Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9c9a249b0133
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 675884ffb1d9
Choose a head ref
  • 6 commits
  • 3 files changed
  • 4 contributors

Commits on Nov 7, 2019

  1. opencv3: 3.4.5 -> 3.4.8 (security) 

    addressing CVE-2019-14491, CVE-2019-14492 & CVE-2019-15939

all internal downloads are unchanged for this release

(cherry picked from commit a38ee9f002a36c323b5facd19dcecf65274562c0 & adapted)
    @risicle
    risicle committed Nov 7, 2019
    Copy the full SHA
    327ecc2 View commit details

  2. qemu: add patches for CVE-2019-13164 & CVE-2019-14378 

    (cherry picked from commit 38a4dc2 & adapted)
    @risicle
    risicle committed Nov 7, 2019
    Copy the full SHA
    589ee43 View commit details

Commits on Nov 8, 2019

  1. Merge pull request #73010 from risicle/ris-opencv-3.4.8-r19.03 

    [r19.03] opencv3: 3.4.5 -> 3.4.8, addressing CVE-2019-14491, CVE-2019-14492 & CVE-2019-15939
    @basvandijk
    basvandijk authored Nov 8, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    de1c582 View commit details

  2. Merge pull request #73009 from risicle/ris-qemu-CVEs-r19.03 

    [r19.03] qemu: add patches for CVE-2019-13164 & CVE-2019-14378
    @andir
    andir authored Nov 8, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    78e1f59 View commit details

  3. varnish6: add patch for CVE-2019-15892

    @risicle
    risicle committed Nov 8, 2019
    Copy the full SHA
    b795bab View commit details

  4. Merge pull request #73078 from risicle/ris-varnish-CVE-2019-15892-r19.03 

    [r19.03] varnish6: add patch for CVE-2019-15892
    @infinisil
    infinisil authored Nov 8, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    675884f View commit details
Showing with 20 additions and 5 deletions.
  1. +8 −0 pkgs/applications/virtualization/qemu/default.nix
  2. +3 −3 pkgs/development/libraries/opencv/3.x.nix
  3. +9 −2 pkgs/servers/varnish/default.nix
8 changes: 8 additions & 0 deletions pkgs/applications/virtualization/qemu/default.nix
View file
Original file line number Diff line number Diff line change
@@ -87,6 +87,14 @@ stdenv.mkDerivation rec {
name = "CVE-2019-12155.patch";
sha256 = "0h2q71mcz3gvlrbfkqcgla74jdg73hvzcrwr4max2ckpxx8x9207";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/q/qemu/1:3.1+dfsg-8+deb10u2/debian/patches/slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch";
sha256 = "1yf7cw4ajiy9pwjfscxyfmmbawpk3rkd046y6fd6h4zpf4cc2fn5";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/q/qemu/1:3.1+dfsg-8+deb10u2/debian/patches/qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch";
sha256 = "1ypcdlpg3nap0kg9xkrgrqw33j5ah4j7l4i2cp6d5ap8vrw9nn3l";
})
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optional pulseSupport ./fix-hda-recording.patch
++ optionals stdenv.hostPlatform.isMusl [
6 changes: 3 additions & 3 deletions pkgs/development/libraries/opencv/3.x.nix
View file
Original file line number Diff line number Diff line change
@@ -35,20 +35,20 @@
}:

let
version = "3.4.5";
version = "3.4.8";

src = fetchFromGitHub {
owner = "opencv";
repo = "opencv";
rev = version;
sha256 = "0hz9316ys2qi0lx9dcbsk3mkn8cn08q12hc96p6zz2d4is6d5wsc";
sha256 = "1dnz3gfj70lm1gbrk8pz28apinlqi2x6nvd6xcy5hs08505nqnjp";
};

contribSrc = fetchFromGitHub {
owner = "opencv";
repo = "opencv_contrib";
rev = version;
sha256 = "1fw7qwgibiznqal2dg4alkw8hrrrpjc0jaicf2406604rjm2lx6h";
sha256 = "0psaa1yx36n34l09zd1y8jxgf8q4jzxd3vn06fqmzwzy85hcqn8i";
};

# Contrib must be built in order to enable Tesseract support:
11 changes: 9 additions & 2 deletions pkgs/servers/varnish/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
{ stdenv, fetchurl, pcre, libxslt, groff, ncurses, pkgconfig, readline, libedit
{ stdenv, fetchurl, fetchpatch, pcre, libxslt, groff, ncurses, pkgconfig, readline, libedit
, python2, makeWrapper }:

let
common = { version, sha256, extraBuildInputs ? [] }:
common = { version, sha256, extraBuildInputs ? [], patches ? null }:
stdenv.mkDerivation rec {
inherit patches;
name = "varnish-${version}";

src = fetchurl {
@@ -50,5 +51,11 @@ in
version = "6.1.1";
sha256 = "0gf9hzzrr1lndbbqi8cwlfasi7l517cy3nbgna88i78lm247rvp0";
extraBuildInputs = [ python2.pkgs.sphinx ];
patches = [
(fetchpatch {
url = "https://sources.debian.org/data/main/v/varnish/6.1.1-1+deb10u1/debian/patches/CVE-2019-15892.patch";
sha256 = "03jlflgry4j9f34kxni64j6583jqr828zgy68ywdmglpxkgpyma7";
})
];
};
}