Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: ffe35783f524
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 063546478304
Choose a head ref
  • 2 commits
  • 2 files changed
  • 2 contributors

Commits on Dec 11, 2019

  1. gitlab: 12.5.3 -> 12.5.4 

    https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/

Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.

When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.

The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.

CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory

closes #75506.

(cherry picked from commit 5bf07d6)
    @flokli
    flokli committed Dec 11, 2019
    Copy the full SHA
    4651952 View commit details

  2. matomo: 3.11 -> 3.13 

    backport of #74319 without the file consistency checks.
3.12 was rated a major security update but was broken for NixOS, therefore jump to 3.13 which incorporates the necessary fix.
    @florianjacob @FRidh
    florianjacob authored and FRidh committed Dec 11, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0635464 View commit details
Showing with 5 additions and 5 deletions.
  1. +3 −3 pkgs/applications/version-management/gitlab/data.json
  2. +2 −2 pkgs/servers/web-apps/matomo/default.nix
6 changes: 3 additions & 3 deletions pkgs/applications/version-management/gitlab/data.json
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"version": "12.5.3",
"repo_hash": "1q76yhg4ygs9w5hb8hbv1908d5pfqzr8idmjp06pa4dw5qqqkv97",
"version": "12.5.4",
"repo_hash": "08jngv83pvxjyw3iaqzv484v4mwgwnzg9am3iqfidl9ihbm7i4h2",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v12.5.3-ee",
"rev": "v12.5.4-ee",
"passthru": {
"GITALY_SERVER_VERSION": "1.72.1",
"GITLAB_PAGES_VERSION": "1.12.0",
4 changes: 2 additions & 2 deletions pkgs/servers/web-apps/matomo/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@

stdenv.mkDerivation rec {
pname = "matomo";
version = "3.11.0";
version = "3.13.0";

src = fetchurl {
url = "https://builds.matomo.org/matomo-${version}.tar.gz";
sha256 = "1fbnmmzzsi3dfm9qm30wypxjcazl37mryaik9mlrb19hnp2md40q";
sha256 = "0h4jqibb86zw5l26r927qrbjhba8c79pc4xp3hgpi25p3fjncax8";
};

nativeBuildInputs = [ makeWrapper ];