Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: ffe50cdf2214
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 0e614d029230
Choose a head ref
  • 5 commits
  • 4 files changed
  • 4 contributors

Commits on Nov 2, 2018

  1. wireshark: 2.4.9 -> 2.4.10 

    Security release: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html
    @fpletz
    fpletz committed Nov 2, 2018

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    Ma27 Maximilian Bosch
    GPG key ID: 091DBF4D1FC46B8E
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5ce0b90 View commit details

  2. strongswan: patch CVE-2018-16151 & CVE-2018-16152 

    (cherry picked from commit f71cc5f)
    @fpletz
    fpletz committed Nov 2, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    dywedir Vlad M.
    GPG key ID: 3B1AD98E3D65BD4D
    Verified
    Learn about vigilant mode
    Copy the full SHA
    47d6c44 View commit details

  3. ntp: add license 

    (cherry picked from commit 6aba5e2)
    @markuskowa @fpletz
    markuskowa authored and fpletz committed Nov 2, 2018
    Copy the full SHA
    da9b960 View commit details

  4. ntp: 4.2.8p11 -> 4.2.8p12 (#45180) 

    Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/ntp/versions.

(cherry picked from commit 2524ad6)
    @r-ryantm @fpletz
    r-ryantm authored and fpletz committed Nov 2, 2018

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    dtzWill Will Dietz
    GPG key ID: EBB0EA4124809D02
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    036164b View commit details

  5. libssh: 0.7.5 -> 0.7.6 

    Fixes CVE-2018-10933:

libssh versions 0.6 and above have an authentication bypass
vulnerability in the server code. By presenting the server an
SSH2_MSG_USERAUTH_SUCCESS message in place of the
SSH2_MSG_USERAUTH_REQUEST message which the server would expect to
initiate authentication, the attacker could successfully authentciate
without any credentials.

Source:
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
(cherry picked from commit eca4628)
    @lheckemann @fpletz
    lheckemann authored and fpletz committed Nov 2, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    costrouc Christopher Ostrouchov
    GPG key ID: 9ED59B0AB1EAF573
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0e614d0 View commit details
4 changes: 2 additions & 2 deletions pkgs/applications/networking/sniffers/wireshark/default.nix
View file
Original file line number Diff line number Diff line change
@@ -12,15 +12,15 @@ assert withQt -> !withGtk && qt5 != null;
with stdenv.lib;

let
version = "2.4.9";
version = "2.4.10";
variant = if withGtk then "gtk" else if withQt then "qt" else "cli";

in stdenv.mkDerivation {
name = "wireshark-${variant}-${version}";

src = fetchurl {
url = "http://www.wireshark.org/download/src/all-versions/wireshark-${version}.tar.xz";
sha256 = "1qrkqrm96gj3wah42qj62axgdzin8cwiscpcwbq3d596cm3g5i33";
sha256 = "0aw8f9h64yv9h1klk37kz5c4s8brnazfv6idsbwpqs5bp8sda4fi";
};

cmakeFlags = [
6 changes: 3 additions & 3 deletions pkgs/development/libraries/libssh/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{ stdenv, fetchurl, pkgconfig, cmake, zlib, openssl, libsodium }:

stdenv.mkDerivation rec {
name = "libssh-0.7.5";
name = "libssh-0.7.6";

src = fetchurl {
url = "https://red.libssh.org/attachments/download/218/${name}.tar.xz";
sha256 = "15bh6dm9c50ndddzh3gqcgw7axp3ghrspjpkb1z3dr90vkanvs2l";
url = "https://www.libssh.org/files/0.7/libssh-0.7.6.tar.xz";
sha256 = "14hhdpn2hflywsi9d5bz2pfjxqkyi07znjij89cpakr7b4w7sq0x";
};

postPatch = ''
10 changes: 7 additions & 3 deletions pkgs/tools/networking/ntp/default.nix
View file
Original file line number Diff line number Diff line change
@@ -8,11 +8,11 @@ let
in

stdenv.mkDerivation rec {
name = "ntp-4.2.8p11";
name = "ntp-4.2.8p12";

src = fetchurl {
url = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/${name}.tar.gz";
sha256 = "13i7rp1va29ffjdk08fvsfl6n47zzwsp147zhgb550k8agvkjjpi";
url = "https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/${name}.tar.gz";
sha256 = "0m04ndn0674kcf9x0aggjya07a3hlig2nlzzpwk7vmqka0mj56vh";
};

# The hardcoded list of allowed system calls for seccomp is
@@ -39,6 +39,10 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
homepage = http://www.ntp.org/;
description = "An implementation of the Network Time Protocol";
license = {
# very close to isc and bsd2
url = https://www.eecis.udel.edu/~mills/ntp/html/copyright.html;
};
maintainers = [ maintainers.eelco ];
platforms = platforms.linux;
};
13 changes: 12 additions & 1 deletion pkgs/tools/networking/strongswan/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl
{ stdenv, fetchurl, fetchpatch
, pkgconfig, autoreconfHook
, gmp, python, iptables, ldns, unbound, openssl, pcsclite
, openresolv
@@ -36,6 +36,17 @@ stdenv.mkDerivation rec {
./ext_auth-path.patch
./firewall_defaults.patch
./updown-path.patch

(fetchpatch {
name = "CVE-2018-16151-and-CVE-2018-16152.patch";
url = "https://download.strongswan.org/patches/27_gmp_pkcs1_verify_patch/strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch";
sha256 = "04a5ql6clig5zq9914i4iyrrxcc36w2hzmwsrl69rxnq8hwhw1ql";
})
(fetchpatch {
name = "fix-for-CVE-2018-16151-and-CVE-2018-16152.patch";
url = "https://download.strongswan.org/patches/28_gmp_pkcs1_overflow_patch/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch";
sha256 = "1h8m9rsqzkl71x25h1aavs5xkqm20083law339phfjlrpbjpnizp";
})
];

postPatch = ''