Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: c8db7a8a16ee
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 8818bed7716f
Choose a head ref
  • 5 commits
  • 4 files changed
  • 3 contributors

Commits on Nov 24, 2019

  1. aspell: add patch for CVE-2019-17544 (#74039) 

    (cherry picked from commit b8920d3)
    @risicle @c0bw3b
    risicle authored and c0bw3b committed Nov 24, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    brainrake Márton Boros
    GPG key ID: C0D4B398D4F3158F
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    946f13c View commit details

  2. fribidi: add patch for CVE-2019-18397 (#73718) 

    (adjusted cherry-pick from 55b583d)
    @risicle @c0bw3b
    risicle authored and c0bw3b committed Nov 24, 2019
    Copy the full SHA
    918f58f View commit details

Commits on Jan 11, 2020

  1. openssl_1_0_2: 1.0.2t -> 1.0.2u (low-severity security) 

    Fixes #77266: CVE-2019-1551
https://www.openssl.org/news/secadv/20191206.txt

(cherry picked from commit 961d0cf)
    @vcunat
    vcunat committed Jan 11, 2020
    Copy the full SHA
    1a99f4c View commit details

Commits on Jan 13, 2020

  1. pythonPackages.pyopenssl: fix build, fixes #76879 

    (cherry picked from commit e279676)
    @FRidh
    FRidh committed Jan 13, 2020
    Copy the full SHA
    9aa361c View commit details

Commits on Jan 14, 2020

  1. Merge branch 'staging-19.03' into release-19.03

    @vcunat
    vcunat committed Jan 14, 2020
    Copy the full SHA
    8818bed View commit details
5 changes: 5 additions & 0 deletions pkgs/development/libraries/aspell/default.nix
View file
Original file line number Diff line number Diff line change
@@ -28,6 +28,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/GNUAspell/aspell/commit/8089fa02122fed0a.diff";
sha256 = "1b3p1zy2lqr2fknddckm58hyk95hw4scf6hzjny1v9iaic2p37ix";
})
(fetchpatch {
name = "CVE-2019-17544.patch";
url = "https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e.patch";
sha256 = "0k5dnh8gcb7chnyx7jgkksqmz2hm05hmrvcd0znsfib975pvp4rg";
})
] ++ stdenv.lib.optional searchNixProfiles ./data-dirs-from-nix-profiles.patch;

postPatch = ''
5 changes: 5 additions & 0 deletions pkgs/development/libraries/fribidi/default.nix
View file
Original file line number Diff line number Diff line change
@@ -27,6 +27,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/fribidi/fribidi/pull/88.patch";
sha256 = "1n4l6333vhbxfckwg101flmvq6bbygg66fjp69ddcjqaqb6gh9k9";
})
(fetchpatch {
name = "CVE-2019-18397.patch";
url = "https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568.patch";
sha256 = "102xrbf1l5gvavkxd6csx8pj3rlgcw10c0y4h4d40yhn84b1p0y8";
})
];

postPatch = ''
4 changes: 2 additions & 2 deletions pkgs/development/libraries/openssl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -120,8 +120,8 @@ let
in {

openssl_1_0_2 = common {
version = "1.0.2t";
sha256 = "1g67ra0ph7gpz6fgvv1i96d792jmd6ymci5kk53vbikszr74djql";
version = "1.0.2u";
sha256 = "ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16";
patches = [
./1.0.2/nix-ssl-cert-file.patch

22 changes: 22 additions & 0 deletions pkgs/development/python-modules/pyopenssl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -9,6 +9,7 @@
, pretend
, flaky
, glibcLocales
, fetchpatch
}:

with stdenv.lib;
@@ -64,6 +65,27 @@ buildPythonPackage rec {
runHook postCheck
'';

patches = [
# 4 patches for 2020 bug
# https://github.com/pyca/pyopenssl/pull/828
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/0d2fd1a24b30077ead6960bd63b4a9893a57c101.patch;
sha256 = "1c27g53qrwxddyx04sxf8yvj7xgbaabla7mc1cgbfd426rncbqf3";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/d08a742573c3205348a4eec9a65abaf6c16110c4.patch;
sha256 = "18xn8s1wpycz575ivrbsbs0qd2q48z8pdzsjzh8i60xba3f8yj2f";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/60b9e10e6da7ccafaf722def630285f54510ed12.patch;
sha256 = "0aw8qvy8m0bhgp39lmbcrpprpg4bhpssm327hyrk476wwgajk01j";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/7a37cc23fcbe43abe785cd4badd14bdc7acfb175.patch;
sha256 = "1c7zb568rs71rsl16p6dq7aixwlkgzfnba4vzmfvbmy3zsnaslq2";
})
];

# Seems to fail unpredictably on Darwin. See http://hydra.nixos.org/build/49877419/nixlog/1
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
doCheck = !stdenv.isDarwin;