Permalink
Choose a base ref
{{ refName }}
default
Choose a head ref
{{ refName }}
default
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 19a0543c6284
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
...
head repository: NixOS/nixpkgs
compare: f4ddc31c4acd
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
- 12 commits
- 16 files changed
- 6 contributors
Commits on Jan 30, 2019
-
(cherry picked from commit 776c962)
-
qt59.qtvirtualkeyboard: fix CVE-2018-19865
CVE-2018-19865 tracks the issue of qtvirtualkeyboard where it logs all user input. With this commit we are applying the recommended patches form the upstream project. More details can be obtained from the Qt annoucement [1]. [1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ (cherry picked from commit 6660128)
Commits on Feb 2, 2019
-
qt56.qtvirtualkeyboard: init at 5.6.3
This adds the "missing" qtvirtualkeyboard module of qt56. I just add this so I can apply (& test) the patches for a CVE in the next commit. This might seem strange but in case anyone decided to add / use this in the future we are on the safe(r) side. (cherry picked from commit 295a210)
-
qt56: fix CVE-2018-{15518,19873,19870,19871,19865,19869}
* CVE-2018-15518, Qt Base: “double free or corruption” in QXmlStreamReader * CVE-2018-19873, Qt Base: QBmpHandler segfault on malformed BMP file * CVE-2018-19870, Qt Base: Check for QImage allocation failure in qgifhandler * CVE-2018-19871, Qt Imageformats: QImage: QTgaFile CPU exhaustion * CVE-2018-19865, Qt Virtual Keyboard: Qt Virtual Keyboard logs all key presses * CVE-2018-19869, Qt Svg: Fix crash when parsing malformed url reference More details can be obtained from the Qt annoucement [1]. [1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ (cherry picked from commit 066be85)
-
This fixes * CVE-2018-15518, Qt Base: “double free or corruption” in QXmlStreamReader * CVE-2018-19873, Qt Base: QBmpHandler segfault on malformed BMP file * CVE-2018-19870, Qt Base: Check for QImage allocation failure in qgifhandler * CVE-2018-19871, Qt Imageformats: QImage: QTgaFile CPU exhaustion * CVE-2018-19865, Qt Virtual Keyboard: Qt Virtual Keyboard logs all key presses * CVE-2018-19869, Qt Svg: Fix crash when parsing malformed url reference More details can be obtained from the Qt annoucement [1]. [1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ (cherry picked from commit 2f5d37b)
-
Commits on Feb 16, 2019
-
qt511: add patch for macOS sdk
Unfortunately we don’t have access to NSWindowStyleMask. These patches should go away once we switch to a newer SDK. (cherry picked from commit 8153104)
-
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734 CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407 No patches can any longer be shared between 1.0.2 and 1.1, so reorganize patches into subdirectories (and remove an unused one). (cherry picked from commit ae29a9e)
-
Commits on Feb 17, 2019
-
Merge branch 'staging-18.09' into release-18.09
Security updates for qt5* and openssl. We can't afford to wait for darwin rebuild - it would take far too long.
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 19a0543c6284...f4ddc31c4acd