Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: fe4a40a782ac
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: f00d6dfbc685
Choose a head ref
  • 3 commits
  • 2 files changed
  • 3 contributors

Commits on Apr 29, 2020

  1. coturn: apply patch for CVE-2020-6061/6062 

    Fixes: CVE-2020-6061, CVE-2020-6062

An exploitable heap overflow vulnerability exists in the way CoTURN
4.5.1.1 web server parses POST requests. A specially crafted HTTP
POST request can lead to information leaks and other misbehavior.
An attacker needs to send an HTTPS request to trigger this vulnerability.

An exploitable denial-of-service vulnerability exists in the way
CoTURN 4.5.1.1 web server parses POST requests. A specially crafted
HTTP POST request can lead to server crash and denial of service.
An attacker needs to send an HTTP request to trigger this vulnerability.

(cherry picked from commit 704a018)
    @mweinelt
    mweinelt committed Apr 29, 2020

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    142060c View commit details

  2. Merge pull request #86270 from mweinelt/20.03/coturn/CVE-2020-6061+6062 

    [20.03] coturn: apply patch for CVE-2020-6061/6062
    @rasendubi
    rasendubi authored Apr 29, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2a7c7cb View commit details

  3. Revert "st: copy config file in 'prePatch' instead of 'preBuild'" 

    Also change the custom config generation to the postPatch phase.

(cherry picked from commit 50b213a)
    @geistesk @Mic92
    geistesk authored and Mic92 committed Apr 29, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    Mic92 Jörg Thalheim
    GPG key ID: 003F2096411B5F92
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f00d6df View commit details
Showing with 11 additions and 5 deletions.
  1. +2 −3 pkgs/applications/misc/st/default.nix
  2. +9 −2 pkgs/servers/coturn/default.nix
5 changes: 2 additions & 3 deletions pkgs/applications/misc/st/default.nix
View file
Original file line number Diff line number Diff line change
@@ -13,9 +13,8 @@ stdenv.mkDerivation rec {

inherit patches;

prePatch = optionalString (conf != null) ''
cp ${writeText "config.def.h" conf} config.def.h
'';
configFile = optionalString (conf!=null) (writeText "config.def.h" conf);
postPatch = optionalString (conf!=null) "cp ${configFile} config.def.h";

nativeBuildInputs = [ pkgconfig ncurses ];
buildInputs = [ libX11 libXft ] ++ extraLibs;
11 changes: 9 additions & 2 deletions pkgs/servers/coturn/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, openssl, libevent }:
{ stdenv, fetchFromGitHub, fetchpatch, openssl, libevent }:

stdenv.mkDerivation rec {
pname = "coturn";
@@ -13,7 +13,14 @@ stdenv.mkDerivation rec {

buildInputs = [ openssl libevent ];

patches = [ ./pure-configure.patch ];
patches = [
./pure-configure.patch
(fetchpatch {
name = "CVE-2020-6061+6062.patch";
url = "https://sources.debian.org/data/main/c/coturn/4.5.1.1-1.2/debian/patches/CVE-2020-6061+6062.patch";
sha256 = "0fcy1wp91bb4hlhnp96sf9bs0d9hf3pwx5f7b1r9cfvr3l5c1bk2";
})
];

meta = with stdenv.lib; {
homepage = https://coturn.net/;