Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 19a0543c6284
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: f4ddc31c4acd
Choose a head ref
  • 12 commits
  • 16 files changed
  • 6 contributors

Commits on Jan 30, 2019

  1. qt59: 5.9.3 -> 5.9.7

    (cherry picked from commit 776c962)
    FlorianFranzen authored and andir committed Jan 30, 2019
    Copy the full SHA
    fc0c9a2 View commit details
    Browse the repository at this point in the history
  2. qt59.qtvirtualkeyboard: fix CVE-2018-19865

    CVE-2018-19865 tracks the issue of qtvirtualkeyboard where it logs all
    user input. With this commit we are applying the recommended patches
    form the upstream project.
    
    More details can be obtained from the Qt annoucement [1].
    
    [1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
    
    (cherry picked from commit 6660128)
    andir committed Jan 30, 2019
    Copy the full SHA
    0d6c4a8 View commit details
    Browse the repository at this point in the history

Commits on Feb 2, 2019

  1. qt56.qtvirtualkeyboard: init at 5.6.3

    This adds the "missing" qtvirtualkeyboard module of qt56. I just add
    this so I can apply (& test) the patches for a CVE in the next commit.
    This might seem strange but in case anyone decided to add / use this in
    the future we are on the safe(r) side.
    
    (cherry picked from commit 295a210)
    andir committed Feb 2, 2019
    Copy the full SHA
    a3c82b9 View commit details
    Browse the repository at this point in the history
  2. qt56: fix CVE-2018-{15518,19873,19870,19871,19865,19869}

     * CVE-2018-15518, Qt Base: “double free or corruption” in QXmlStreamReader
     * CVE-2018-19873, Qt Base: QBmpHandler segfault on malformed BMP file
     * CVE-2018-19870, Qt Base: Check for QImage allocation failure in qgifhandler
     * CVE-2018-19871, Qt Imageformats: QImage: QTgaFile CPU exhaustion
     * CVE-2018-19865, Qt Virtual Keyboard: Qt Virtual Keyboard logs all key presses
     * CVE-2018-19869, Qt Svg: Fix crash when parsing malformed url reference
    
    More details can be obtained from the Qt annoucement [1].
    
    [1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
    
    (cherry picked from commit 066be85)
    andir committed Feb 2, 2019
    Copy the full SHA
    0948f87 View commit details
    Browse the repository at this point in the history
  3. qt511: 5.11.1 -> 5.11.3

    This fixes
    
     * CVE-2018-15518, Qt Base: “double free or corruption” in QXmlStreamReader
     * CVE-2018-19873, Qt Base: QBmpHandler segfault on malformed BMP file
     * CVE-2018-19870, Qt Base: Check for QImage allocation failure in qgifhandler
     * CVE-2018-19871, Qt Imageformats: QImage: QTgaFile CPU exhaustion
     * CVE-2018-19865, Qt Virtual Keyboard: Qt Virtual Keyboard logs all key presses
     * CVE-2018-19869, Qt Svg: Fix crash when parsing malformed url reference
    
    More details can be obtained from the Qt annoucement [1].
    
    [1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
    
    (cherry picked from commit 2f5d37b)
    andir committed Feb 2, 2019
    Copy the full SHA
    89049f3 View commit details
    Browse the repository at this point in the history
  4. Revert "qt59-qtbase: fix darwin build with clang-5"

    The fix is already included in Qt 5.9.7
    
    This reverts commit 0bf153f.
    
    (cherry picked from commit fd75bbc)
    veprbl authored and andir committed Feb 2, 2019
    Copy the full SHA
    1e2c3be View commit details
    Browse the repository at this point in the history

Commits on Feb 16, 2019

  1. qt511: add patch for macOS sdk

    Unfortunately we don’t have access to NSWindowStyleMask. These patches
    should go away once we switch to a newer SDK.
    
    (cherry picked from commit 8153104)
    matthewbauer authored and vcunat committed Feb 16, 2019
    Copy the full SHA
    82434e7 View commit details
    Browse the repository at this point in the history
  2. openssl: 1.0.2p -> 1.0.2q

    CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
    CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407
    
    No patches can any longer be shared between 1.0.2 and 1.1, so reorganize
    patches into subdirectories (and remove an unused one).
    
    (cherry picked from commit ae29a9e)
    alyssais authored and andrew-d committed Feb 16, 2019
    Copy the full SHA
    9c75f20 View commit details
    Browse the repository at this point in the history
  3. Copy the full SHA
    d7225e0 View commit details
    Browse the repository at this point in the history
  4. Merge #55885: openssl: 1.0.2p -> 1.0.2q

    ... into staging-18.09.
    vcunat committed Feb 16, 2019
    Copy the full SHA
    fe00e77 View commit details
    Browse the repository at this point in the history
  5. Merge #55089: qt5*: bugfixes + security

    ... into staging-18.09.
    vcunat committed Feb 16, 2019
    Copy the full SHA
    af6b20c View commit details
    Browse the repository at this point in the history

Commits on Feb 17, 2019

  1. Merge branch 'staging-18.09' into release-18.09

    Security updates for qt5* and openssl.
    We can't afford to wait for darwin rebuild - it would take far too long.
    vcunat committed Feb 17, 2019
    Copy the full SHA
    f4ddc31 View commit details
    Browse the repository at this point in the history