Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2e74e24c855e
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c823eaec0a21
Choose a head ref
  • 6 commits
  • 6 files changed
  • 2 contributors

Commits on Nov 24, 2016

  1. libarchive: 3.2.1 -> 3.2.2 for unspecified vulnerabilities 

    The release notes don't cover anything in particular:

https://github.com/libarchive/libarchive/blob/ba3dec4495496280226a463b3270a60c8864a4f1/NEWS#L3
    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    9118702 View commit details

  2. gnuchess: 6.2.3 -> 6.2.4 for CVEs 

    CVE-2015-8972: stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess
    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    4a5c661 View commit details

  3. w3m: 0.5.3-2015-12-20 -> 0.5.3+git20161120 for many CVEs 

    https://github.com/tats/w3m/blob/c94a28011f0cb8bcef4229f3f787ae04ee3fcf3e/NEWS\#L1-L52
    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    a3b7468 View commit details

  4. qemu: add patch to fix CVE-2016-7907 

    cc #20647
    @fpletz @grahamc
    fpletz authored and grahamc committed Nov 24, 2016
    Copy the full SHA
    336bacf View commit details

  5. libtiff: 4.0.6 -> 4.0.7 for many CVEs 

    This release includes all our previous CVE patches, and suggets new ones:

 - CVE-2016-3945
 - CVE-2016-3990
 - CVE-2016-3991
 - CVE-2016-3622
 - CVE-2016-9453
 - CVE-2016-8127 (duplicate of CVE-2016-3658)
 - CVE-2016-9297
 - CVE-2016-9448
    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    9de6029 View commit details

  6. graphicsmagick: Update URLs for patches

    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    c823eae View commit details
6 changes: 3 additions & 3 deletions pkgs/applications/graphics/graphicsmagick/default.nix
View file
Original file line number Diff line number Diff line change
@@ -15,15 +15,15 @@ stdenv.mkDerivation {
patches = [
./disable-popen.patch
(fetchpatch {
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7996_CVE-2016-7997.patch";
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-7996_CVE-2016-7997.patch";
sha256 = "0xsby2z8n7cnnln7szjznq7iaabq323wymvdjra59yb41aix74r2";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part1.patch";
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-7800_part1.patch";
sha256 = "02s0x9bkbnm5wrd0d2x9ld4d9z5xqpfk310lyylyr5zlnhqxmwgn";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part2.patch";
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-7800_part2.patch";
sha256 = "1h4xv3i1aq5avsd584rwa5sa7ca8f7w9ggmh7j2llqq5kymwsv5f";
})
(fetchpatch {
13 changes: 7 additions & 6 deletions pkgs/applications/networking/browsers/w3m/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchgit, fetchpatch
{ stdenv, fetchFromGitHub, fetchpatch
, ncurses, boehmgc, gettext, zlib
, sslSupport ? true, openssl ? null
, graphicsSupport ? true, imlib2 ? null
@@ -15,12 +15,13 @@ assert mouseSupport -> gpm-ncurses != null;
with stdenv.lib;

stdenv.mkDerivation rec {
name = "w3m-0.5.3-2015-12-20";
name = "w3m-v0.5.3+git20161120";

src = fetchgit {
url = "git://anonscm.debian.org/collab-maint/w3m.git";
rev = "e0b6e022810271bd0efcd655006389ee3879e94d";
sha256 = "1vahm3719hb0m20nc8k88165z35f8b15qasa0whhk78r12bls1q6";
src = fetchFromGitHub {
owner = "tats";
repo = "w3m";
rev = "v0.5.3+git20161120";
sha256 = "06n5a9jdyihkd4xdjmyci32dpqp1k2l5awia5g9ng0bn256bacdc";
};

NIX_LDFLAGS = optionalString stdenv.isSunOS "-lsocket -lnsl";
5 changes: 5 additions & 0 deletions pkgs/applications/virtualization/qemu/default.nix
View file
Original file line number Diff line number Diff line change
@@ -123,6 +123,11 @@ stdenv.mkDerivation rec {
url = "http://git.qemu.org/?p=qemu.git;a=patch;h=8caed3d564672e8bc6d2e4c6a35228afd01f4723";
sha256 = "19sq6fh7nh8wrk52skky4vwm80029lhm093g11f539krmzjgipik";
})
(fetchpatch {
name = "qemu-CVE-2016-7907.patch";
url = "http://git.qemu.org/?p=qemu.git;a=patch;h=070c4b92b8cd5390889716677a0b92444d6e087a";
sha256 = "0in89697r6kwkf302v3cg16390q7qs33n2b4kba26m4x65632dxm";
})

# FIXME: Fix for CVE-2016-9101 not yet ready: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html

4 changes: 2 additions & 2 deletions pkgs/development/libraries/libarchive/default.nix
View file
Original file line number Diff line number Diff line change
@@ -10,11 +10,11 @@ assert xarSupport -> libxml2 != null;

stdenv.mkDerivation rec {
name = "libarchive-${version}";
version = "3.2.1";
version = "3.2.2";

src = fetchurl {
url = "${meta.homepage}/downloads/${name}.tar.gz";
sha256 = "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj";
sha256 = "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739";
};

outputs = [ "out" "lib" "dev" ];
50 changes: 3 additions & 47 deletions pkgs/development/libraries/libtiff/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
{ stdenv, fetchurl, fetchpatch, pkgconfig, zlib, libjpeg, xz }:

let
version = "4.0.6";
debversion = "3";
version = "4.0.7";
in
stdenv.mkDerivation rec {
name = "libtiff-${version}";

src = fetchurl {
url = "http://download.osgeo.org/libtiff/tiff-${version}.tar.gz";
sha256 = "136nf1rj9dp5jgv1p7z4dk0xy3wki1w0vfjbk82f645m0w4samsd";
sha256 = "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz";
};

outputs = [ "bin" "dev" "out" "doc" ];
@@ -20,54 +19,11 @@ stdenv.mkDerivation rec {

enableParallelBuilding = true;

patches = let p = "https://sources.debian.net/data/main/t/tiff/${version}-${debversion}/debian/patches"; in [
(fetchurl {
url = "${p}/01-CVE-2015-8665_and_CVE-2015-8683.patch";
sha256 = "0qiiqpbbsf01b59x01z38cg14pmg1ggcsqm9n1gsld6rr5wm3ryz";
})
(fetchurl {
url = "${p}/02-fix_potential_out-of-bound_writes_in_decode_functions.patch";
sha256 = "1ph057w302i2s94rhdw6ksyvpsmg1nlanvc0251x01s23gkdbakv";
})
(fetchurl {
url = "${p}/03-fix_potential_out-of-bound_write_in_NeXTDecode.patch";
sha256 = "1nhjg2gdvyzi4wa2g7nwmzm7nssz9dpdfkwms1rp8i1034qdlgc6";
})
(fetchurl {
url = "${p}/04-CVE-2016-5314_CVE-2016-5316_CVE-2016-5320_CVE-2016-5875.patch";
sha256 = "0n47yk9wcvc9j72yvm5bhpaqq0yfz8jnq9zxbnzx5id9gdxmrkn3";
})
(fetchurl {
url = "${p}/05-CVE-2016-6223.patch";
sha256 = "0r80hil9k6scdjppgyljhm0s2z6c8cm259f0ic0xvxidfaim6g2r";
})
(fetchurl {
url = "${p}/06-CVE-2016-5321.patch";
sha256 = "1aacymlqv6cam8i4nbma9v05r3v3xjpagns7q0ii268h0mhzq6qg";
})
(fetchurl {
url = "${p}/07-CVE-2016-5323.patch";
sha256 = "1xr5hy2fxa71j3fcc1l998pxyblv207ygzyhibwb1lia5zjgblch";
})
(fetchurl {
url = "${p}/08-CVE-2016-3623_CVE-2016-3624.patch";
sha256 = "1xnvwjvgyxi387h1sdiyp4360a3176jmipb7ghm8vwiz7cisdn9z";
})
(fetchurl {
url = "${p}/09-CVE-2016-5652.patch";
sha256 = "1yqfq32gzh21ab2jfqkq13gaz0nin0492l06adzsyhr5brvdhnx8";
})
(fetchurl {
url = "${p}/10-CVE-2016-3658.patch";
sha256 = "01kb8rfk30fgjf1hy0m088yhjfld1yyh4bk3gkg8jx3dl9bd076d";
})
];

doCheck = true;

meta = with stdenv.lib; {
description = "Library and utilities for working with the TIFF image file format";
homepage = http://www.remotesensing.org/libtiff/;
homepage = http://download.osgeo.org/libtiff;
license = licenses.libtiff;
platforms = platforms.unix;
};
4 changes: 2 additions & 2 deletions pkgs/games/gnuchess/default.nix
View file
Original file line number Diff line number Diff line change
@@ -3,10 +3,10 @@ let
s = # Generated upstream information
rec {
baseName="gnuchess";
version="6.2.3";
version="6.2.4";
name="${baseName}-${version}";
url="mirror://gnu/chess/${name}.tar.gz";
sha256="10hvnfhj9bkpz80x20jgxyqvgvrcgfdp8sfcbcrf1dgjn9v936bq";
sha256="1vw2w3jwnmn44d5vsw47f8y70xvxcsz9m5msq9fgqlzjch15qhiw";
};
buildInputs = [
flex