<title>chore(3p/sources): bump channels & overlays – xz edition</title>
<updated>2024-03-31T22:27:04+00:00</updated>
<author>
<name>sterni</name>
<email>sternenseemann@systemli.org</email>
...</author>
<published>2024-03-31T09:56:52+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=73b1f0407bb224f82cca6ce1854a6080a6afecca"/>
<id>urn:sha1:73b1f0407bb224f82cca6ce1854a6080a6afecca</id>
<content type="text">
Update all 3p/sources as we do normally except
- agenix which is still pinned to 0.15.0
- nixpkgs (unstable) which we bump to the HEAD of the staging-next
branch. This branch includes the downgrade of xz from 5.6.1 to
5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It
also includes the second haskell-updates rotation with GHC 9.6.4
which contains a few build fixes that seem to be required to get
our Haskell targets to work.
Note that this only reverts xz to a version that doesn't contain the now
known backdoor (CVE-2024-3094) which may or may not actually affect
NixOS. Additionally reverting to a version before the malicious
contributor's involvement may be difficult, but prudent:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
Changes required by the updates:
- //3p/overlays/haskell:
- Update ihp-hsx to latest master to fix build with Stackage LTS 22.
- Update tmp-postgres to latest master to work around failure with
ansi-wl-pprint >= 1.
- Patch punycode for mtl >= 2.3.
- //users/Profpatsch:
- Clean up some warnings, mostly about unused dependencies
- my-prelude: Fix build with ghc-boot-9.6.4
- cas-serve: Use crypton over unmaintained cryptonite
- ical-smolify: skip in ci, iCalendar would require heavy patching to
work with Stackage LTS 22.
- //users/{wpcarro,aspen,flokli}:
Disable home-manager / nixos configuration builds that seem to have
transient failures that should disappear as we move away from
staging-next and closer to an actual channel release.
Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
</content>