Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: dce33f1a2d49
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 107ffbb22ad7
Choose a head ref
  • 8 commits
  • 5 files changed
  • 3 contributors

Commits on Jan 30, 2020

  1. cpio: 2.12 -> 2.13 

    See https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
for release information.

Fixes CVE-2019-14866
    @lsix @wamserma
    lsix authored and wamserma committed Jan 30, 2020
    Copy the full SHA
    16ff9f6 View commit details

Commits on Mar 15, 2020

  1. Merge #78736: cpio: 2.12 -> 2.13 (into staging-19.09) 

    fix CVE-2019-14866, backport
    @vcunat
    vcunat committed Mar 15, 2020
    Copy the full SHA
    c26a26d View commit details

  2. Merge branch 'staging-19.09' into release-19.09 

    (Older version finished on Hydra.)
    @vcunat
    vcunat committed Mar 15, 2020
    Copy the full SHA
    686362c View commit details

  3. Merge branch 'release-19.09' into staging-19.09

    @vcunat
    vcunat committed Mar 15, 2020
    Copy the full SHA
    0c2b734 View commit details

  4. libssh: 0.8.7 -> 0.8.8 

    Fixes CVE-2019-14889, issue #77264.
Release notes: https://www.libssh.org/2019/12/10/libssh-0-9-3-and-libssh-0-8-8-security-release/

(cherry picked from commit 7ef8a42)
    @mmilata @vcunat
    mmilata authored and vcunat committed Mar 15, 2020
    Copy the full SHA
    45f415a View commit details

  5. lz4: 1.9.1 -> 1.9.2 (PR #82437) 

    Fixes: https://nvd.nist.gov/vuln/detail/CVE-2019-17543
Release notes: https://github.com/lz4/lz4/releases/tag/v1.9.2

(cherry picked from commit 18ac6ba)
    @mmilata @vcunat
    mmilata authored and vcunat committed Mar 15, 2020
    Copy the full SHA
    cdd33cb View commit details

  6. samba4: patch all remaining security issues 

    https://www.samba.org/samba/history/security.html
Tested: $ nix build -f nixos/release.nix tests.samba.x86_64-linux
    @vcunat
    vcunat committed Mar 15, 2020
    Copy the full SHA
    7d27cc8 View commit details

Commits on Mar 16, 2020

  1. Merge branch 'staging-19.09' into release-19.09 

    x86_64-linux rebuilds have finished, so let's merge
to get the security fixes early.
    @vcunat
    vcunat committed Mar 16, 2020
    Copy the full SHA
    107ffbb View commit details
8 changes: 5 additions & 3 deletions pkgs/development/libraries/libssh/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
{ stdenv, fetchurl, pkgconfig, cmake, zlib, openssl, libsodium }:

stdenv.mkDerivation rec {
name = "libssh-0.8.7";
pname = "libssh";
version = "0.8.8";

src = fetchurl {
url = "https://www.libssh.org/files/0.8/${name}.tar.xz";
sha256 = "14nmwfnnrhkwcfk5hn7azl905ivbh4wllmsbw5abd80b5yi4qc23";
url = "https://www.libssh.org/files/0.8/${pname}-${version}.tar.xz";
sha256 = "1qk5bm9r6199jbfk54f8w24vkl52051g8s3kmq4z2kdc6vbpy4jb";
};

postPatch = ''
@@ -22,6 +23,7 @@ stdenv.mkDerivation rec {

meta = with stdenv.lib; {
description = "SSH client library";
homepage = "https://libssh.org";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ sander ];
platforms = platforms.all;
5 changes: 5 additions & 0 deletions pkgs/servers/samba/4.x.nix
View file
Original file line number Diff line number Diff line change
@@ -34,6 +34,11 @@ stdenv.mkDerivation rec {
./patch-source3__libads__kerberos_keytab.c.patch
./4.x-no-persistent-install-dynconfig.patch
./4.x-fix-makeflags-parsing.patch
(fetchurl {
name = "CVE-2019-14902+CVE-2019-14907+CVE-2019-19344.patch";
url = "https://www.samba.org/samba/ftp/patches/security/samba-4.10.11-security-2020-01-21.patch";
sha256 = "1mglfzyb6wv85rrlspqa0hlga1c9f3v123j2dvywrsp3waxhb651";
})
];

nativeBuildInputs = optionals stdenv.isDarwin [ rpcgen fixDarwinDylibNames ];
29 changes: 0 additions & 29 deletions pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch
View file

This file was deleted.

20 changes: 3 additions & 17 deletions pkgs/tools/archivers/cpio/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,16 @@
{ stdenv, fetchurl, fetchpatch }:
{ stdenv, fetchurl }:

let
version = "2.12";
version = "2.13";
name = "cpio-${version}";
in stdenv.mkDerivation {
inherit name;

src = fetchurl {
url = "mirror://gnu/cpio/${name}.tar.bz2";
sha256 = "0vi9q475h1rki53100zml75vxsykzyhrn70hidy41s5c2rc8r6bh";
sha256 = "0vbgnhkawdllgnkdn6zn1f56fczwk0518krakz2qbwhxmv2vvdga";
};

patches = [
(fetchpatch {
name = "CVE-2015-1197-cpio-2.12.patch";
url = "https://gist.github.com/nckx/70b0bfa80ddfb86c2967/"
+ "raw/e9b40d4d4b701f584f826775b75beb10751dc884/"
+ "CVE-2015-1197-cpio-2.12.patch";
sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v";
})

# Report: http://www.openwall.com/lists/oss-security/2016/01/19/4
# Patch from https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
./CVE-2016-2037-out-of-bounds-write.patch
];

preConfigure = if stdenv.isCygwin then ''
sed -i gnu/fpending.h -e 's,include <stdio_ext.h>,,'
'' else null;
14 changes: 3 additions & 11 deletions pkgs/tools/compression/lz4/default.nix
View file
Original file line number Diff line number Diff line change
@@ -4,23 +4,15 @@

stdenv.mkDerivation rec {
pname = "lz4";
version = "1.9.1";
version = "1.9.2";

src = fetchFromGitHub {
sha256 = "1l1caxrik1hqs40vj3bpv1pikw6b74cfazv5c0v6g48zpcbmshl0";
sha256 = "0lpaypmk70ag2ks3kf2dl4ac3ba40n5kc1ainkp9wfjawz76mh61";
rev = "v${version}";
repo = pname;
owner = pname;
};

patches = [
# Fix detection of Darwin
(fetchpatch {
url = "https://github.com/lz4/lz4/commit/024216ef7394b6411eeaa5b52d0cec9953a44249.patch";
sha256 = "0j0j2pr6pkplxf083hlwl5q4cfp86q3wd8mc64bcfcr7ysc5pzl3";
})
];

# TODO(@Ericson2314): Separate binaries and libraries
outputs = [ "out" "dev" ];

@@ -65,7 +57,7 @@ stdenv.mkDerivation rec {
multiple GB/s per core, typically reaching RAM speed limits on
multi-core systems.
'';
homepage = https://lz4.github.io/lz4/;
homepage = "https://lz4.github.io/lz4/";
license = with licenses; [ bsd2 gpl2Plus ];
platforms = platforms.all;
};