Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3af00107ea2e
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2c3f9c25b43f
Choose a head ref
11 contributors

Commits on Aug 4, 2018

  1. gnome3.gdm: fix session chooser 

    We are patching GDM to respect GDM_SESSIONS_DIR environment
variable, which we are setting in the GDM module. Previously, we
only took care of a single code path, the one that handled session
start-up; missing the one obtaining the list of sessions.

This commit patches the second code path, and also whitelists the
GDM_SESSIONS_DIR so that it can be passed to the greeter.

Fixes #34101
    @jtojnar @thefloweringash
    jtojnar authored and thefloweringash committed Aug 4, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    NeQuissimus Tim Steinbach
    GPG key ID: 472BFCCA96BD0EDA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c75ef82 View commit details

Commits on Aug 5, 2018

  1. nix: don't use /tmp for the tests on darwin 

    Unlike on linux these are not namespaced per user so this will cause
build failures if /tmp/nix-test was not removed by a previous build if
the nixbld user id doesn't match by accident. Nix already creates a
unique tempdir for builds so we can use that instead.

Fixes #44172

(cherry picked from commit 77a9745)
    @LnL7
    LnL7 committed Aug 5, 2018
    Copy the full SHA
    fc0ce75 View commit details

  2. Merge pull request #44449 from thefloweringash/backport-gdm-fix 

    gnome3.gdm: fix session chooser (backport to 18.03)
    @xeji
    xeji authored Aug 5, 2018
    Copy the full SHA
    831ac69 View commit details

  3. exiv2: include recent Debian security patches (#44446) 

    This patchset contains patches against:

* CVE-2018-10998
* CVE-2018-11531
* CVE-2018-12264
* CVE-2018-12265

Also adding GPL2 license.

Re #43716 (add missing licenses)

Re #44458 (vulnerability roundup 46 - 18.03)

(cherry picked from commit 18e0d4f711f9ed3483c18efa498b1592c5f9c3f6)
    @vcunat
    Christian Kauhaus authored and vcunat committed Aug 5, 2018
    Copy the full SHA
    2d2c2df View commit details

  4. sharutils: Patch CVE-2018-1000097 

    (cherry picked from commit 1571c1f6631daaeae7db43983500ba3412ab6080)
    @NeQuissimus
    NeQuissimus committed Aug 5, 2018
    Copy the full SHA
    beb3738 View commit details

  5. php70: 7.0.30 -> 7.0.31 

    Changelog: https://secure.php.net/ChangeLog-7.php#7.0.31
    @etu
    etu committed Aug 5, 2018
    Copy the full SHA
    c07ee1a View commit details

  6. php56: 5.6.36 -> 5.6.37 

    Changelog: https://secure.php.net/ChangeLog-5.php#5.6.37
    @etu
    etu committed Aug 5, 2018
    Copy the full SHA
    29aa7ea View commit details

Commits on Aug 6, 2018

  1. Merge pull request #44525 from etu/1803-php-upgrades 

    php: 5.6.36 -> 5.6.37, 7.0.30 -> 7.0.31
    @adisbladis
    adisbladis authored Aug 6, 2018
    Copy the full SHA
    6b244a4 View commit details

  2. linux: 4.4.145 -> 4.4.146 

    (cherry picked from commit 39335e6)
    @NeQuissimus
    NeQuissimus committed Aug 6, 2018
    Copy the full SHA
    ca6abd0 View commit details

  3. linux: 4.9.117 -> 4.9.118 

    (cherry picked from commit 0996718)
    @NeQuissimus
    NeQuissimus committed Aug 6, 2018
    Copy the full SHA
    66c898a View commit details

  4. linux: 4.14.60 -> 4.14.61 

    (cherry picked from commit ecfc3d9)
    @NeQuissimus
    NeQuissimus committed Aug 6, 2018
    Copy the full SHA
    c86bbe3 View commit details

  5. linux: 4.17.12 -> 4.17.13 

    (cherry picked from commit 6b57315)
    @NeQuissimus
    NeQuissimus committed Aug 6, 2018
    Copy the full SHA
    3c130a5 View commit details

Commits on Aug 7, 2018

  1. sbt: 1.2.0 -> 1.2.1 

    (cherry picked from commit 47e51aa)
    @NeQuissimus
    NeQuissimus committed Aug 7, 2018
    Copy the full SHA
    c684b40 View commit details

  2. pybitmessage: 0.6.2 -> 0.6.3.2 

    (cherry picked from commit 28fe904)
    @fgaz
    fgaz authored and Robert Schütz committed Aug 7, 2018
    Copy the full SHA
    ad66494 View commit details

Commits on Aug 8, 2018

  1. wpa_supplicant: add patch to fix CVE-2018-14526 

    Fixes #44724.

(cherry picked from commit a81b29a)
    @fpletz
    fpletz committed Aug 8, 2018
    Copy the full SHA
    3d61543 View commit details

  2. lftp: 4.8.3 -> 4.8.4 

    Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/lftp/versions.

(cherry picked from commit 54b14db)
    @bjornfor
    R. RyanTM authored and bjornfor committed Aug 8, 2018
    Copy the full SHA
    26c469f View commit details

  3. cgit: 1.1 -> 1.2.1 

    Fixes CVE-2018-14912.

(cherry picked from commit 970d5ef)

Trivial conflict from commit 57bccb3
("treewide: http -> https sources (#42676)") on master branch.
    @bjornfor
    bjornfor committed Aug 8, 2018
    Copy the full SHA
    0689d27 View commit details

Commits on Aug 9, 2018

  1. linux: 4.4.136 -> 4.4.147 

    (cherry picked from commit a65dbed6007ccff1db1ceb42a6fad046afe46c0e)
    @NeQuissimus
    NeQuissimus committed Aug 9, 2018
    Copy the full SHA
    c5cb76a View commit details

  2. linux: 4.9.118 -> 4.9.119 

    (cherry picked from commit ec9360d927dd093c55724993e3d27d739ec3ef65)
    @NeQuissimus
    NeQuissimus committed Aug 9, 2018
    Copy the full SHA
    93d80f0 View commit details

  3. linux: 4.14.61 -> 4.14.62 

    (cherry picked from commit d84ee81afb37e7d7c11cd7679ffcc6c02d94fcf7)
    @NeQuissimus
    NeQuissimus committed Aug 9, 2018
    Copy the full SHA
    89cb384 View commit details

  4. linux: 4.17.13 -> 4.17.14 

    (cherry picked from commit 29e68287e57288450510fa663a570cb7545dd0f0)
    @NeQuissimus
    NeQuissimus committed Aug 9, 2018
    Copy the full SHA
    2c3f9c2 View commit details
6 changes: 3 additions & 3 deletions pkgs/applications/networking/instant-messengers/pybitmessage/default.nix
View file
Original file line number Diff line number Diff line change
@@ -3,13 +3,13 @@
pythonPackages.buildPythonApplication rec {
name = "pybitmessage-${version}";

version = "0.6.2";
version = "0.6.3.2";

src = fetchFromGitHub {
owner = "bitmessage";
repo = "PyBitmessage";
rev = "v${version}";
sha256 = "04sgns9qczzw2152gqdr6bjyy4fmgs26cz8n3qck94l0j51rxhz8";
rev = version;
sha256 = "1lmhbpwsqh1v93krlqqhafw2pc3y0qp8zby186yllbph6s8kdp35";
};

propagatedBuildInputs = with pythonPackages; [ msgpack-python pyqt4 numpy pyopencl ] ++ [ openssl ];
8 changes: 4 additions & 4 deletions pkgs/applications/version-management/git-and-tools/cgit/default.nix
View file
Original file line number Diff line number Diff line change
@@ -6,19 +6,19 @@

stdenv.mkDerivation rec {
name = "cgit-${version}";
version = "1.1";
version = "1.2.1";

src = fetchurl {
url = "http://git.zx2c4.com/cgit/snapshot/${name}.tar.xz";
sha256 = "142qcgs8dwnzhymn0a7xx47p9fc2z5wrb86ah4a9iz0mpqlsz288";
sha256 = "1gw2j5xc5qdx2hwiwkr8h6kgya7v9d9ff9j32ga1dys0cca7qm1w";
};

# cgit is tightly coupled with git and needs a git source tree to build.
# IMPORTANT: Remember to check which git version cgit needs on every version
# bump (look for "GIT_VER" in the top-level Makefile).
gitSrc = fetchurl {
url = "mirror://kernel/software/scm/git/git-2.10.2.tar.xz";
sha256 = "0wc64dzcxrzgi6kwcljz6y3cwm3ajdgf6aws7g58azbhvl1jk04l";
url = "mirror://kernel/software/scm/git/git-2.18.0.tar.xz";
sha256 = "14hfwfkrci829a9316hnvkglnqqw1p03cw9k56p4fcb078wbwh4b";
};

nativeBuildInputs = [ pkgconfig ] ++ [ python wrapPython ];
39 changes: 34 additions & 5 deletions pkgs/desktops/gnome-3/core/gdm/sessions_dir.patch
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,25 @@
diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c
index ff3a1acb..b8705d8f 100644
--- a/daemon/gdm-launch-environment.c
+++ b/daemon/gdm-launch-environment.c
@@ -126,7 +126,7 @@
"LC_COLLATE", "LC_MONETARY", "LC_MESSAGES", "LC_PAPER",
"LC_NAME", "LC_ADDRESS", "LC_TELEPHONE", "LC_MEASUREMENT",
"LC_IDENTIFICATION", "LC_ALL", "WINDOWPATH", "XCURSOR_PATH",
- "XDG_CONFIG_DIRS", NULL
+ "XDG_CONFIG_DIRS", "GDM_SESSIONS_DIR", NULL
};
char *system_data_dirs;
int i;
--- a/daemon/gdm-session.c
+++ b/daemon/gdm-session.c
@@ -344,6 +344,7 @@ get_system_session_dirs (GdmSession *self)
@@ -345,12 +345,17 @@
char **search_dirs;

static const char *x_search_dirs[] = {
+ "/var/empty",
"/etc/X11/sessions/",
DMCONFDIR "/Sessions/",
DATADIR "/gdm/BuiltInSessions/",
@@ -351,6 +352,10 @@ get_system_session_dirs (GdmSession *self)
NULL
DATADIR "/xsessions/",
};

+ if (getenv("GDM_SESSIONS_DIR") != NULL) {
@@ -21,3 +29,24 @@ index ff3a1acb..b8705d8f 100644
static const char *wayland_search_dir = DATADIR "/wayland-sessions/";

search_array = g_array_new (TRUE, TRUE, sizeof (char *));
--- a/libgdm/gdm-sessions.c
+++ b/libgdm/gdm-sessions.c
@@ -217,6 +217,7 @@
{
int i;
const char *xorg_search_dirs[] = {
+ "/var/empty/",
"/etc/X11/sessions/",
DMCONFDIR "/Sessions/",
DATADIR "/gdm/BuiltInSessions/",
@@ -224,6 +225,10 @@
NULL
};

+ if (g_getenv("GDM_SESSIONS_DIR") != NULL) {
+ xorg_search_dirs[0] = g_getenv("GDM_SESSIONS_DIR");
+ };
+
#ifdef ENABLE_WAYLAND_SUPPORT
const char *wayland_search_dirs[] = {
DATADIR "/wayland-sessions/",
8 changes: 4 additions & 4 deletions pkgs/development/interpreters/php/default.nix
View file
Original file line number Diff line number Diff line change
@@ -338,13 +338,13 @@ let

in {
php56 = generic {
version = "5.6.36";
sha256 = "0ahp9vk33dpsqgld0gg4npff67v0l39hs3wk5dm6h3lablzhwsk2";
version = "5.6.37";
sha256 = "08wbg1qbbr80wcpv0l24vfyd9w8cxanils928gjs6knr0lyxcsl8";
};

php70 = generic {
version = "7.0.30";
sha256 = "0l0bhnlgxmfl7mrdykmxfl53simxsksdcnbg5ymqz6r31i03hgr1";
version = "7.0.31";
sha256 = "14bb230qip62cn7k6hvgr18kxj76zvl735fkg6hpkrnnrqzdg2vy";
};

php71 = generic {
39 changes: 29 additions & 10 deletions pkgs/development/libraries/exiv2/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl, fetchpatch, zlib, expat, gettext }:
{ stdenv, fetchurl, fetchpatch, runCommand, zlib, expat, gettext }:

stdenv.mkDerivation rec {
name = "exiv2-0.26";
@@ -17,13 +17,31 @@ stdenv.mkDerivation rec {
sha512 = "3f9242dbd4bfa9dcdf8c9820243b13dc14990373a800c4ebb6cf7eac5653cfef"
+ "e6f2c47a94fbee4ed24f0d8c2842729d721f6100a2b215e0f663c89bfefe9e32";
})
(fetchpatch {
# many CVEs - see https://github.com/Exiv2/exiv2/pull/120
url = "https://patch-diff.githubusercontent.com/raw/Exiv2/exiv2/pull/120.patch";
sha256 = "1szl22xmh12hibzaqf2zi8zl377x841m52x4jm5lziw6j8g81sj8";
excludes = [ "test/bugfixes-test.sh" ];
})
];
(fetchpatch {
# many CVEs - see https://github.com/Exiv2/exiv2/pull/120
url = "https://patch-diff.githubusercontent.com/raw/Exiv2/exiv2/pull/120.patch";
sha256 = "1szl22xmh12hibzaqf2zi8zl377x841m52x4jm5lziw6j8g81sj8";
excludes = [ "test/bugfixes-test.sh" ];
})
] ++
(let
debian = fetchurl {
url = http://http.debian.net/debian/pool/main/e/exiv2/exiv2_0.25-4.debian.tar.xz;
sha256 = "0dp9y0d8pbsys5r4j1xyhn5liv6x0p4gncf90bcgnsp5shipzsr1";
};
patches = runCommand "exiv2-debian-patches" {} ''
mkdir $out
tar xf ${debian} -C $out --strip-components=2 debian/patches
'';
in [
"${patches}/CVE-2018-10998.patch"
"${patches}/CVE-2018-11531_1_of_3.patch"
"${patches}/CVE-2018-11531_2_of_3.patch"
"${patches}/CVE-2018-11531_3_of_3.patch"
"${patches}/CVE-2018-12264.patch"
"${patches}/CVE-2018-12265_prereq.patch"
"${patches}/CVE-2018-12265.patch"
]);

postPatch = "patchShebangs ./src/svn_version.sh";

@@ -32,9 +50,10 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ gettext ];
propagatedBuildInputs = [ zlib expat ];

meta = {
meta = with stdenv.lib; {
homepage = http://www.exiv2.org/;
description = "A library and command-line utility to manage image metadata";
platforms = stdenv.lib.platforms.all;
platforms = platforms.all;
license = licenses.gpl2;
};
}
4 changes: 2 additions & 2 deletions pkgs/development/tools/build-managers/sbt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,15 +2,15 @@

stdenv.mkDerivation rec {
name = "sbt-${version}";
version = "1.2.0";
version = "1.2.1";

src = fetchurl {
urls = [
"https://dl.bintray.com/sbt/native-packages/sbt/${version}/${name}.tgz"
"https://github.com/sbt/sbt/releases/download/v${version}/sbt-${version}.tgz"
"https://cocl.us/sbt-${version}.tgz"
];
sha256 = "1rrn0v4bhgar3mrgs931ifggb8kfg23fv5cgvskrdd7iyvg0z9wc";
sha256 = "1pyp98svh5x8b6yp5vfl0jhz8aysjm0dqvqf7znyb3l7knfqk726";
};

patchPhase = ''
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.14.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "4.14.60";
version = "4.14.62";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "15djfcl4m388vm3wkfa6yx0sglyp8zh04s7m7xa1ybmsiwjl7qbc";
sha256 = "1ar29ikway5im17iw9ag1fxivr7sbj8nhxxw347xqmp1irz4vjji";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.17.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "4.17.12";
version = "4.17.14";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "18xmkj1bmfrmvx6p8cl5l7pyv0zk5y3mxhyfnlzqwkxnvkjf5660";
sha256 = "1bxsiishhw6ichifqglkbcmgc0518ih396yi23clvrsfyj6h6in8";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.4.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:

buildLinux (args // rec {
version = "4.4.145";
version = "4.4.147";
extraMeta.branch = "4.4";

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1max0d1b1y1ndrfprrcyb7c9y12pkx2whxzlr70qypcb5jz0v7ff";
sha256 = "06mcilxd5qi8snycb5bhy52icbbwfl056xwmra66yknmpycyad67";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.9.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:

buildLinux (args // rec {
version = "4.9.117";
version = "4.9.119";
extraMeta.branch = "4.9";

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1c3r0a4fchg358zff2ww8kw789kah3bhr750p9qlsy65d8rflcl2";
sha256 = "0d8bwsma9j7dhgymcfbchr8k3503w5vp3p18mfqv81x6l40pzqa9";
};
} // (args.argsOverride or {}))
9 changes: 8 additions & 1 deletion pkgs/os-specific/linux/wpa_supplicant/default.nix
View file
Original file line number Diff line number Diff line change
@@ -80,7 +80,8 @@ stdenv.mkDerivation rec {

patches = [
./build-fix.patch
#KRACKAttack.com

# KRACKAttack.com
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch";
sha256 = "02zl2x4pxay666yq18g4f3byccrzipfjbky1ydw62v15h76174aj";
@@ -113,6 +114,12 @@ stdenv.mkDerivation rec {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch";
sha256 = "1ca312cixbld70rp12q7h66lnjjxzz0qag0ii2sg6cllgf2hv168";
})

# Unauthenticated EAPOL-Key decryption (CVE-2018-14526)
(fetchurl {
url = "https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch";
sha256 = "0z0zxc9wrikmvciyqpdhx0l5v7qsd8c6b5ph9h5rniqllpr3q34n";
})
];

postInstall = ''
10 changes: 9 additions & 1 deletion pkgs/tools/archivers/sharutils/default.nix
View file
Original file line number Diff line number Diff line change
@@ -19,7 +19,15 @@ stdenv.mkDerivation rec {
# remaps /etc/passwd to a trivial file, but we can't do that on Darwin so I do this
# instead. In this case, I pass in the very imaginative "submitter" as the submitter name

patchPhase = let
patches = [
# CVE-2018-1000097
(fetchurl {
url = "https://sources.debian.org/data/main/s/sharutils/1:4.15.2-2+deb9u1/debian/patches/01-fix-heap-buffer-overflow-cve-2018-1000097.patch";
sha256 = "19g0sxc8g79aj5gd5idz5409311253jf2q8wqkasf0handdvsbxx";
})
];

postPatch = let
# This evaluates to a string containing:
#
# substituteInPlace tests/shar-2 --replace '${SHAR}' '${SHAR} -s submitter'
4 changes: 2 additions & 2 deletions pkgs/tools/networking/lftp/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,15 +2,15 @@

stdenv.mkDerivation rec {
name = "lftp-${version}";
version = "4.8.3";
version = "4.8.4";

src = fetchurl {
urls = [
"https://lftp.tech/ftp/${name}.tar.xz"
"https://ftp.st.ryukoku.ac.jp/pub/network/ftp/lftp/${name}.tar.xz"
"http://lftp.yar.ru/ftp/${name}.tar.xz"
];
sha256 = "12y77jlfs4x4zvcah92mw2h2sb4j0bvbaxkh3wwsm8gs392ywyny";
sha256 = "0qks22357xv9y6ripmf5j2n5svh8j5z0yniphfk89sjwkqg2gg2f";
};

nativeBuildInputs = [ pkgconfig ];
4 changes: 3 additions & 1 deletion pkgs/tools/package-management/nix/default.nix
View file
Original file line number Diff line number Diff line change
@@ -70,7 +70,9 @@ let
doInstallCheck = true; # not cross

# socket path becomes too long otherwise
preInstallCheck = lib.optional stdenv.isDarwin "export TMPDIR=/tmp";
preInstallCheck = lib.optional stdenv.isDarwin ''
export TMPDIR=$NIX_BUILD_TOP
'';

separateDebugInfo = stdenv.isLinux;