Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d77e3bd66135
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 30a82bba734b
Choose a head ref
  • 6 commits
  • 3 files changed
  • 4 contributors

Commits on Jun 14, 2019

  1. chromium: 75.0.3770.80 -> 75.0.3770.90

    @ivan
    ivan committed Jun 14, 2019
    Copy the full SHA
    640c50b View commit details

Commits on Jun 18, 2019

  1. Merge pull request #63137 from ivan/chromium-75.0.3770.90-backport 

    [19.03] chromium: 75.0.3770.80 -> 75.0.3770.90 (backport)
    @andir
    andir authored Jun 18, 2019
    Copy the full SHA
    d6da20c View commit details

  2. gvfs: fix CVE-2019-1244{7.8.9} 

    CVE-2019-12447:
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.

CVE-2019-12448:
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.

CVE-2019-12449:
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations
from admin:// to file:// URIs, because root privileges are unavailable.

Upstream MR: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/48
Closes #63067
    @worldofpeace
    worldofpeace committed Jun 18, 2019
    Copy the full SHA
    d2bfd7a View commit details

  3. gvfs: fix CVE-2019-12795 

    Vulnerability Description:
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before
1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without
configuring an authorization rule. A local attacker could connect to this server
socket and issue D-Bus method calls. Note that the server socket only accepts
a single connection, so the attacker would have to discover the server and connect
to the socket before its owner does.

Closes #63301
    @worldofpeace
    worldofpeace committed Jun 18, 2019
    Copy the full SHA
    6ac7c77 View commit details

Commits on Jun 19, 2019

  1. Merge pull request #63481 from worldofpeace/gvfs/security-fixes 

    [19.03] gvfs: security fixes
    @worldofpeace
    worldofpeace authored Jun 19, 2019
    Copy the full SHA
    be7c1a3 View commit details

  2. dcm2niix: 1.0.20170130 -> 1.0.20190410 (#63479) 

    (cherry picked from commit 2458209)
    @lheckemann
    lheckemann committed Jun 19, 2019
    Copy the full SHA
    30a82bb View commit details
18 changes: 9 additions & 9 deletions pkgs/applications/networking/browsers/chromium/upstream-info.nix
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
# This file is autogenerated from update.sh in the same directory.
{
beta = {
sha256 = "1mk6gb3iif8i6zq41wjn3lhqqlqp1syzpav1nj0170l7v348p0ns";
sha256bin64 = "02zq7gy51nclfh8806yqv4713cpb4yamy0h7x1zgcd2rxvqm4v53";
version = "75.0.3770.80";
sha256 = "0pq7q7plbmfg2f6m74wl2l19k15ik2mvw56bfzk4c9cdns8w6b8a";
sha256bin64 = "09zf3kldvi8zh7arvl94vjmbvgsghwa51b5j0ic8ncdn880dlq0j";
version = "76.0.3809.25";
};
dev = {
sha256 = "0h0dbmk8l45c61g8iiylfnw45rqyqwc40brphwksi6gsvwn2yw8h";
sha256bin64 = "0vrwsllnrcgdvsflncqhwyfbjiqcj0n3mxyyyalr8arvkpz5r5ai";
version = "76.0.3806.1";
sha256 = "19v1i4ks5rpwdcwmfj8qqni4afyhnddb5hbbisabnjif3b8xrvjw";
sha256bin64 = "0vsbxvqidrvw797h0and67pdb4maijsiv6jkpj3kqaxakiwnadxj";
version = "76.0.3809.21";
};
stable = {
sha256 = "1mk6gb3iif8i6zq41wjn3lhqqlqp1syzpav1nj0170l7v348p0ns";
sha256bin64 = "03agz2bl22cmwgdcni8lbzjrwpikg5caimh8ynmhnpy7q9r3zy2w";
version = "75.0.3770.80";
sha256 = "0f9qjhxvk8sajj7qa061crfmln65q7sniylrgp0qijwyw6xrmddi";
sha256bin64 = "1xvqfrq119iwgvd2d4z2v2ladi2kl52kji55yxdmyi377dpk5rfa";
version = "75.0.3770.90";
};
}
7 changes: 4 additions & 3 deletions pkgs/applications/science/biology/dcm2niix/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,21 +2,22 @@
, fetchFromGitHub
, cmake
, libyamlcpp
, git
}:

stdenv.mkDerivation rec {
version = "1.0.20170130";
version = "1.0.20190410";
name = "dcm2niix-${version}";

src = fetchFromGitHub {
owner = "rordenlab";
repo = "dcm2niix";
rev = "v${version}";
sha256 = "1f2nzd8flp1rfn725bi64z7aw3ccxyyygzarxijw6pvgl476i532";
sha256 = "1prwpvbi76xlpkhc4kadjhyyx0s71cs30hi6anknhfm6hdyd26ms";
};

enableParallelBuilding = true;
nativeBuildInputs = [ cmake ];
nativeBuildInputs = [ cmake git ];
buildInputs = [ libyamlcpp ];

meta = with stdenv.lib; {
29 changes: 28 additions & 1 deletion pkgs/development/libraries/gvfs/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, gnome3, dbus
, glib, libgudev, udisks2, libgcrypt, libcap, polkit
, glib, libgudev, udisks2, libgcrypt, libcap, polkit, fetchpatch
, libgphoto2, avahi, libarchive, fuse, libcdio
, libxml2, libxslt, docbook_xsl, docbook_xml_dtd_42, samba, libmtp
, gnomeSupport ? false, gnome, gcr, wrapGAppsHook
@@ -18,6 +18,33 @@ in stdenv.mkDerivation rec {
sha256 = "0nw6mv5qq0d79d72x28db0vwihv4isny6m8q7vdim11ngk10hgwh";
};

patches = [
# CVE-2019-12448
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/a1c2e7ecab0d6457fa2227d92e3569c08516eac5.patch";
sha256 = "03fwlpj1vbi80661bbhzv8ddx3czkzv9i1q4h3gqyxi5f1i0xfz4";
})
# CVE-2019-12447
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/0f25dea30d01d920443ab72b0c254560ec40e14c.patch";
sha256 = "1p7c48nsx1lkv2qpkyrsm9qfa77xwd28gczwcpv2kbji3ws5qgj5";
})
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/272e6bdac33309672955e8f8bf1b8f5f1e51fa0a.patch";
sha256 = "0zxbhmgqxxw987ag8fh6yjzjn9jl55fqbn814jh9kwrk7x4prx9x";
})
# CVE-2019-12449
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6.patch";
sha256 = "0hfybfaz2gfx3yyw5ymx6q0pqwkx2r1i7gzprfp80bplwslq0d4h";
})
# CVE-2019-12795
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe.patch";
sha256 = "1lx6yxykx24mnq5izijqk744zj6rgww6ba76z0qjal4y0z3gsdqp";
})
];

postPatch = ''
# patchShebangs requires executable file
chmod +x codegen.py meson_post_install.py