Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 00564a7d0912
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 1c1c6c4b0057
Choose a head ref
  • 16 commits
  • 13 files changed
  • 8 contributors

Commits on Mar 8, 2021

  1. glib: 2.64.5 -> 2.64.6

    @amaxine
    amaxine committed Mar 8, 2021
    Copy the full SHA
    175e921 View commit details
    Browse the repository at this point in the history

Commits on Mar 15, 2021

  1. openssh: 8.4p1 -> 8.5p1 and refactor 

    Also split out the variants of the package because I'm sick of waiting
for random patches to be updated before I can update my unpatched
openssh.

Also make pname correspond to the attribute name.

(cherry picked from commit c99c499)
    @dasJ
    dasJ committed Mar 15, 2021
    Copy the full SHA
    8aabb84 View commit details
    Browse the repository at this point in the history

  2. openssh_hpn/openssh_gssapi: Add CVE-2021-28041 

    (cherry picked from commit 2b1011d)
    @dasJ
    dasJ committed Mar 15, 2021
    Copy the full SHA
    86f8de4 View commit details
    Browse the repository at this point in the history

Commits on Mar 20, 2021

  1. libtiff: fix two security issues 

    CVE-2020-35523:
An integer overflow flaw was found in libtiff that exists in the
tif_getimage.c file. This flaw allows an attacker to inject and execute
arbitrary code when a user opens a crafted TIFF file. The highest
threat from this vulnerability is to confidentiality, integrity, as
well as system availability.

CVE-2020-35524:
A heap-based buffer overflow flaw was found in libtiff in the handling
of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF
file can lead to arbitrary code execution. The highest threat from this
vulnerability is to confidentiality, integrity, as well as system
availability.

Fixes: CVE-2020-35523, CVE-2020-35524
    @mweinelt
    mweinelt committed Mar 20, 2021
    Copy the full SHA
    3f40a5f View commit details
    Browse the repository at this point in the history

  2. Merge pull request #115439 from maxeaubrey/20.09_glib_2.64.6 

    [20.09] glib: 2.64.5 -> 2.64.6
    @mweinelt
    mweinelt committed Mar 20, 2021
    Copy the full SHA
    98445ff View commit details
    Browse the repository at this point in the history

  3. Merge pull request #116280 from mweinelt/20.09/libtiff 

    [20.09] libtiff: fix two security issues
    @mweinelt
    mweinelt committed Mar 20, 2021
    Copy the full SHA
    7b90c6f View commit details
    Browse the repository at this point in the history

Commits on Mar 21, 2021

  1. python3Packages.django_2: 2.2.18 -> 2.2.19 

    This fixes CVE-2021-23336:
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/

(cherry picked from commit c63208e)
    @dotlambda
    dotlambda committed Mar 21, 2021
    Copy the full SHA
    1e16bda View commit details
    Browse the repository at this point in the history

  2. popt: 1.16 -> 1.18 

    (cherry picked from commit 2e4e20f)
    @r-ryantm @dotlambda
    r-ryantm authored and dotlambda committed Mar 21, 2021
    Copy the full SHA
    bf59c47 View commit details
    Browse the repository at this point in the history

Commits on Mar 22, 2021

  1. Merge pull request #116431 from helsinki-systems/bp/openssh85 

    [staging-20.09] openssh: 8.4p1 -> 8.5p1 and mark CVE-2021-28041
    @roberth
    roberth committed Mar 22, 2021
    Copy the full SHA
    44749ee View commit details
    Browse the repository at this point in the history

  2. Merge pull request #117082 from dotlambda/django_2-2.2.19 

    [staging-20.09] python3Packages.django_2: 2.2.18 -> 2.2.19
    @roberth
    roberth committed Mar 22, 2021
    Copy the full SHA
    ab8e228 View commit details
    Browse the repository at this point in the history

  3. Merge #114192: gnutls: 3.6.15 -> 3.7.1 

    It includes a low-severity security fix:
https://gnutls.org/security-new.html#GNUTLS-SA-2021-03-10

(cherry picked from commit a253ed2)
    @vcunat
    vcunat committed Mar 22, 2021
    Copy the full SHA
    653b9a1 View commit details
    Browse the repository at this point in the history

  4. nettle: 3.6 -> 3.7.2 (security) 

    https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html
It's meant to be fully compatible with 3.6, so we can fast-track it.

(cherry picked from commit f688168)
    @vcunat
    vcunat committed Mar 22, 2021
    Copy the full SHA
    f85d91e View commit details
    Browse the repository at this point in the history

  5. Merge branch 'release-20.09' into staging-20.09

    @vcunat
    vcunat committed Mar 22, 2021
    Copy the full SHA
    a335aa6 View commit details
    Browse the repository at this point in the history

  6. Merge pull request #117020 from dotlambda/popt-1.18 

    [staging-20.09] popt: 1.16 -> 1.18
    @roberth
    roberth committed Mar 22, 2021
    Copy the full SHA
    5ce64bf View commit details
    Browse the repository at this point in the history

Commits on Mar 24, 2021

  1. Re-apply "unbound: 1.13.0 -> 1.13.1" 

    master commit: a24b40b; moved to staging-20.09 in 36d15c7
    @vcunat
    vcunat committed Mar 24, 2021
    Copy the full SHA
    3deaa4b View commit details
    Browse the repository at this point in the history

Commits on Mar 25, 2021

  1. Merge branch 'staging-20.09' into release-20.09 

    The jobset on Hydra is >90% complete, so let's merge to update -small.
https://hydra.nixos.org/eval/1657620
    @vcunat
    vcunat committed Mar 25, 2021
    Copy the full SHA
    1c1c6c4 View commit details
    Browse the repository at this point in the history