Comparing changes
Open a pull request
base repository: NixOS/nixpkgs-channels
base: e758436f9868
head repository: NixOS/nixpkgs-channels
compare: 9d55c1430af7
- 20 commits
- 20 files changed
- 7 contributors
Commits on Oct 2, 2019
-
wpa_supplicant: apply patch for CVE-2019-16275
(cherry picked from commit 5596874)
-
gnupatch: rename patch files to match their CVE ids.
This should be a behavior no-op, but it helps vulnix figure out that we are up to date regarding security patches. (cherry picked from commit 2242bb86d1edbdd8083c840d1160349286372fac)
-
libtiff: patch for CVE-2019-6128, CVE-2019-14973
CVE-2019-14973.patch is a manually backported of the upstream patch to work around some minor merge conflicts. (cherry picked from commit a2e1da7367bf2397cb0cd82a1ab6503a9c1fa5aa)
-
gst-plugins-base,gst_all_1.gst-plugins-base: apply patch for CVE-2019…
…-9928 Refactor the patchPhase management for the package along the way to something more standard. (Cherry pick from 97e4a11b003a5a88397d9a1fc4ee8ce8f006a396 with an extra version of the package to patch in 19.03.)
-
glibc: patch CVE-2018-11236, CVE-2018-11237
Patches have been imported into nixpkgs and manually edited to avoid merge conflicts on ChangeLog / NEWS files. (cherry picked from commit 17be09a)
Commits on Oct 12, 2019
-
-
curl: apply upstream security patch
Partially fixes #70084. Cherry-picked from 19.09's 22b5bbf.
Commits on Oct 13, 2019
-
poppler_0_61: add patch for CVE-2019-9959
custom adapted patch to accommodate the openjpeg1/openjpeg2 split that 0.61 still has (cherry picked from commit e6889d4)
-
Merge #70278: libtiff: patch for CVE-2019-6128, CVE-2019-14973
...into staging-19.03
-
Merge #70273: gnupatch: rename patch files to match their CVE ids
...into staging-19.03
-
Merge #70285: *gst-plugins-base: patch CVE-2019-9928
...into staging-19.03
-
poppler: add patch for CVE-2019-9959 (PR #71046)
(cherry picked from commit 3fa2864)
-
Commits on Oct 14, 2019
-
Merge branch 'staging-19.03' into release-19.03 (security)
Only x86_64-linux has managed to finish rebuilding so far https://hydra.nixos.org/eval/1548583 but I think that's a sufficient trade-off, given that regressions should be very unlikely.
-
wpa_supplicant: apply patch for CVE-2019-16275 [19.03] (#70268)
wpa_supplicant: apply patch for CVE-2019-16275 [19.03]
-
sudo: 1.8.27 -> 1.8.28 (CVE-2019-14287)
(cherry picked from commit 9dbc302)
-
Merge pull request #71146 from delroth/sudo-cve-19.03
sudo: 1.8.27 -> 1.8.28 (CVE-2019-14287) [19.03]
Commits on Oct 15, 2019
-
Since [1], cabal2nix has been able to parse full platform triples. We need this for when the system doesn't say enough info (e.g. android). [1]: NixOS/cabal2nix@0bb88f0#diff-d9172aeec4039eef8cfcc8a2ab6c0677R143 (cherry picked from commit 66a9f39)
-
(cherry picked from commit 09ef6dc)
-
flashplayer: 32.0.0.255 -> 32.0.0.270
(cherry picked from commit 8948290)
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff e758436f9868...9d55c1430af7