Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 021d733ea3f8
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e67076243469
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Sep 15, 2019

  1. expat: patch CVE-2019-15903 (from Debian, issue #68818) 

    I hope this URL will last for a few months, feel free to find better.
    @vcunat
    vcunat committed Sep 15, 2019
    Copy the full SHA
    531fe80 View commit details

Commits on Sep 20, 2019

  1. Merge branch 'staging-19.03' into release-19.03 

    (expat: security patch)
    @vcunat
    vcunat committed Sep 20, 2019
    Copy the full SHA
    e670762 View commit details
Showing with 7 additions and 0 deletions.
  1. +7 −0 pkgs/development/libraries/expat/default.nix
7 changes: 7 additions & 0 deletions pkgs/development/libraries/expat/default.nix
View file
Original file line number Diff line number Diff line change
@@ -15,6 +15,13 @@ stdenv.mkDerivation rec {
sha256 = "1i7bq9sp2k5348dvbfv26bprzv6ka1abf0j5ixjaff9alndm4f19";
stripLen = 1;
})
(fetchpatch {
name = "CVE-2019-15903.patch";
url = "https://sources.debian.org/data/main/e/expat/2.2.7-2/debian/patches/CVE-2019-15903_Deny_internal_entities_closing_the_doctype.patch";
sha256 = "0lv4392ihpk71fgaf1fz03gandqkaqisal8xrzvcqnvnq4mnmwxp";
stripLen = 1;
excludes = [ "tests/runtests.c" "Changes" ];
})
];

outputs = [ "out" "dev" ]; # TODO: fix referrers