Skip to content
This repository has been archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
base: 08bcfe14ae29
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
compare: 1f99fd2fdbef
Choose a head ref
  • 7 commits
  • 7 files changed
  • 5 contributors

Commits on Mar 4, 2020

  1. openssl_1_0_2: mark as insecure; fixes #77503 (kinda)

    No vulnerabilities are know so far (to me), but still I'd go this way.
    Especially for 20.03 it seems better to deprecate it before official
    release happens.
    
    Current casualties:
    $ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
    Estimating rebuild amount by counting changed Hydra jobs.
         87 x86_64-darwin
        161 x86_64-linux
    
    (cherry picked from commit 7cda282)
    vcunat authored and worldofpeace committed Mar 4, 2020
    Copy the full SHA
    7dfb444 View commit details
    Browse the repository at this point in the history

Commits on Mar 5, 2020

  1. Copy the full SHA
    a6ac7bf View commit details
    Browse the repository at this point in the history
  2. signal-desktop: 1.31.0 -> 1.32.0

    (cherry picked from commit 05e6cc4)
    primeos committed Mar 5, 2020
    Copy the full SHA
    1019f56 View commit details
    Browse the repository at this point in the history
  3. nixos/release-notes: fix a tiny typo

    (cherry picked from commit 1cf4fea)
    vcunat committed Mar 5, 2020
    Copy the full SHA
    3a820f0 View commit details
    Browse the repository at this point in the history
  4. nix-bash-completions: 0.6.7 -> 0.6.8 (#81019)

    (cherry picked from commit 0e5d457)
    hedning committed Mar 5, 2020
    Copy the full SHA
    0b6df0b View commit details
    Browse the repository at this point in the history
  5. gitlab: 12.8.1 -> 12.8.2 (#81803)

    Includes multiple security fixes mentioned in
    https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
    (unfortunately, no CVE numbers as of yet)
    
     - Directory Traversal to Arbitrary File Read
     - Account Takeover Through Expired Link
     - Server Side Request Forgery Through Deprecated Service
     - Group Two-Factor Authentication Requirement Bypass
     - Stored XSS in Merge Request Pages
     - Stored XSS in Merge Request Submission Form
     - Stored XSS in File View
     - Stored XSS in Grafana Integration
     - Contribution Analytics Exposed to Non-members
     - Incorrect Access Control in Docker Registry via Deploy Tokens
     - Denial of Service via Permission Checks
     - Denial of Service in Design For Public Issue
     - GitHub Tokens Displayed in Plaintext on Integrations Page
     - Incorrect Access Control via LFS Import
     - Unescaped HTML in Header
     - Private Merge Request Titles Leaked via Widget
     - Project Namespace Exposed via Vulnerability Feedback Endpoint
     - Denial of Service Through Recursive Requests
     - Project Authorization Not Being Updated
     - Incorrect Permission Level For Group Invites
     - Disclosure of Private Group Epic Information
     - User IP Address Exposed via Badge images
     - Update postgresql (GitLab Omnibus)
    
    (cherry-picked from commit c25756f)
    Milan committed Mar 5, 2020
    Copy the full SHA
    c174670 View commit details
    Browse the repository at this point in the history
  6. Merge pull request #81718 from worldofpeace/backport-80746

    [20.03] openssl_1_0_2: mark as insecure; fixes #77503 (kinda)
    worldofpeace committed Mar 5, 2020
    Copy the full SHA
    1f99fd2 View commit details
    Browse the repository at this point in the history