-
-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
redmine: 5.1.4 -> 5.1.5 #365684
redmine: 5.1.4 -> 5.1.5 #365684
Conversation
@GrahamcOfBorg test redmine |
For whatever reason mariadb is unable to start :/ |
any success resolving that?
since we're vendoring those dependencies into
|
8ef88e4
to
3dff40d
Compare
@GrahamcOfBorg test redmine |
3dff40d
to
d8ee4cc
Compare
@GrahamcOfBorg test redmine |
d8ee4cc
to
e0d4495
Compare
@GrahamcOfBorg test redmine |
Fixed it. x86_64-linux needed to be removed from bundler platforms. Added a line to the update script. That messed up the gems. I feel like the list gets longer and longer :D
With that the tests aren't executed as "insecure" packages need to be allowed. |
yeah, the tests would need to be ran locally generally nixpkgs is pretty strict about marking insecure packages... consider it extra motivation to get things patched ASAP 😅 |
Update Redmine and used gems. Also, remove x86_64-linux from bundler platforms because the gem dependencies are messed up. Updating gems fixes the following CVEs: * CVE-2024-53985 * CVE-2024-53986 * CVE-2024-53987 * CVE-2024-53988 * CVE-2024-53989 The following vulnerabilities remain: * CVE-2024-54133 * GHSA-r95h-9x8f-r3f7 Signed-off-by: Felix Singer <[email protected]>
e0d4495
to
df25565
Compare
Tested that it works. Added the line. Though, these two won't be patched in NixOS stable anytime soon since only Redmine 6.0 fixes them, which is inappropriate to backport. |
@NixOS/nixpkgs-merge-bot merge |
@felixsinger merge not permitted (#305350): |
Successfully created backport PR for |
Update Redmine and also used gems.
Updating gems fixes the following CVEs:
The following vulnerabilities remain:
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.