Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 93c0abfba863
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2f6e53c5aa26
Choose a head ref
  • 3 commits
  • 3 files changed
  • 2 contributors

Commits on May 8, 2019

  1. libxslt: add patch for CVE-2019-11068 

    References:
https://nvd.nist.gov/vuln/detail/CVE-2019-11068
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
(cherry picked from commit 84b810f)
    @c0bw3b @vcunat
    c0bw3b authored and vcunat committed May 8, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    ncfavier Naïm Camille Favier
    GPG key ID: 49B07322580B7EE2
    Verified
    Learn about vigilant mode
    Copy the full SHA
    87b79be View commit details

  2. gnupatch: add patch for CVE-2018-6952 

    Refs:
https://nvd.nist.gov/vuln/detail/CVE-2018-6952
https://savannah.gnu.org/bugs/index.php?53133
(cherry picked from commit 6a2a4e8)
    @c0bw3b @vcunat
    c0bw3b authored and vcunat committed May 8, 2019
    Copy the full SHA
    5820efe View commit details

Commits on May 11, 2019

  1. Merge branch 'staging-19.03' into release-19.03 

    Security patches.
    @vcunat
    vcunat committed May 11, 2019
    Copy the full SHA
    2f6e53c View commit details
Showing with 39 additions and 1 deletion.
  1. +9 −1 pkgs/development/libraries/libxslt/default.nix
  2. +28 −0 pkgs/tools/text/gnupatch/CVE-2018-6952.patch
  3. +2 −0 pkgs/tools/text/gnupatch/default.nix
10 changes: 9 additions & 1 deletion pkgs/development/libraries/libxslt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl, libxml2, findXMLCatalogs, python2, libgcrypt
{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs, python2, libgcrypt
, cryptoSupport ? false
, pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
}:
@@ -18,6 +18,14 @@ stdenv.mkDerivation rec {
sha256 = "1j1q1swnsy8jgi9x7mclvkrqhfgn09886gdlr9wzk7a08i8n0dlf";
};

patches = [
(fetchpatch {
name = "CVE-2019-11068.patch";
url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
})
];

outputs = [ "bin" "dev" "out" "man" "doc" ] ++ stdenv.lib.optional pythonSupport "py";

buildInputs = [ libxml2.dev ]
28 changes: 28 additions & 0 deletions pkgs/tools/text/gnupatch/CVE-2018-6952.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri, 17 Aug 2018 13:35:40 +0200
Subject: Fix swapping fake lines in pch_swap

* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
blank line in the middle of a context-diff hunk: that empty line stays
in the middle of the hunk and isn't swapped.

Fixes: https://savannah.gnu.org/bugs/index.php?53133
---
src/pch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pch.c b/src/pch.c
index e92bc64..a500ad9 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2122,7 +2122,7 @@ pch_swap (void)
}
if (p_efake >= 0) { /* fix non-freeable ptr range */
if (p_efake <= i)
- n = p_end - i + 1;
+ n = p_end - p_ptrn_lines;
else
n = -i;
p_efake += n;
--
2 changes: 2 additions & 0 deletions pkgs/tools/text/gnupatch/default.nix
View file
Original file line number Diff line number Diff line change
@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch;
sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg";
})
# https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
./CVE-2018-6952.patch
];

nativeBuildInputs = [ autoreconfHook ];