Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 91d04b9b23c3
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: ca6b6595392b
Choose a head ref
  • 4 commits
  • 2 files changed
  • 4 contributors

Commits on Nov 4, 2019

  1. file: add patch for CVE-2019-18218 

    upstream patch https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84.patch
doesn't apply directly, debian have a version which has been adapted for
5.37.

(cherry picked from commit 99273fc)
    @risicle
    risicle committed Nov 4, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6C654787275A64F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    be28735 View commit details

  2. Merge pull request #72798 from risicle/ris-file-CVE-2019-18218-r19.03 

    [r19.03] file: add patch for CVE-2019-18218
    @flokli
    flokli authored Nov 4, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6C654787275A64F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c06d264 View commit details

Commits on Nov 9, 2019

  1. libtiff: Patch CVE-2019-7663 (PR #72092) 

    (cherry picked from commit 5270c3a)
/cc #57158.
    @JohnAZoidberg @vcunat
    JohnAZoidberg authored and vcunat committed Nov 9, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6C654787275A64F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    38539ba View commit details

Commits on Nov 12, 2019

  1. Merge branch 'staging-19.03' into release-19.03

    @vcunat
    vcunat committed Nov 12, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6C654787275A64F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ca6b659 View commit details
Showing with 14 additions and 1 deletion.
  1. +5 −0 pkgs/development/libraries/libtiff/default.nix
  2. +9 −1 pkgs/tools/misc/file/default.nix
5 changes: 5 additions & 0 deletions pkgs/development/libraries/libtiff/default.nix
View file
Original file line number Diff line number Diff line change
@@ -23,6 +23,11 @@ stdenv.mkDerivation rec {
name = "CVE-2019-6128.patch";
sha256 = "03yvsfq6dxjd3v8ypfwz6cpz2iymqwcbawqqlmkh40dayi7fgizr";
})
(fetchurl {
url = "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39.patch";
name = "CVE-2019-7663.patch";
sha256 = "01nq5z1l55clasy4aqr0r2rgiaxay1108vni2nzd8lx4qc5q09hx";
})
# Manual backport of https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773.patch
./CVE-2019-14973.patch
];
10 changes: 9 additions & 1 deletion pkgs/tools/misc/file/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl, file, zlib, libgnurx }:
{ stdenv, fetchurl, fetchpatch, file, zlib, libgnurx }:

stdenv.mkDerivation rec {
name = "file-${version}";
@@ -12,6 +12,14 @@ stdenv.mkDerivation rec {
sha256 = "0ya330cdkvfi2d28h8gvhghj4gnhysmifmryysl0a97xq2884q7v";
};

patches = [
(fetchpatch {
name = "CVE-2019-18218.patch";
url = "https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch";
sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
})
];

nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;
buildInputs = [ zlib ]
++ stdenv.lib.optional stdenv.hostPlatform.isWindows libgnurx;