Skip to content

trafficserver: 9.2.5 -> 9.2.6 #355733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
getchoo merged 3 commits into from
Dec 8, 2024
Merged

trafficserver: 9.2.5 -> 9.2.6 #355733

getchoo merged 3 commits into from
Dec 8, 2024

Conversation

@Scrumplex
Copy link
Member

@Scrumplex Scrumplex commented Nov 13, 2024
edited
Loading

Fixes:

See https://www.openwall.com/lists/oss-security/2024/11/13/1

apache/trafficserver@9.2.5-rc0...9.2.6
apache/trafficserver@9.2.6...9.2.7

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@Scrumplex Scrumplex added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-24.05 labels Nov 13, 2024
@mweinelt mweinelt requested a review from midchildan November 13, 2024 20:51
@midchildan
Copy link
Member

midchildan commented Nov 13, 2024
edited
Loading

I was working on this on too and the configure script for this release was broken on Darwin, leading to linker errors. Using autoreconfHook fixed it.

Browsing past upstream issues, it appears that this has happened several times in the past. So maybe it's a good idea to always use autoreconfHook.

apache/trafficserver#8556 (comment)

This might eliminate the need to patch the configure script, but I haven't gotten around to confirming that yet.

@Scrumplex
Copy link
Member Author

Scrumplex commented Nov 13, 2024

I am (still) running nixpkgs-review on this. I will go to bed soon, so you can take this PR over if you want to get this merged quickly

@Scrumplex
Copy link
Member Author

Scrumplex commented Nov 14, 2024

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 355733

x86_64-linux

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

aarch64-linux

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

x86_64-darwin

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

aarch64-darwin

❌ 2 packages failed to build:
  • trafficserver
  • trafficserver.man

@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Nov 14, 2024
@Scrumplex
Copy link
Member Author

Scrumplex commented Nov 14, 2024

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 355733

x86_64-linux

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

aarch64-linux

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

x86_64-darwin

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

aarch64-darwin

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

midchildan
midchildan suggested changes Nov 14, 2024
View reviewed changes
@midchildan midchildan mentioned this pull request Nov 14, 2024
Open
@Scrumplex Scrumplex force-pushed the pkgs/trafficserver/9.2.6 branch from dad5f44 to 1047eea Compare November 14, 2024 16:10
@Scrumplex
Copy link
Member Author

Scrumplex commented Nov 14, 2024

I have also removed an unneeded instance of substituteInPlace as well as replacing --replace with --replace-fail to catch these in the future

@ofborg ofborg bot requested a review from midchildan November 15, 2024 03:16
@midchildan
Copy link
Member

midchildan commented Nov 15, 2024
edited
Loading

Looking at the NixOS tests, it's crashing right after launch. There may be issues with the 9.2.6 release.

https://logs.ofborg.org/?key=nixos/nixpkgs.355733&attempt_id=4cfb93a5-4b23-4568-a0bd-39f7ff2672b6

@Scrumplex
trafficserver: 9.2.5 -> 9.2.7
a77796d 
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
@Scrumplex
trafficserver: auto reconfigure broken configure script
f1c275c 
This fixes the build on macOS 11

Upstream recommends always running autoreconf:
apache/trafficserver#8556 (comment)

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
@Scrumplex
trafficserver: remove unneeded substitutes
c3f05c4 
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
@Scrumplex Scrumplex force-pushed the pkgs/trafficserver/9.2.6 branch from 1047eea to c3f05c4 Compare December 2, 2024 20:16
@github-actions github-actions bot removed 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Dec 2, 2024
@Scrumplex
Copy link
Member Author

Scrumplex commented Dec 2, 2024

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 355733

x86_64-linux

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

x86_64-darwin

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

aarch64-darwin

✅ 2 packages built:
  • trafficserver
  • trafficserver.man

@Scrumplex
Copy link
Member Author

Scrumplex commented Dec 2, 2024

@ofborg test trafficserver

@ofborg ofborg bot added 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Dec 3, 2024
@getchoo getchoo added the 12.approvals: 1 This PR was reviewed and approved by one person. label Dec 8, 2024
@getchoo
Copy link
Member

getchoo commented Dec 8, 2024

I'm inclined to merge this soon, as 3 weeks is quite a while for us to have these vulns. Feel free to give another review ofc

midchildan
midchildan approved these changes Dec 8, 2024
View reviewed changes
Copy link
Member

@midchildan midchildan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay. 9.2.7 appears to have fixed the crash issue.

@getchoo getchoo added 12.approvals: 2 This PR was reviewed and approved by two persons. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Dec 8, 2024
@getchoo getchoo merged commit a65078f into NixOS:master Dec 8, 2024
44 of 46 checks passed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Dec 8, 2024

Backport failed for release-24.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-24.05
git worktree add -d .worktree/backport-355733-to-release-24.05 origin/release-24.05
cd .worktree/backport-355733-to-release-24.05
git switch --create backport-355733-to-release-24.05
git cherry-pick -x a65078f73bca61e78878302c61364061fb16b15f

nixpkgs-ci bot pushed a commit that referenced this pull request Dec 8, 2024
@Scrumplex @github-actions
trafficserver: 9.2.5 -> 9.2.6 (#355733)
aec622a 
* trafficserver: 9.2.5 -> 9.2.7

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>

* trafficserver: auto reconfigure broken configure script

This fixes the build on macOS 11

Upstream recommends always running autoreconf:
apache/trafficserver#8556 (comment)

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>

* trafficserver: remove unneeded substitutes

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>

---------

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
(cherry picked from commit a65078f)
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Dec 8, 2024

Successfully created backport PR for release-24.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Dec 8, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@getchoo getchoo getchoo approved these changes

+1 more reviewer

@midchildan midchildan midchildan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 12.approvals: 2 This PR was reviewed and approved by two persons. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Scrumplex @midchildan @getchoo @FliegendeWurst