Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: e716ddfac4be
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: aceb539221d6
Choose a head ref
  • 10 commits
  • 5 files changed
  • 8 contributors

Commits on Mar 6, 2021

  1. re2c: fix CVE-2018-21232 

    It backports patches from 2.0 series to fix CVE-2018-21232.

References:
#88391
https://www.openwall.com/lists/oss-security/2020/04/27/2
skvadrik/re2c#219

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
(cherry picked from commit 5854bf0)
    @omasanori
    omasanori committed Mar 6, 2021
    Copy the full SHA
    e6aded5 View commit details
    Browse the repository at this point in the history

  2. ffmpeg: 4.3.1 -> 4.3.2 

    https://nvd.nist.gov/vuln/detail/CVE-2020-35964
https://nvd.nist.gov/vuln/detail/CVE-2020-35965
(cherry picked from commit f94e21c)
    @TredwellGit @dotlambda
    TredwellGit authored and dotlambda committed Mar 6, 2021
    Copy the full SHA
    3e7183b View commit details
    Browse the repository at this point in the history

Commits on Mar 7, 2021

  1. Merge pull request #115227 from omasanori/backport-114391 

    [20.09] re2c: fix CVE-2018-21232
    @dotlambda
    dotlambda committed Mar 7, 2021
    Copy the full SHA
    39c4c97 View commit details
    Browse the repository at this point in the history

  2. pythonPackages.pyyaml: patch CVE-2020-14343 

    Apply patch from yaml/pyyaml#472.
    @dotlambda
    dotlambda committed Mar 7, 2021
    Copy the full SHA
    1f04d4b View commit details
    Browse the repository at this point in the history

Commits on Mar 8, 2021

  1. Merge pull request #115240 from dotlambda/ffmpeg-4.3.2 

    [20.09] ffmpeg: 4.3.1 -> 4.3.2
    @mweinelt
    mweinelt committed Mar 8, 2021
    Copy the full SHA
    d49c2e0 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'release-20.09' into staging-20.09

    @roberth
    roberth committed Mar 8, 2021
    Copy the full SHA
    685b63f View commit details
    Browse the repository at this point in the history

  3. Merge pull request #115343 from dotlambda/CVE-2020-14343 

    [staging-20.09] pythonPackages.pyyaml: patch CVE-2020-14343
    @roberth
    roberth committed Mar 8, 2021
    Copy the full SHA
    da85159 View commit details
    Browse the repository at this point in the history

  4. pythonPackages.ddt: fix tests 

    (cherry picked from commit 94e6081)
    @dotlambda @roberth
    dotlambda authored and roberth committed Mar 8, 2021
    Copy the full SHA
    ee398af View commit details
    Browse the repository at this point in the history

Commits on Mar 9, 2021

  1. git: 2.29.2 -> 2.29.3 (CVE-2021-21300) 

    Links for the security issue:
- https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/
- GHSA-8prw-h3cq-mghm
- https://github.blog/2021-03-09-git-clone-vulnerability-announced/

This also fixes meta.changelog (was using ${version} instead of
v${version} for the tag name).
    @primeos
    primeos authored and Jonathan Ringer committed Mar 9, 2021
    Copy the full SHA
    6da3bd8 View commit details
    Browse the repository at this point in the history

Commits on Mar 12, 2021

  1. Merge branch 'staging-20.09' into release-20.09 

    Only darwin builds remain now (~20k ATM):
https://hydra.nixos.org/eval/1654225
I don't that as sufficient motivation to delay these security fixes.
    @vcunat
    vcunat committed Mar 12, 2021
    Copy the full SHA
    aceb539 View commit details
    Browse the repository at this point in the history