Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 08bcfe14ae29
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1f99fd2fdbef
Choose a head ref
  • 7 commits
  • 7 files changed
  • 5 contributors

Commits on Mar 4, 2020

  1. openssl_1_0_2: mark as insecure; fixes #77503 (kinda) 

    No vulnerabilities are know so far (to me), but still I'd go this way.
Especially for 20.03 it seems better to deprecate it before official
release happens.

Current casualties:
$ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
Estimating rebuild amount by counting changed Hydra jobs.
     87 x86_64-darwin
    161 x86_64-linux

(cherry picked from commit 7cda282)
    @vcunat @worldofpeace
    vcunat authored and worldofpeace committed Mar 4, 2020
    Copy the full SHA
    7dfb444 View commit details

Commits on Mar 5, 2020

  1. signal-desktop: 1.30.1 -> 1.31.0 

    Changelog: https://github.com/signalapp/Signal-Desktop/releases/tag/v1.31.0
(cherry picked from commit 7d92767)
    @primeos
    primeos committed Mar 5, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    a6ac7bf View commit details

  2. signal-desktop: 1.31.0 -> 1.32.0 

    (cherry picked from commit 05e6cc4)
    @primeos
    primeos committed Mar 5, 2020
    Copy the full SHA
    1019f56 View commit details

  3. nixos/release-notes: fix a tiny typo 

    (cherry picked from commit 1cf4fea)
    @vcunat
    vcunat committed Mar 5, 2020
    Copy the full SHA
    3a820f0 View commit details

  4. nix-bash-completions: 0.6.7 -> 0.6.8 (#81019) 

    (cherry picked from commit 0e5d457)
    @hedning
    hedning committed Mar 5, 2020
    Copy the full SHA
    0b6df0b View commit details

  5. gitlab: 12.8.1 -> 12.8.2 (#81803) 

    Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)

 - Directory Traversal to Arbitrary File Read
 - Account Takeover Through Expired Link
 - Server Side Request Forgery Through Deprecated Service
 - Group Two-Factor Authentication Requirement Bypass
 - Stored XSS in Merge Request Pages
 - Stored XSS in Merge Request Submission Form
 - Stored XSS in File View
 - Stored XSS in Grafana Integration
 - Contribution Analytics Exposed to Non-members
 - Incorrect Access Control in Docker Registry via Deploy Tokens
 - Denial of Service via Permission Checks
 - Denial of Service in Design For Public Issue
 - GitHub Tokens Displayed in Plaintext on Integrations Page
 - Incorrect Access Control via LFS Import
 - Unescaped HTML in Header
 - Private Merge Request Titles Leaked via Widget
 - Project Namespace Exposed via Vulnerability Feedback Endpoint
 - Denial of Service Through Recursive Requests
 - Project Authorization Not Being Updated
 - Incorrect Permission Level For Group Invites
 - Disclosure of Private Group Epic Information
 - User IP Address Exposed via Badge images
 - Update postgresql (GitLab Omnibus)

(cherry-picked from commit c25756f)
    Milan committed Mar 5, 2020
    Copy the full SHA
    c174670 View commit details

  6. Merge pull request #81718 from worldofpeace/backport-80746 

    [20.03] openssl_1_0_2: mark as insecure; fixes #77503 (kinda)
    @worldofpeace
    worldofpeace authored Mar 5, 2020
    Copy the full SHA
    1f99fd2 View commit details
2 changes: 1 addition & 1 deletion nixos/doc/manual/release-notes/rl-2003.xml
View file
Original file line number Diff line number Diff line change
@@ -404,7 +404,7 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</listitem>
<listitem>
<para>
The <literal>99-main.network</literal> file was removed. Maching all
The <literal>99-main.network</literal> file was removed. Matching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
7 changes: 4 additions & 3 deletions pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
View file
Original file line number Diff line number Diff line change
@@ -23,7 +23,7 @@ let
else "");
in stdenv.mkDerivation rec {
pname = "signal-desktop";
version = "1.30.1"; # Please backport all updates to the stable channel.
version = "1.32.0"; # Please backport all updates to the stable channel.
# All releases have a limited lifetime and "expire" 90 days after the release.
# When releases "expire" the application becomes unusable until an update is
# applied. The expiration date for the current release can be extracted with:
@@ -33,7 +33,7 @@ in stdenv.mkDerivation rec {

src = fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb";
sha256 = "08l51f1fq9jlnqb4j38lxdfwfbqfzb85zrim57wlgcj8azp2ash6";
sha256 = "1ggblpw2xxhm78sqadswcv0314zagksj34z8pywjnr8h9zkcyiap";
};

nativeBuildInputs = [
@@ -127,7 +127,8 @@ in stdenv.mkDerivation rec {
Signal Desktop is an Electron application that links with your
"Signal Android" or "Signal iOS" app.
'';
homepage = https://signal.org/;
homepage = "https://signal.org/";
changelog = "https://github.com/signalapp/Signal-Desktop/releases/tag/v${version}";
license = lib.licenses.gpl3;
maintainers = with lib.maintainers; [ ixmatus primeos equirosa ];
platforms = [ "x86_64-linux" ];
8 changes: 4 additions & 4 deletions pkgs/applications/version-management/gitlab/data.json
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"version": "12.8.1",
"repo_hash": "1h844a79scf3an5rv0wi332lrf7mv1zcv2mg6zllk82f7nf341gn",
"version": "12.8.2",
"repo_hash": "1d27s61kglryr5pashwfq55z7fh16fxkx1m4gc82xihwfzarf4x9",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v12.8.1-ee",
"rev": "v12.8.2-ee",
"passthru": {
"GITALY_SERVER_VERSION": "12.8.1",
"GITALY_SERVER_VERSION": "12.8.2",
"GITLAB_PAGES_VERSION": "1.16.0",
"GITLAB_SHELL_VERSION": "11.0.0",
"GITLAB_WORKHORSE_VERSION": "8.21.0"
4 changes: 2 additions & 2 deletions pkgs/applications/version-management/gitlab/gitaly/default.nix
View file
Original file line number Diff line number Diff line change
@@ -19,14 +19,14 @@ let
};
};
in buildGoPackage rec {
version = "12.8.1";
version = "12.8.2";
pname = "gitaly";

src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
sha256 = "0sjkh0j36dpakqmq7l5gd1ydmx1kxgij53bjvvn37r19liqdijnx";
sha256 = "1zc44y5yl799vqg12w3iaivk4xwj9i4k6f198svplipa760nl9ic";
};

# Fix a check which assumes that hook files are writeable by their
4 changes: 2 additions & 2 deletions pkgs/applications/version-management/gitlab/gitaly/deps.nix
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions pkgs/development/libraries/openssl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,8 @@
with stdenv.lib;

let
common = { version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec {
common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
stdenv.mkDerivation rec {
pname = "openssl";
inherit version;

@@ -130,7 +131,7 @@ let
license = licenses.openssl;
platforms = platforms.all;
maintainers = [ maintainers.peti ];
};
} // extraMeta;
};

in {
@@ -145,6 +146,7 @@ in {
then ./1.0.2/use-etc-ssl-certs-darwin.patch
else ./1.0.2/use-etc-ssl-certs.patch)
];
extraMeta.knownVulnerabilities = [ "Support for OpenSSL 1.0.2 ended with 2019." ];
};

openssl_1_1 = common {
6 changes: 3 additions & 3 deletions pkgs/shells/bash/nix-bash-completions/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub }:

stdenv.mkDerivation rec {
version = "0.6.7";
version = "0.6.8";
pname = "nix-bash-completions";

src = fetchFromGitHub {
owner = "hedning";
repo = "nix-bash-completions";
rev = "v${version}";
sha256 = "067j1gavpm9zv3vzw9gq0bi3bi0rjrijwprc1j016g44kvpq49qi";
sha256 = "1n5zs6xcnv4bv1hdaypmz7fv4j7dsr4a0ifah99iyj4p5j85i1bc";
};

# To enable lazy loading via. bash-completion we need a symlink to the script
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
'';

meta = with stdenv.lib; {
homepage = https://github.com/hedning/nix-bash-completions;
homepage = "https://github.com/hedning/nix-bash-completions";
description = "Bash completions for Nix, NixOS, and NixOps";
license = licenses.bsd3;
platforms = platforms.all;