Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: c1ef96ebdbd1
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: cd0cd946f37c
Choose a head ref
  • 12 commits
  • 5 files changed
  • 4 contributors

Commits on Aug 10, 2018

  1. Merge branch 'release-18.03' into staging-18.03

    @vcunat
    vcunat committed Aug 10, 2018

    Unverified

    The email in this signature doesn’t match the committer email.
    GPG key ID: 14D907755C5B0232
    Learn about vigilant mode
    Copy the full SHA
    2906af5 View commit details

  2. libtiff: update url to patch file (#44815) 

    (cherry picked from commit 527d3d5)
Additionally fixes CVE-2018-8905 and CVE-2018-10963.
    @Izorkin @vcunat
    Izorkin authored and vcunat committed Aug 10, 2018

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    03eebd7 View commit details

Commits on Aug 15, 2018

  1. openssl_1_0_2: 1.0.2o -> 1.0.2p 

    this addresses:
 - Client DoS due to large DH parameter (CVE-2018-0732)
 - Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)

Changelog: https://www.openssl.org/news/cl102.txt
(cherry picked from commit 98a7b92)
    @andir
    andir committed Aug 15, 2018
    Copy the full SHA
    0353772 View commit details

  2. openssl_1_1_0: 1.1.0h -> 1.1.0i 

    this addresses:
 - Client DoS due to large DH parameter (CVE-2018-0732)
 - Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)

Changelog: https://www.openssl.org/news/changelog.html#x1
(cherry picked from commit 0a40875)
    @andir
    andir committed Aug 15, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    70328c5 View commit details

  3. Merge branch 'release-18.03' into staging-18.03

    @vcunat
    vcunat committed Aug 15, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3235e34 View commit details

  4. Merge #45082 into staging-18.03: openssl 1.0.2p & 1.1.0i

    @vcunat
    vcunat committed Aug 15, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    1f1ca06 View commit details

  5. libxml2: fix CVE-2018-14567 & CVE-2018-14404 & CVE-2018-9251 

    backport of 06e7a48
    @andir
    andir committed Aug 15, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    bf3a543 View commit details

Commits on Aug 16, 2018

  1. libmspack: 0.6alpha -> 0.7.1alpha 

    This adresses the following issues:

- CVE-2018-14697
- CVE-2018-14680
- CVE-2018-14681
- CVE-2018-14682

(cherry picked from commit 9e8308d)
    @andir
    andir committed Aug 16, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    204377c View commit details

  2. Merge pull request #45094 from andir/18.03/libmspack 

    [18.03] libmspack: 0.6alpha -> 0.7.1alpha
    @andir
    andir authored Aug 16, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6589dae View commit details

Commits on Aug 17, 2018

  1. lighttpd: 1.4.49 -> 1.4.50 

    Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/lighttpd/versions.

(cherry picked from commit 6e1d3cb)

Fix trivial conflict from commit 57bccb3
("treewide: http -> https sources (#42676)") on master branch.
    @bjornfor
    R. RyanTM authored and bjornfor committed Aug 17, 2018
    Copy the full SHA
    7d829c1 View commit details

  2. tor: doCheck = false; for the moment

    @vcunat
    vcunat committed Aug 17, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    72a96e6 View commit details

  3. Merge branch 'staging-18.03' into release-18.03 

    A few security fixes.
    @vcunat
    vcunat committed Aug 17, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    markuskowa Markus Kowalewski
    GPG key ID: D865C8A91D7025EB
    Verified
    Learn about vigilant mode
    Copy the full SHA
    cd0cd94 View commit details
6 changes: 3 additions & 3 deletions pkgs/development/libraries/libmspack/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{stdenv, fetchurl}:

stdenv.mkDerivation rec {
name = "libmspack-0.6alpha";
name = "libmspack-0.7.1alpha";

src = fetchurl {
url = "http://www.cabextract.org.uk/libmspack/${name}.tar.gz";
sha256 = "08gr2pcinas6bdqz3k0286g5cnksmcx813skmdwyca6bmj1fxnqy";
url = "https://www.cabextract.org.uk/libmspack/${name}.tar.gz";
sha256 = "0zn4vwzk5ankgd0l88cipan19pzbzv0sm3fba17lvqwka3dp1acp";
};

meta = {
13 changes: 13 additions & 0 deletions pkgs/development/libraries/libxml2/default.nix
View file
Original file line number Diff line number Diff line change
@@ -17,6 +17,19 @@ in stdenv.mkDerivation rec {
sha256 = "034hylzspvkm0p4bczqbf8q05a7r2disr8dz725x4bin61ymwg7n";
};

patches = [
(fetchpatch {
name = "CVE-2018-14567_CVE-2018-9251.patch";
url = https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74.patch;
sha256 = "1xpqsfkzhrqasza51c821mnds5l317djrz8086fmzpyf68vld03h";
})
(fetchpatch {
name = "CVE-2018-14404.patch";
url = https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594.patch;
sha256 = "19vp7p32vrninnfa7vk9ipw7n4cl1gg16xxbhjy2d0kwp1crvzqh";
})
];

outputs = [ "bin" "dev" "out" "man" "doc" ]
++ lib.optional pythonSupport "py";
propagatedBuildOutputs = "out bin" + lib.optionalString pythonSupport " py";
8 changes: 4 additions & 4 deletions pkgs/development/libraries/openssl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -113,13 +113,13 @@ let
in {

openssl_1_0_2 = common {
version = "1.0.2o";
sha256 = "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc";
version = "1.0.2p";
sha256 = "003xh9f898i56344vpvpxxxzmikivxig4xwlm7vbi7m8n43qxaah";
};

openssl_1_1_0 = common {
version = "1.1.0h";
sha256 = "05x509lccqjscgyi935z809pwfm708islypwhmjnb6cyvrn64daq";
version = "1.1.0i";
sha256 = "16fgaf113p6s5ixw227sycvihh3zx6f6rf0hvjjhxk68m12cigzb";
};

}
4 changes: 2 additions & 2 deletions pkgs/servers/http/lighttpd/default.nix
View file
Original file line number Diff line number Diff line change
@@ -9,11 +9,11 @@ assert enableMysql -> mysql != null;
assert enableLdap -> openldap != null;

stdenv.mkDerivation rec {
name = "lighttpd-1.4.49";
name = "lighttpd-1.4.50";

src = fetchurl {
url = "http://download.lighttpd.net/lighttpd/releases-1.4.x/${name}.tar.xz";
sha256 = "02ff77cpvy1006cwfym38vf78xm18plyj636ll74r7kx2bblkpxf";
sha256 = "1sr9avcnld22a5wl5s8vgrz8r86mybggm9z8zwabqz48v0986dr9";
};

nativeBuildInputs = [ pkgconfig ];
4 changes: 3 additions & 1 deletion pkgs/tools/security/tor/default.nix
View file
Original file line number Diff line number Diff line change
@@ -44,7 +44,9 @@ stdenv.mkDerivation rec {
rm -rf $out/share/tor
'';

doCheck = true;
# FIXME: disable/fix one test instead
# https://github.com/NixOS/nixpkgs/pull/45082#issuecomment-413549813
doCheck = false;

passthru.updateScript = import ./update.nix {
inherit (stdenv) lib;