January 15, 2025 05:43
@mweinelt
Copy link
Member

mweinelt commented Jan 15, 2025

https://nixpk.gs/pr-tracker.html?pr=373811

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LeSuisse LeSuisse LeSuisse approved these changes

@ivan ivan Awaiting requested review from ivan

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LeSuisse @vcunat @mweinelt