Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d3d4c93e85ce
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: bf62b512326e
Choose a head ref
  • 4 commits
  • 2 files changed
  • 2 contributors

Commits on Jun 30, 2019

  1. libvirt: add patches for CVE-2019-10132, CVE-2019-10161, CVE-2019-10166 

    …, CVE-2019-10167 & CVE-2019-10168 (#63909)
    @risicle @alyssais
    risicle authored and alyssais committed Jun 30, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    sxzz Kevin Deng 三咲智子
    SSH Key Fingerprint: I0/gY8Rb7HnU56beA4F5l8qYUOR7E5wLLU6ZF7o6nLQ
    Verified
    Learn about vigilant mode
    Copy the full SHA
    37b61c9 View commit details

  2. gnupg: 2.2.13 -> 2.2.14 

    https://lists.gnupg.org/pipermail/gnupg-announce/2019q1/000435.html
(cherry picked from commit 43ed5cb)
    @dtzWill @alyssais
    dtzWill authored and alyssais committed Jun 30, 2019
    Copy the full SHA
    9939781 View commit details

  3. gnupg: 2.2.14 -> 2.2.15 

    https://dev.gnupg.org/T4434
(cherry picked from commit 4f1d762)
    @dtzWill @alyssais
    dtzWill authored and alyssais committed Jun 30, 2019
    Copy the full SHA
    0ed03d7 View commit details

  4. gnupg: 2.2.15 -> 2.2.16 

    https://dev.gnupg.org/T4509
(cherry picked from commit 3f7657d)
    @dtzWill @alyssais
    dtzWill authored and alyssais committed Jun 30, 2019
    Copy the full SHA
    bf62b51 View commit details
Showing with 43 additions and 3 deletions.
  1. +41 −1 pkgs/development/libraries/libvirt/default.nix
  2. +2 −2 pkgs/tools/security/gnupg/22.nix
42 changes: 41 additions & 1 deletion pkgs/development/libraries/libvirt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{ stdenv, fetchurl, fetchgit
, pkgconfig, makeWrapper, libtool, autoconf, automake
, pkgconfig, makeWrapper, libtool, autoconf, automake, fetchpatch
, coreutils, libxml2, gnutls, perl, python2, attr
, iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext
, libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor
@@ -33,6 +33,46 @@ in stdenv.mkDerivation rec {
fetchSubmodules = true;
};

patches = [
(fetchpatch {
name = "4.10.0-CVE-2019-10132-1.patch";
url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=8d12118171a250150f2cb16448c49271a1dcb077";
sha256 = "1s8xm0zn63wciaxzrcf5ld9d3r2hn9k31p41addhyrxivgvkvk4d";
})
(fetchpatch {
name = "4.10.0-CVE-2019-10132-2.patch";
url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=a712f01682078f48d3c258bff8cd523ab9100b0d";
sha256 = "12wzv190l7gp3fpa1qirgy5l6w674pfpw06jb15gifrwhy7x9j06";
})
(fetchpatch {
name = "4.10.0-CVE-2019-10132-3.patch";
url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=f8d8a7a182c0854fa50d3976077b3a3d8de8980f";
sha256 = "08306952a32khl8mkw1xarh084dqp9vxhl6hwm2cmf30zkp8jlff";
})
] ++ optionals (!stdenv.isDarwin) [ # this patch appears to be broken on darwin
(fetchpatch {
name = "4.10.0-CVE-2019-10161.patch";
url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=3572564893d1710beb1862797fe32cc2e9cb1e38";
sha256 = "118541d8w1jg92kqzrjhf631f753wncx6xm64jwzhnc096l7swsj";
})
] ++ [
(fetchpatch {
name = "4.10.0-CVE-2019-10166.patch";
url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=3f744efec31959f7643849f6a3708198bcdfc6ae";
sha256 = "0alkw14iwcdy32r6g2lm660ss6fax9c1d9l53s5788vkjfw3jnz0";
})
(fetchpatch {
name = "4.10.0-CVE-2019-10167.patch";
url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=d238f132e6e0432a42d3cdff4571730dae3a85eb";
sha256 = "0pnvzdhdiqd4hvc5ip59iszahkfrwvf7f99p2v2lb438z9c5bb32";
})
(fetchpatch {
name = "4.10.0-CVE-2019-10168.patch";
url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=09c2635d0deec198de0f250abc2958f2d1c09eaa";
sha256 = "0s4hc3hsjncx1852ndjas1nng9v23pxf4mi1jxcajsqvhw89la0g";
})
];

nativeBuildInputs = [ makeWrapper pkgconfig ];
buildInputs = [
libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl
4 changes: 2 additions & 2 deletions pkgs/tools/security/gnupg/22.nix
View file
Original file line number Diff line number Diff line change
@@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null;
stdenv.mkDerivation rec {
name = "gnupg-${version}";

version = "2.2.13";
version = "2.2.16";

src = fetchurl {
url = "mirror://gnupg/gnupg/${name}.tar.bz2";
sha256 = "1n0igfn9nwdajzkcgdx7apwm9m5rpw0fg6vwskmf1rpranlqgivn";
sha256 = "1jqlzp9b3kpfp1dkjqskm67jjrhvf9nh3lzf45321p7m9d2qvgkc";
};

nativeBuildInputs = [ pkgconfig ];