Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: ace3bb36fedb
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1bf263773de0
Choose a head ref
  • 5 commits
  • 2 files changed
  • 3 contributors

Commits on Mar 17, 2020

  1. Merge remote-tracking branch 'origin/release-19.09' into staging-19.09

    @veprbl
    veprbl committed Mar 17, 2020
    Copy the full SHA
    30fdf95 View commit details

Commits on Mar 27, 2020

  1. bluez: apply patches for CVE-2020-0556

    @bhipple
    bhipple authored and Jon committed Mar 27, 2020
    Copy the full SHA
    939178c View commit details

Commits on Mar 29, 2020

  1. Merge branch 'release-19.09' into staging-19.09

    @vcunat
    vcunat committed Mar 29, 2020
    Copy the full SHA
    ac678d9 View commit details

  2. Merge branch 'staging-19.09' into release-19.09

    @vcunat
    vcunat committed Mar 29, 2020
    Copy the full SHA
    e8f5908 View commit details

  3. Merge #83013: exiv2: patch CVE-2019-20421 

    (cherry picked from commit 6d28c18)
    @vcunat
    vcunat committed Mar 29, 2020

    Partially verified

    This commit is signed with the committer’s verified signature. The key has expired.
    marsam’s contribution has been verified via GPG key.
    We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
    Copy the full SHA
    1bf2637 View commit details
Showing with 21 additions and 0 deletions.
  1. +11 −0 pkgs/development/libraries/exiv2/default.nix
  2. +10 −0 pkgs/os-specific/linux/bluez/default.nix
11 changes: 11 additions & 0 deletions pkgs/development/libraries/exiv2/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, fetchpatch
, zlib
, expat
, cmake
@@ -23,6 +24,16 @@ stdenv.mkDerivation rec {
sha256 = "0n8il52yzbmvbkryrl8waz7hd9a2fdkw8zsrmhyh63jlvmmc31gf";
};

patches = [
# included in next release
(fetchpatch {
name = "cve-2019-20421.patch";
url = "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8.patch";
sha256 = "16r19qb9l5j43ixm5jqid9sdv5brlkk1wq0w79rm5agxq4kblfyc";
excludes = [ "tests/bugfixes/github/test_issue_1011.py" "test/data/Jp2Image_readMetadata_loop.poc" ];
})
];

cmakeFlags = [
"-DEXIV2_BUILD_PO=ON"
"-DEXIV2_BUILD_DOC=ON"
10 changes: 10 additions & 0 deletions pkgs/os-specific/linux/bluez/default.nix
View file
Original file line number Diff line number Diff line change
@@ -35,6 +35,16 @@ stdenv.mkDerivation rec {
name = "CVE-2018-10910-2.patch";
sha256 = "0j7klbhym64yhn86dbsmybqmwx47bviyyhx931izl1p29z2mg8hn";
})
(fetchpatch {
url = "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1";
name = "CVE-2020-0556-1.patch";
sha256 = "1lqbarf0z8bi82fd6b7nviw1ifnfxc08z25bqxqf0i4i87yfiz8x";
})
(fetchpatch {
url = "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787";
name = "CVE-2020-0556-2.patch";
sha256 = "1gm50dzrs2qmzdpsg5f71bygacai5dcvadia6wf9shmjjlxb7l4w";
})
];

postConfigure = ''