Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 199de0468881
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c684d8c77df7
Choose a head ref
  • 13 commits
  • 8 files changed
  • 7 contributors

Commits on Jun 18, 2020

  1. json_c: add patch for CVE-2020-12762 

    Fixes: https://nvd.nist.gov/vuln/detail/CVE-2020-12762

(cherry picked from commit d3e1b77)
    @mmilata
    mmilata committed Jun 18, 2020
    Copy the full SHA
    5e1de95 View commit details

  2. Merge pull request #90700 from mmilata/20.03/json-c-cve-2020-12762 

    [20.03] json_c: add patch for CVE-2020-12762
    @worldofpeace
    worldofpeace authored Jun 18, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e69158b View commit details

  3. Merge branch 'release-20.03' into staging-20.03

    @vcunat
    vcunat committed Jun 18, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    799a3b4 View commit details

  4. libexif: 0.6.21 -> 0.6.22 

    Also:
- build from git
- enable cross compilation

(cherry picked from commit e761cfe)
    @erictapen
    erictapen committed Jun 18, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    erictapen Kerstin
    GPG key ID: 5F24E3BD56617EB2
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e3ca027 View commit details

  5. luajit*: patch CVE-2019-19391 

    - upstream argues that this kind of problems can't be called
  vulnerabilities
- the upstream patch is trivial, so why not fix the bug
- nixpkgs master uses git versions already containing that commit
Fixes #90875 (roundup ticket).
    @vcunat
    vcunat committed Jun 18, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    4e48231 View commit details

  6. libjpeg(-turbo): patch CVE-2020-13790 

    Fixes #90864 on 20.03 (roundup issue).
(cherry picked from commit d5fd2ed)
    @vcunat
    vcunat committed Jun 18, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0ba0883 View commit details

  7. Merge pull request #90978 from erictapen/20.03-libexif-0.6.22 

    [20.03] libexif: 0.6.21 -> 0.6.22 for security fixes
    @flokli
    flokli authored Jun 18, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    00e7d87 View commit details

  8. mutt: patch for CVE-2020-14093

    @rnhmjoj
    rnhmjoj committed Jun 18, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    rnhmjoj Michele Guerini Rocco
    GPG key ID: BFBAF4C975F76450
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    fd8bbb8 View commit details

  9. monero: 0.15.0.1 -> 0.16.0.0 

    (cherry picked from commit a311031)
    @rnhmjoj
    rnhmjoj committed Jun 18, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    rnhmjoj Michele Guerini Rocco
    GPG key ID: BFBAF4C975F76450
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0a29dda View commit details

Commits on Jun 19, 2020

  1. monero-gui: 0.15.0.4 -> 0.16.0.0 

    (cherry picked from commit 7c04173)
    @rnhmjoj
    rnhmjoj committed Jun 19, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    rnhmjoj Michele Guerini Rocco
    GPG key ID: BFBAF4C975F76450
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7587e07 View commit details

  2. Merge branch 'staging-20.03' into release-20.03 

    A bunch of CVE fixes.  The libexif change has not been rebuilt on Hydra,
but it's only about a thousand rebuilds (when summed over all platforms).
    @vcunat
    vcunat committed Jun 19, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b2540c7 View commit details

  3. Merge pull request #91072 from rnhmjoj/mutt-20.03 

    [20.03] mutt: patch for CVE-2020-14093
    @rnhmjoj
    rnhmjoj authored Jun 19, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0bc134c View commit details

  4. Merge pull request #91076 from rnhmjoj/monero-20.03 

    [20.03] monero: 0.15 -> 0.16
    @rnhmjoj
    rnhmjoj authored Jun 19, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c684d8c View commit details
14 changes: 9 additions & 5 deletions pkgs/applications/blockchains/monero-gui/default.nix
View file
Original file line number Diff line number Diff line change
@@ -4,21 +4,21 @@
, qtmultimedia, qtxmlpatterns
, qtquickcontrols, qtquickcontrols2
, monero, unbound, readline, boost, libunwind
, libsodium, pcsclite, zeromq, cppzmq
, libsodium, pcsclite, zeromq, libgcrypt, libgpgerror
, hidapi, libusb, protobuf, randomx
}:

with stdenv.lib;

stdenv.mkDerivation rec {
pname = "monero-gui";
version = "0.15.0.4";
version = "0.16.0.0";

src = fetchFromGitHub {
owner = "monero-project";
repo = "monero-gui";
rev = "v${version}";
sha256 = "12m5fgnxkr11q2arx1m5ccpxqm5ljcvm6l547dwqn297zs5jim4z";
sha256 = "06vdrsj5y9k0zn32hspyxc7sw1kkyrvi3chzkdbnxk9jvyj8k4ld";
};

nativeBuildInputs = [ qmake pkgconfig wrapQtAppsHook ];
@@ -27,9 +27,9 @@ stdenv.mkDerivation rec {
qtbase qtdeclarative qtgraphicaleffects
qtmultimedia qtquickcontrols qtquickcontrols2
qtxmlpatterns
monero unbound readline
monero unbound readline libgcrypt libgpgerror
boost libunwind libsodium pcsclite zeromq
cppzmq hidapi libusb protobuf randomx
hidapi libusb protobuf randomx
];

NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ];
@@ -52,6 +52,10 @@ stdenv.mkDerivation rec {
preBuild = ''
sed -i s#/opt/monero-wallet-gui##g Makefile
make -C src/zxcvbn-c
# use nixpkgs monero sources
rmdir monero
ln -s "${monero.src}" monero
'';

desktopItem = makeDesktopItem {
9 changes: 5 additions & 4 deletions pkgs/applications/blockchains/monero/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub
, cmake, pkgconfig
, boost, miniupnpc, openssl, unbound, cppzmq
, boost, miniupnpc, openssl, unbound
, zeromq, pcsclite, readline, libsodium, hidapi
, pythonProtobuf, randomx, rapidjson, libusb
, CoreData, IOKit, PCSC
@@ -10,27 +10,28 @@ assert stdenv.isDarwin -> IOKit != null;

stdenv.mkDerivation rec {
pname = "monero";
version = "0.15.0.1";
version = "0.16.0.0";

src = fetchFromGitHub {
owner = "monero-project";
repo = "monero";
rev = "v${version}";
sha256 = "0sypa235lf2bbib4b71xpaw39h9304slgsvnsz8wmy9fq1zx009m";
sha256 = "0x74h5z0nxxxip97ibc854pqmrgd8r4d6w62m424f66i8gbzfskh";
fetchSubmodules = true;
};

nativeBuildInputs = [ cmake pkgconfig ];

buildInputs = [
boost miniupnpc openssl unbound
cppzmq zeromq pcsclite readline
zeromq pcsclite readline
libsodium hidapi randomx rapidjson
pythonProtobuf libusb
] ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit CoreData PCSC ];

cmakeFlags = [
"-DCMAKE_BUILD_TYPE=Release"
"-DUSE_DEVICE_TREZOR=ON"
"-DBUILD_GUI_DEPS=ON"
"-DReadline_ROOT_DIR=${readline.dev}"
] ++ stdenv.lib.optional stdenv.isDarwin "-DBoost_USE_MULTITHREADED=OFF";
8 changes: 7 additions & 1 deletion pkgs/applications/networking/mailreaders/mutt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -34,7 +34,13 @@ stdenv.mkDerivation rec {
sha256 = "0y3ks10mc7m8c7pd4c4j8pj7n5rqcvzrjs8mzldv7z7jnlb30hkq";
};

patches = optional smimeSupport (fetchpatch {
patches = [
# patch for CVE-2020-14093
(fetchpatch {
url = "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01.patch";
sha256 = "1md4krh76kjbg6nkyvbpjn6iz17c7m7xvdj6gjvjr7akqjhfw48h";
})
] ++ optional smimeSupport (fetchpatch {
url = "https://salsa.debian.org/mutt-team/mutt/raw/debian/1.10.1-2/debian/patches/misc/smime.rc.patch";
sha256 = "0b4i00chvx6zj9pcb06x2jysmrcb2znn831lcy32cgfds6gr3nsi";
});
8 changes: 8 additions & 0 deletions pkgs/development/interpreters/luajit/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{ stdenv, fetchurl, buildPackages
, fetchpatch
, name ? "luajit-${version}"
, isStable
, sha256
@@ -20,6 +21,13 @@ stdenv.mkDerivation rec {

luaversion = "5.1";

patches = [
(fetchpatch {
name = "cve-2019-19391.patch";
url = "https://github.com/LuaJIT/LuaJIT/commit/0cd643d7c.diff";
sha256 = "1ya5h6r3mi7mkjy6bj1hjbl43j3lwh4phmi5q792rrz8az64hnjy";
})
];
postPatch = ''
substituteInPlace Makefile --replace ldconfig :
'';
11 changes: 10 additions & 1 deletion pkgs/development/libraries/json-c/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl, autoconf }:
{ stdenv, fetchurl, fetchpatch, autoconf }:

stdenv.mkDerivation rec {
name = "json-c-0.13.1";
@@ -7,6 +7,15 @@ stdenv.mkDerivation rec {
sha256 = "0ch1v18wk703bpbyzj7h1mkwvsw4rw4qdwvgykscypvqq10678ll";
};

patches = [
# https://nvd.nist.gov/vuln/detail/CVE-2020-12762
(fetchpatch {
name = "CVE-2020-12762.patch";
url = "https://github.com/json-c/json-c/commit/865b5a65199973bb63dff8e47a2f57e04fec9736.patch";
sha256 = "1g5afk4khhm1sb70xrva1pyznshcw3ipzp1g5z60dpzxy303pp6h";
})
];

outputs = [ "out" "dev" ];

nativeBuildInputs = [ autoconf ]; # for autoheader
49 changes: 14 additions & 35 deletions pkgs/development/libraries/libexif/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,24 @@
{ stdenv, fetchurl, fetchpatch, gettext }:
{ stdenv, fetchFromGitHub, autoreconfHook, gettext }:

stdenv.mkDerivation rec {
name = "libexif-0.6.21";
pname = "libexif";
version = "0.6.22";

src = fetchurl {
url = "mirror://sourceforge/libexif/${name}.tar.bz2";
sha256 = "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "${pname}-${builtins.replaceStrings ["."] ["_"] version}-release";
sha256 = "0mzndakdi816zcs13z7yzp7hj031p2dcyfq2p391r63d9z21jmy1";
};

patches = [
(fetchpatch {
name = "CVE-2017-7544.patch";
url = "https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a.patch";
sha256 = "0xgx6ly2i4q05shb61mfx6njwf1yp347jkznm0ka4m85i41xm6sd";
})
(fetchpatch {
name = "CVE-2018-20030-1.patch";
url = "https://github.com/libexif/libexif/commit/5d28011c40ec86cf52cffad541093d37c263898a.patch";
sha256 = "1wv8s962wmbn2m2xypgirf12g6msrbplpsmd5bh86irfwhkcppj3";
})
(fetchpatch {
name = "CVE-2018-20030-2.patch";
url = "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch";
sha256 = "01aqvz63glwq6wg0wr7ykqqghb4abgq77ghvhizbzadg1k4h7drx";
excludes = [ "NEWS" ];
})
(fetchpatch {
name = "CVE-2019-9278.patch";
url = "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566.patch";
sha256 = "10ikg33mips5zq9as7l9xqnyzbg1wwr4sw17517nzf4hafjpasrj";
})
];
nativeBuildInputs = [ autoreconfHook gettext ];

buildInputs = [ gettext ];

meta = {
homepage = https://libexif.github.io/;
meta = with stdenv.lib; {
homepage = "https://libexif.github.io/";
description = "A library to read and manipulate EXIF data in digital photographs";
license = stdenv.lib.licenses.lgpl21;
platforms = stdenv.lib.platforms.unix;
maintainers = [ stdenv.lib.maintainers.erictapen ];
license = licenses.lgpl21;
platforms = platforms.unix;
maintainers = with maintainers; [ erictapen ];
};

}
9 changes: 8 additions & 1 deletion pkgs/development/libraries/libjpeg-turbo/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl, cmake, nasm, enableStatic ? false }:
{ stdenv, fetchurl, fetchpatch, cmake, nasm, enableStatic ? false }:

stdenv.mkDerivation rec {

@@ -11,6 +11,13 @@ stdenv.mkDerivation rec {
};

patches =
[
(fetchpatch {
name = "cve-2020-13790.patch";
url = "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d.diff";
sha256 = "0hm5i6qir5w3zxb0xvqdh4jyvbfg7xnd28arhyfsaclfz9wdb0pb";
})
] ++
stdenv.lib.optional (stdenv.hostPlatform.libc or null == "msvcrt")
./mingw-boolean.patch;

3 changes: 2 additions & 1 deletion pkgs/top-level/all-packages.nix
View file
Original file line number Diff line number Diff line change
@@ -22775,11 +22775,12 @@ in

monero = callPackage ../applications/blockchains/monero {
inherit (darwin.apple_sdk.frameworks) CoreData IOKit PCSC;
boost = boost17x;
pythonProtobuf = python3Packages.protobuf.override { protobuf = protobuf3_10; };
};

monero-gui = libsForQt5.callPackage ../applications/blockchains/monero-gui {
boost = boost16x;
boost = boost17x;
protobuf = protobuf3_10;
};