Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lemmy: write version to correct file #2

Merged
merged 2 commits into from
Jun 27, 2023
Merged

lemmy: write version to correct file #2

merged 2 commits into from
Jun 27, 2023

Conversation

matejc
Copy link

@matejc matejc commented Jun 27, 2023

Fixed version

@matejc matejc mentioned this pull request Jun 27, 2023
Merged
12 tasks
@adisbladis adisbladis merged commit 494a8fa into adisbladis:lemmy-0_18_0 Jun 27, 2023
3 checks passed
adisbladis pushed a commit that referenced this pull request Jul 5, 2023
@Kranzes
Merge pull request NixOS#240715 from FlafyDev/flutter-cache-drv-2
d625c36 
flutter: Separate cache and unwrapped derivations #2
AndersonTorres pushed a commit that referenced this pull request Aug 5, 2023
@trofi
rtorrent: 0.9.8+date=2021-08-07 -> 0.9.8+date=2022-06-20
0ca93ef 
Pull in _FORTIFY_SOURCE=3 stack smashing fix. Without the change on
current `master` `rtorrent` crashes at start as:

*** buffer overflow detected ***: terminated
                                                                                        __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44      pthread_kill.c: No such file or directory.
(gdb) bt
    #0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
    #1  0x00007ffff7880af3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
    #2  0x00007ffff7831c86 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
    NixOS#3  0x00007ffff781b8ba in __GI_abort () at abort.c:79
    NixOS#4  0x00007ffff781c5f5 in __libc_message (fmt=fmt@entry=0x7ffff7992540 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
    NixOS#5  0x00007ffff7910679 in __GI___fortify_fail (msg=msg@entry=0x7ffff79924e6 "buffer overflow detected") at fortify_fail.c:24
    NixOS#6  0x00007ffff790eea4 in __GI___chk_fail () at chk_fail.c:28
    NixOS#7  0x00007ffff790ea85 in ___snprintf_chk (s=<optimized out>, maxlen=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at snprintf_chk.c:29
    NixOS#8  0x0000000000472acf in utils::Lockfile::try_lock() ()
    NixOS#9  0x000000000044b524 in core::DownloadStore::enable(bool) ()
    NixOS#10 0x00000000004b1f7b in Control::initialize() ()
    NixOS#11 0x000000000043000b in main ()
adisbladis pushed a commit that referenced this pull request Feb 20, 2024
@dotlambda
ceph: fix cryptography override
b06ebb2 
Since ba83271 the build fails with

    applying patch /nix/store/46rxbbvl2l3mrxb50y9rzy7ahgx0lraj-d741901dddd731895346636c0d3556c6fa51fbe6.patch
    patching file tests/hazmat/primitives/test_aead.py
    Hunk #1 FAILED at 56.
    Hunk #2 FAILED at 197.
    Hunk NixOS#3 FAILED at 378.
    Hunk NixOS#4 FAILED at 525.
    Hunk NixOS#5 FAILED at 700.
    Hunk NixOS#6 FAILED at 844.
    6 out of 6 hunks FAILED -- saving rejects to file tests/hazmat/primitives/test_aead.py.rej
adisbladis pushed a commit that referenced this pull request Aug 25, 2024
@Ma27
gitea: drop PAM support
b395692 
Strongly inspired by the forgejo counterpart[1], for the following
reasons:

* The feature is broken with the current module and crashes on
  authentication with the following stacktrace (with a PAM service
  `gitea` added):

      server # Stack trace of thread 1008:
      server # #0  0x00007f3116917dfb __nptl_setxid (libc.so.6 + 0x8ddfb)
      server # #1  0x00007f3116980ae6 setuid (libc.so.6 + 0xf6ae6)
      server # #2  0x00007f30cc80f420 _unix_run_helper_binary (pam_unix.so + 0x5420)
      server # NixOS#3  0x00007f30cc8108c9 _unix_verify_password (pam_unix.so + 0x68c9)
      server # NixOS#4  0x00007f30cc80e1b5 pam_sm_authenticate (pam_unix.so + 0x41b5)
      server # NixOS#5  0x00007f3116a84e5b _pam_dispatch (libpam.so.0 + 0x3e5b)
      server # NixOS#6  0x00007f3116a846a3 pam_authenticate (libpam.so.0 + 0x36a3)
      server # NixOS#7  0x00000000029b1e7a n/a (.gitea-wrapped + 0x25b1e7a)
      server # NixOS#8  0x000000000047c7e4 n/a (.gitea-wrapped + 0x7c7e4)
      server # ELF object binary architecture: AMD x86-64
      server #
      server # [   42.420827] gitea[897]: pam_unix(gitea:auth): unix_chkpwd abnormal exit: 159
      server # [   42.423142] gitea[897]: pam_unix(gitea:auth): authentication failure; logname= uid=998 euid=998 tty= ruser= rhost=  user=snenskek

  It only worked after turning off multiple sandbox settings and adding
  `shadow` as supplementary group to `gitea.service`.

  I'm not willing to maintain additional multiple sandbox settings for
  different features, especially given that it was probably not used for
  quite a long time:

  * There was no PR or bugreport about sandboxing issues related to
    PAM.

  * Ever since the module exists, it used the user `gitea`, i.e. it had
    never read-access to `/etc/shadow`.

* Upstream has it disabled by default[2].

If somebody really needs it, it can still be brought back by an overlay
updating `tags` accordingly and modifying the systemd service config.

[1] 07641a9
[2] https://docs.gitea.com/usage/authentication#pam-pluggable-authentication-module
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matejc @adisbladis