Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 8634c3b61990
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 53346d725ffd
Choose a head ref
  • 6 commits
  • 4 files changed
  • 3 contributors

Commits on Jun 22, 2019

  1. bzip2: patch CVE-2019-12900 

    The vulnerability seems quite serious.
It isn't practical to use fetchpatch here due to bootstrapping,
so I just committed the small patch file.

(cherry picked from commit 4fd6cb7)
    @vcunat
    vcunat committed Jun 22, 2019
    Copy the full SHA
    d7366bb View commit details

  2. Merge branch 'release-19.03' into staging-19.03

    @vcunat
    vcunat committed Jun 22, 2019
    Copy the full SHA
    b41ca72 View commit details

Commits on Jun 24, 2019

  1. nixos: add hardware/network/intel-2200bg.nix to module-list 

    this is referenced by nixos-generate-config.pl. See
NixOS/nixpkgs#63091 for more discussion.

(cherry picked from commit 8768d1c)
    @matthewbauer
    matthewbauer committed Jun 24, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    d5a3e5f View commit details

  2. Merge branch 'staging-19.03' into release-19.03

    @vcunat
    vcunat committed Jun 24, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    Mic92 Jörg Thalheim
    GPG key ID: 003F2096411B5F92
    Verified
    Learn about vigilant mode
    Copy the full SHA
    47d7882 View commit details

  3. tomcat9: 9.0.13 -> 9.0.21

    @danbst
    Johan Thomsen authored and danbst committed Jun 24, 2019

    Partially verified

    This commit is signed with the committer’s verified signature. The key has expired.
    lsix’s contribution has been verified via GPG key.
    We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
    Copy the full SHA
    c3446ff View commit details

  4. tomcat85: 8.5.35 -> 8.5.42

    @danbst
    Johan Thomsen authored and danbst committed Jun 24, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lsix lsix
    GPG key ID: 02E1542BA66FB047
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    53346d7 View commit details
Showing with 19 additions and 4 deletions.
  1. +1 −0 nixos/modules/module-list.nix
  2. +4 −4 pkgs/servers/http/tomcat/default.nix
  3. +13 −0 pkgs/tools/compression/bzip2/cve-2019-12900.patch
  4. +1 −0 pkgs/tools/compression/bzip2/default.nix
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
View file
Original file line number Diff line number Diff line change
@@ -47,6 +47,7 @@
./hardware/ledger.nix
./hardware/mcelog.nix
./hardware/network/b43.nix
./hardware/network/intel-2200bg.nix
./hardware/nitrokey.nix
./hardware/opengl.nix
./hardware/pcmcia.nix
8 changes: 4 additions & 4 deletions pkgs/servers/http/tomcat/default.nix
View file
Original file line number Diff line number Diff line change
@@ -44,13 +44,13 @@ in {

tomcat85 = common {
versionMajor = "8";
versionMinor = "5.35";
sha256 = "0n6agr2wn8m5mv0asz73hy2194n9rk7mh5wsp2pz7aq0andbhh5s";
versionMinor = "5.42";
sha256 = "1d90abwwvl0ghr0g0drk48j37wr2zgw74vws9z2rshyzrwgbvgp3";
};

tomcat9 = common {
versionMajor = "9";
versionMinor = "0.13";
sha256 = "1rsrnmkkrbzrj56jk2wh8hrr79kfkk3fz1j0abk3midn1jnbgxxq";
versionMinor = "0.21";
sha256 = "0nsylbqvky4pf3wpsx3a29b85lvwk91ay37mljk9636qffjj1vjh";
};
}
13 changes: 13 additions & 0 deletions pkgs/tools/compression/bzip2/cve-2019-12900.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d
diff --git a/decompress.c b/decompress.c
--- a/decompress.c
+++ b/decompress.c
@@ -287,7 +287,7 @@
GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
for (i = 0; i < nSelectors; i++) {
j = 0;
while (True) {
1 change: 1 addition & 0 deletions pkgs/tools/compression/bzip2/default.nix
View file
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {

patches = [
./CVE-2016-3189.patch
./cve-2019-12900.patch
];