Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: ced7cfc02523
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 41c8f218b8bb
Choose a head ref
  • 3 commits
  • 2 files changed
  • 2 contributors

Commits on May 25, 2019

  1. Merge #62063: evince: patch CVE-2019-11459 

    (cherry picked from commit bb2a49d)
backend/tiff/ hasn't seen any relevant changes in-between,
so I believe the backport should still be fairly safe.
    @vcunat
    vcunat committed May 25, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b081cbc View commit details

  2. services.tahoe: Use networking.hostName. 

    Previously we used nothing, leading to #25273.

Big thanks to @t184256 for developing and testing this fix.

Fixes #25273.

(cherry picked from commit fa6ad02)
    @MostAwesomeDude @infinisil
    MostAwesomeDude authored and infinisil committed May 25, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    infinisil Silvan Mosberger
    GPG key ID: 9424360B4B85C9E7
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2d44a7a View commit details

  3. services.tahoe: Use 1.13-compatible invocations. 

    (cherry picked from commit 00d6b4c)
    @MostAwesomeDude @infinisil
    MostAwesomeDude authored and infinisil committed May 25, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    infinisil Silvan Mosberger
    GPG key ID: 9424360B4B85C9E7
    Verified
    Learn about vigilant mode
    Copy the full SHA
    41c8f21 View commit details
Showing with 18 additions and 6 deletions.
  1. +8 −5 nixos/modules/services/network-filesystems/tahoe.nix
  2. +10 −1 pkgs/desktops/gnome-3/core/evince/default.nix
13 changes: 8 additions & 5 deletions nixos/modules/services/network-filesystems/tahoe.nix
View file
Original file line number Diff line number Diff line change
@@ -234,16 +234,19 @@ in
Type = "simple";
PIDFile = pidfile;
# Believe it or not, Tahoe is very brittle about the order of
# arguments to $(tahoe start). The node directory must come first,
# arguments to $(tahoe run). The node directory must come first,
# and arguments which alter Twisted's behavior come afterwards.
ExecStart = ''
${settings.package}/bin/tahoe start ${lib.escapeShellArg nodedir} -n -l- --pidfile=${lib.escapeShellArg pidfile}
${settings.package}/bin/tahoe run ${lib.escapeShellArg nodedir} --pidfile=${lib.escapeShellArg pidfile}
'';
};
preStart = ''
if [ ! -d ${lib.escapeShellArg nodedir} ]; then
mkdir -p /var/db/tahoe-lafs
tahoe create-introducer ${lib.escapeShellArg nodedir}
# See https://github.com/NixOS/nixpkgs/issues/25273
tahoe create-introducer \
--hostname="${config.networking.hostName}" \
${lib.escapeShellArg nodedir}
fi
# Tahoe has created a predefined tahoe.cfg which we must now
@@ -334,10 +337,10 @@ in
Type = "simple";
PIDFile = pidfile;
# Believe it or not, Tahoe is very brittle about the order of
# arguments to $(tahoe start). The node directory must come first,
# arguments to $(tahoe run). The node directory must come first,
# and arguments which alter Twisted's behavior come afterwards.
ExecStart = ''
${settings.package}/bin/tahoe start ${lib.escapeShellArg nodedir} -n -l- --pidfile=${lib.escapeShellArg pidfile}
${settings.package}/bin/tahoe run ${lib.escapeShellArg nodedir} --pidfile=${lib.escapeShellArg pidfile}
'';
};
preStart = ''
11 changes: 10 additions & 1 deletion pkgs/desktops/gnome-3/core/evince/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ fetchurl, stdenv, pkgconfig, intltool, libxml2
{ fetchurl, fetchpatch, stdenv, pkgconfig, intltool, libxml2
, glib, gtk3, pango, atk, gdk_pixbuf, shared-mime-info, itstool, gnome3
, poppler, ghostscriptX, djvulibre, libspectre, libarchive, libsecret, wrapGAppsHook
, librsvg, gobject-introspection, yelp-tools, gspell, adwaita-icon-theme, gsettings-desktop-schemas
@@ -17,6 +17,15 @@ stdenv.mkDerivation rec {
sha256 = "0k7jln6dpg4bpv61niicjzkzyq6fhb3yfld7pc8ck71c8pmvsnx9";
};


patches = [
(fetchpatch {
name = "CVE-2019-11459.patch";
url = "https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7.patch";
sha256 = "1ds6iwr2r9i86nwrly8cx7p1kbvf1gljjplcffa67znxqmwx4n74";
})
];

passthru = {
updateScript = gnome3.updateScript { packageName = "evince"; };
};