Comparing changes
Open a pull request
base repository: NixOS/nixpkgs-channels
base: a5e5377202e9
head repository: NixOS/nixpkgs-channels
compare: 7fd23d128b10
- 16 commits
- 9 files changed
- 7 contributors
Commits on Jun 14, 2019
-
google-cloud-sdk: use doBuild = false instead of hardcoding phases
We don't want to unpack in installPhase either.
Commits on Jun 18, 2019
-
terraform-providers: bump versions
I skipped terraform-provider-matchbox and terraform-provider-ansible, they failed to build: terraform-provider-ansible > cannot find package "github.com/hashicorp/terraform/helper/schema" … terraform-provider-matchbox > cannot find package "github.com/poseidon/terraform-provider-matchbox/matchbox" …
-
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/xmr-stak/versions
-
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/yarn/versions
-
gvfs: fix CVE-2019-1244{7.8.9}
This is a version of #63481 for master. CVE-2019-12447: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. CVE-2019-12448: daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. CVE-2019-12449: daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. Upstream MR: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/48
-
This is a version of #63481 for master. Vulnerability Description: daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does. #63301
Commits on Jun 19, 2019
-
gnome3.tracker-miners: enable auto_features
When tracker-miners switched from booleans to features, we were no longer building majority of the miners, since we disable auto_features by default.
-
Merge pull request #63472 from r-ryantm/auto-update/yarn
yarn: 1.16.0 -> 1.17.0
-
Merge pull request #63470 from r-ryantm/auto-update/xmr-stak
xmr-stak: 2.10.4 -> 2.10.5
-
gnome3.tracker-miners: enable auto_features (#63491)
gnome3.tracker-miners: enable auto_features
-
Merge pull request #63486 from worldofpeace/gvfs/security-fixes-unstable
gvfs: security fixes
-
-
terraform-providers: bump versions (#63463)
terraform-providers: bump versions
-
google-cloud-sdk: kubeconfig: don't store absolute path to gcloud bin…
…ary (#63037) google-cloud-sdk: kubeconfig: don't store absolute path to gcloud binary
-
Merge pull request #63498 from tadeokondrak/cum/init/0.9.1
cum: init at 0.9.1
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff a5e5377202e9...7fd23d128b10