Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9befcbb660ed
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5b668388bf6f
Choose a head ref
30 contributors

Commits on Oct 2, 2019

  1. gnupatch: rename patch files to match their CVE ids. 

    This should be a behavior no-op, but it helps vulnix figure out that we
are up to date regarding security patches.

(cherry picked from commit 2242bb8)
    @delroth
    delroth committed Oct 2, 2019
    Copy the full SHA
    3490327 View commit details

Commits on Oct 23, 2019

  1. ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019… 

    …-14812, CVE-2019-14813 and some of CVE-2019-14817

as with master, not all of the CVE-2019-14817 patch applies cleanly, but
the parts that do should provide some protection
    @risicle
    risicle committed Oct 23, 2019
    Copy the full SHA
    bd3f644 View commit details

Commits on Oct 24, 2019

  1. Merge release-19.09 into staging-19.09

    @FRidh
    FRidh committed Oct 24, 2019
    Copy the full SHA
    1b334b8 View commit details

Commits on Oct 25, 2019

  1. cmake: process -iframework in setup-hook 

    This fixes a regression in #26197

Fixes: f496357 ('cc-wrapper: use -iframework instead of -F')
(cherry picked from commit c8041d9)

cc #70997
    @veprbl
    veprbl committed Oct 25, 2019
    Copy the full SHA
    a81eee2 View commit details

Commits on Oct 28, 2019

  1. Merge pull request #71872 from risicle/ris-ghostscript-CVEs-r19.09 

    [19.09] ghostscript: add patches for CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and some of CVE-2019-14817
    Christian Kauhaus authored Oct 28, 2019
    Copy the full SHA
    828d37d View commit details

  2. file: add patch for CVE-2019-18218 

    Cherry-picked from #72025

upstream patch https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84.patch
doesn't apply directly, debian have a version which has been adapted for
5.37.
    @risicle
    risicle authored and Christian Kauhaus committed Oct 28, 2019
    Copy the full SHA
    f25255e View commit details

  3. libuv: 1.30.1 -> 1.32.0 

    https://github.com/libuv/libuv/releases/tag/v1.32.0
https://github.com/libuv/libuv/releases/tag/v1.31.0
    @dtzWill @wmertens
    dtzWill authored and wmertens committed Oct 28, 2019
    Copy the full SHA
    81f4c49 View commit details

  4. nodejs-10_x: 10.16.0 -> 10.17.0 

    Release notes: https://nodejs.org/en/blog/release/v10.17.0/
    @marsam @wmertens
    marsam authored and wmertens committed Oct 28, 2019
    Copy the full SHA
    3ebf460 View commit details

  5. nodejs-12_x: 12.5.0 -> 12.10.0

    @marsam @wmertens
    marsam authored and wmertens committed Oct 28, 2019
    Copy the full SHA
    6265fc8 View commit details

  6. nodejs-12_x: 12.10.0 -> 12.13.0 

    Changelog: https://github.com/nodejs/node/releases/tag/v12.13.0
    @marsam @wmertens
    marsam authored and wmertens committed Oct 28, 2019
    Copy the full SHA
    fa4ff4d View commit details

  7. Merge pull request #71902 from wmertens/nodejs-backport 

    19.09: Nodejs backport
    @Ma27
    Ma27 authored Oct 28, 2019
    Copy the full SHA
    0141bd3 View commit details

Commits on Nov 1, 2019

  1. rPackages.RMySQL: Fix build 

    RMySQL was not building as `mysql_config` (which the config script
uses to determine C flags) is in pkgs.mysql.connector-c.dev but not
pkgs.mysql.connector-c
    @mm--
    mm-- committed Nov 1, 2019
    Copy the full SHA
    ff7cd0e View commit details

  2. rPackages.RMariaDB: Fix build 

    Issue #62412 reported that the configure script was not running.
It needed `patchShebangs` as well as the `mariadb.connector-c.dev` library.
    @mm--
    mm-- committed Nov 1, 2019
    Copy the full SHA
    bf9c4ad View commit details

  3. buildRustPackage: support checkFlags and checkFlagsArray 

    (cherry picked from commit 7391a7d)
    @andir
    andir committed Nov 1, 2019
    Copy the full SHA
    b22fe37 View commit details

  4. rust-cbindgen: skip expand tests 

    The expand tests require unstable rust features.

(cherry picked from commit 2deef75)
    @andir
    andir committed Nov 1, 2019
    Copy the full SHA
    c8da23b View commit details

  5. rust-cbdindgen: 0.9.0 -> 0.9.1 

    (cherry picked from commit f19920f)
    @andir
    andir committed Nov 1, 2019
    Copy the full SHA
    088c7c1 View commit details

  6. nss: 3.46 -> 3.46.1 

    (cherry picked from commit b4f278a)
    @andir
    andir committed Nov 1, 2019
    Copy the full SHA
    bcdedc8 View commit details

  7. sqlite: add 3.30 variant for firefox

    @andir
    andir committed Nov 1, 2019
    Copy the full SHA
    098dbcd View commit details

  8. firefox: 69.0.2 -> 70.0 

    (cherry picked from commit 1b2b476)
    @andir
    andir committed Nov 1, 2019
    Copy the full SHA
    e3aca95 View commit details

  9. firefox-esr: 68.1.0esr -> 68.2.0esr 

    (cherry picked from commit 20dae73)
    @taku0 @andir
    taku0 authored and andir committed Nov 1, 2019
    Copy the full SHA
    682eafb View commit details

  10. firefox-bin: 69.0.2 -> 70.0 

    (cherry picked from commit dc6ea54)
    @taku0 @andir
    taku0 authored and andir committed Nov 1, 2019
    Copy the full SHA
    f998cae View commit details

  11. firefox-bin: 70.0 -> 70.0.1 

    (cherry picked from commit 14282e9)
    @taku0 @andir
    taku0 authored and andir committed Nov 1, 2019
    Copy the full SHA
    2850361 View commit details

  12. firefox: 70.0 -> 70.0.1 

    (cherry picked from commit 0bc5d7f)
    @taku0 @andir
    taku0 authored and andir committed Nov 1, 2019
    Copy the full SHA
    643c809 View commit details

Commits on Nov 2, 2019

  1. Merge pull request #71714 from andir/19.09/firefox-70-staging 

    [19.09] firefox 70 (staging)
    @andir
    andir authored Nov 2, 2019
    Copy the full SHA
    e65f424 View commit details

  2. sqlite_3_30: update hash 

    I managed to push the wrong commit earlier. This is now the correct
version.
    @andir
    andir committed Nov 2, 2019
    Copy the full SHA
    80d6183 View commit details

Commits on Nov 3, 2019

  1. networkmanager: fix PPPD_PATH 

    Fixes #72330 for 19.09.

Upstream MR: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/323

Fix on master: #72362
    @worldofpeace
    worldofpeace committed Nov 3, 2019
    Copy the full SHA
    e839313 View commit details

Commits on Nov 4, 2019

  1. Merge pull request #70272 from delroth/gnupatch-cve-19.09 

    gnupatch: rename patch files to match their CVE ids [19.09]
    Christian Kauhaus authored Nov 4, 2019
    Copy the full SHA
    d74b568 View commit details

  2. Merge branch release-19.09 into staging-19.09

    @andir
    andir committed Nov 4, 2019
    Copy the full SHA
    d8cda0d View commit details

Commits on Nov 5, 2019

  1. ghcjs: disable profiling by default 

    (cherry picked from commit 4fd3f72)
    @yorickvP
    yorickvP committed Nov 5, 2019
    Copy the full SHA
    8c501b4 View commit details

  2. haskell.compiler.ghcjs86: Bump ghc-8.6 branch, fix build. 

    (cherry picked from commit 348656c)
    @TravisWhitaker @yorickvP
    TravisWhitaker authored and yorickvP committed Nov 5, 2019
    Copy the full SHA
    091cd8c View commit details

  3. Merge pull request #72363 from worldofpeace/nm-fix-pppd-path-19.09 

    [staging-19.09] networkmanager: fix PPPD_PATH
    @worldofpeace
    worldofpeace authored Nov 5, 2019
    Copy the full SHA
    baedf07 View commit details

  4. skrooge: Fix build 

    (cherry picked from commit 1d5661c)
    @Flakebi @aanderse
    Flakebi authored and aanderse committed Nov 5, 2019
    Copy the full SHA
    d5b554c View commit details

Commits on Nov 6, 2019

  1. Merge staging-19.09 into release-19.09

    @andir
    andir committed Nov 6, 2019
    Copy the full SHA
    821c7ed View commit details

  2. zsh-history-substring-search: 1.0.1 -> 1.0.2 

    (cherry picked from commit e834edc)
    @r-ryantm @alyssais
    r-ryantm authored and alyssais committed Nov 6, 2019
    Copy the full SHA
    6780988 View commit details

  3. zstd: 1.4.3 -> 1.4.4 

    (cherry picked from commit cb7e94a)
    @alyssais
    Timothy DeHerrera authored and alyssais committed Nov 6, 2019
    Copy the full SHA
    17a7536 View commit details

  4. ocamlPackages.reason: 3.5.0 → 3.5.1 

    Ensure compatibility with OCaml 4.09

(cherry picked from commit 92930b8)
    @vbgl @alyssais
    vbgl authored and alyssais committed Nov 6, 2019
    Copy the full SHA
    7489b6b View commit details

  5. matrix-synapse service: blacklist local IPv6 addresses by default 

    (cherry picked from commit 2219129)
    @abbradar @Ma27
    abbradar authored and Ma27 committed Nov 6, 2019
    Copy the full SHA
    03be762 View commit details

  6. Merge pull request #72413 from mm--/fix-rmysql-rmariadb 

    [19.09] rPackages.RMariaDB, rPackages.RMySQL: Fix builds
    @peti
    peti authored Nov 6, 2019
    Copy the full SHA
    250fe56 View commit details

  7. grafana: 6.4.3 -> 6.4.4 

    (cherry picked from commit d476363)
    @WilliButz @Ma27
    WilliButz authored and Ma27 committed Nov 6, 2019
    Copy the full SHA
    362c66a View commit details

  8. linux: 4.14.151 -> 4.14.152

    @NeQuissimus
    NeQuissimus committed Nov 6, 2019
    Copy the full SHA
    03cd033 View commit details

  9. linux: 4.19.81 -> 4.19.82

    @NeQuissimus
    NeQuissimus committed Nov 6, 2019
    Copy the full SHA
    4416b2c View commit details

  10. linux: 4.4.198 -> 4.4.199

    @NeQuissimus
    NeQuissimus committed Nov 6, 2019
    Copy the full SHA
    164a77c View commit details

  11. linux: 4.9.198 -> 4.9.199

    @NeQuissimus
    NeQuissimus committed Nov 6, 2019
    Copy the full SHA
    20005e9 View commit details

  12. linux: 5.3.8 -> 5.3.9

    @adisbladis @NeQuissimus
    adisbladis authored and NeQuissimus committed Nov 6, 2019
    Copy the full SHA
    01dfa03 View commit details

  13. Merge pull request #72830 from LumiGuide/backport-ghcjs-fixes 

    [backport] ghcjs fixes
    @basvandijk
    basvandijk authored Nov 6, 2019
    Copy the full SHA
    bc3fcdf View commit details

  14. graylog: 3.1.2 -> 3.1.3 

    (cherry picked from commit 98b0f8c)
    @Ma27
    Tristan Helmich (omniIT) authored and Ma27 committed Nov 6, 2019
    Copy the full SHA
    cbb30f0 View commit details

  15. nlohmann_json: disable tests for now since they timeout 

    (cherry picked from commit 7456f19)
    @davidak
    davidak committed Nov 6, 2019
    Copy the full SHA
    9dc6fc3 View commit details

  16. Merge pull request #72865 from aanderse/skrooge 

    skrooge: Fix build [19.09 backport]
    @aanderse
    aanderse authored Nov 6, 2019
    Copy the full SHA
    a651397 View commit details

  17. Merge pull request #72944 from davidak/nlohmann_json_disable_tests_19.09 

    Backport nlohmann_json: disable tests for now since they timeout
    @grahamc
    grahamc authored Nov 6, 2019
    Copy the full SHA
    4023852 View commit details

  18. nixos/networkmanager: fix merging options 

    Incorrect merging of modules resulted in dhcpcd being enabled causing flaky network connection.

#64364

Fixing it uncovered an infinite recursion from the same commit, previously masked by the incorrect merge.

While this is not a problem in 19.09, we can still drop the `mkDefault` for `networking.wireless.enable` as it is already `false` by default.

Closes: #72416

(cherry picked from commit 894fdfa)
    @jtojnar
    jtojnar committed Nov 6, 2019
    Copy the full SHA
    ab7f310 View commit details
Showing with 648 additions and 450 deletions.
  1. +3 −0 nixos/modules/services/misc/matrix-synapse.nix
  2. +14 −10 nixos/modules/services/networking/networkmanager.nix
  3. +373 −373 pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
  4. +4 −4 pkgs/applications/networking/browsers/firefox/packages.nix
  5. +9 −2 pkgs/applications/office/skrooge/default.nix
  6. +2 −2 pkgs/build-support/rust/default.nix
  7. +4 −5 pkgs/desktops/xfce4-14/xfburn/default.nix
  8. +4 −0 pkgs/development/compilers/ghcjs-ng/8.6/dep-overrides.nix
  9. +2 −2 pkgs/development/compilers/ghcjs-ng/8.6/git.json
  10. +5 −4 pkgs/development/compilers/ghcjs-ng/8.6/stage0.nix
  11. +1 −2 pkgs/development/compilers/ghcjs-ng/common-overrides.nix
  12. +0 −1 pkgs/development/compilers/ghcjs-ng/default.nix
  13. +3 −3 pkgs/development/compilers/reason/default.nix
  14. +1 −1 pkgs/development/haskell-modules/generic-builder.nix
  15. +2 −2 pkgs/development/libraries/libuv/default.nix
  16. +3 −1 pkgs/development/libraries/nlohmann_json/default.nix
  17. +2 −2 pkgs/development/libraries/nss/default.nix
  18. +84 −0 pkgs/development/libraries/sqlite/3-30.nix
  19. +8 −2 pkgs/development/r-modules/default.nix
  20. +8 −0 pkgs/development/tools/build-managers/cmake/setup-hook.sh
  21. +7 −5 pkgs/development/tools/rust/cbindgen/default.nix
  22. +11 −0 pkgs/development/web/nodejs/disable-libatomic-darwin.patch
  23. +2 −2 pkgs/development/web/nodejs/v10.nix
  24. +5 −3 pkgs/development/web/nodejs/v12.nix
  25. +36 −0 pkgs/misc/ghostscript/9.26-CVE-2019-10216.patch
  26. +14 −0 pkgs/misc/ghostscript/default.nix
  27. +2 −2 pkgs/os-specific/linux/kernel/linux-4.14.nix
  28. +2 −2 pkgs/os-specific/linux/kernel/linux-4.19.nix
  29. +2 −2 pkgs/os-specific/linux/kernel/linux-4.4.nix
  30. +2 −2 pkgs/os-specific/linux/kernel/linux-4.9.nix
  31. +2 −2 pkgs/os-specific/linux/kernel/linux-5.3.nix
  32. +3 −3 pkgs/servers/monitoring/grafana/default.nix
  33. +2 −2 pkgs/shells/zsh/zsh-history-substring-search/default.nix
  34. +2 −2 pkgs/tools/compression/zstd/default.nix
  35. +9 −1 pkgs/tools/misc/file/default.nix
  36. +2 −2 pkgs/tools/misc/graylog/default.nix
  37. +8 −1 pkgs/tools/networking/network-manager/default.nix
  38. 0 pkgs/tools/text/gnupatch/{CVE-2019-13638.patch → CVE-2019-13638-and-CVE-2018-20969.patch}
  39. +3 −3 pkgs/tools/text/gnupatch/default.nix
  40. +2 −0 pkgs/top-level/all-packages.nix
3 changes: 3 additions & 0 deletions nixos/modules/services/misc/matrix-synapse.nix
View file
Original file line number Diff line number Diff line change
@@ -407,6 +407,9 @@ in {
"192.168.0.0/16"
"100.64.0.0/10"
"169.254.0.0/16"
"::1/128"
"fe80::/64"
"fc00::/7"
];
description = ''
List of IP address CIDR ranges that the URL preview spider is denied
24 changes: 14 additions & 10 deletions nixos/modules/services/networking/networkmanager.nix
View file
Original file line number Diff line number Diff line change
@@ -515,16 +515,20 @@ in {
aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
};

# Turn off NixOS' network management
networking = {
useDHCP = false;
# use mkDefault to trigger the assertion about the conflict above
wireless.enable = mkDefault false;
} // (mkIf cfg.enableStrongSwan {
networkmanager.packages = [ pkgs.networkmanager_strongswan ];
}) // (mkIf enableIwd {
wireless.iwd.enable = true;
});
# Turn off NixOS' network management when networking is managed entirely by NetworkManager
networking = mkMerge [
{
useDHCP = false;
}

(mkIf cfg.enableStrongSwan {
networkmanager.packages = [ pkgs.networkmanager_strongswan ];
})

(mkIf enableIwd {
wireless.iwd.enable = true;
})
];

security.polkit.extraConfig = polkitConf;

Loading