Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 728a9578e31a
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5f69faa2694c
Choose a head ref
  • 6 commits
  • 6 files changed
  • 2 contributors

Commits on Nov 24, 2016

  1. graphicsmagick: Update URLs for patches 

    (cherry picked from commit c823eae)
    @grahamc
    grahamc committed Nov 24, 2016

    Verified

    This commit was signed with the committer’s verified signature.
    bagder Daniel Stenberg
    GPG key ID: 5CC908FDB71E12C2
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2292d85 View commit details

  2. libtiff: 4.0.6 -> 4.0.7 for many CVEs 

    This release includes all our previous CVE patches, and suggets new ones:

 - CVE-2016-3945
 - CVE-2016-3990
 - CVE-2016-3991
 - CVE-2016-3622
 - CVE-2016-9453
 - CVE-2016-8127 (duplicate of CVE-2016-3658)
 - CVE-2016-9297
 - CVE-2016-9448

(cherry picked from commit 9de6029)
    @grahamc
    grahamc committed Nov 24, 2016

    Verified

    This commit was signed with the committer’s verified signature.
    bagder Daniel Stenberg
    GPG key ID: 5CC908FDB71E12C2
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ee38d13 View commit details

  3. qemu: add patch to fix CVE-2016-7907 

    cc #20647

(cherry picked from commit 336bacf)
    @fpletz @grahamc
    fpletz authored and grahamc committed Nov 24, 2016
    Copy the full SHA
    386c980 View commit details

  4. w3m: 0.5.3-2015-12-20 -> 0.5.3+git20161120 for many CVEs 

    https://github.com/tats/w3m/blob/c94a28011f0cb8bcef4229f3f787ae04ee3fcf3e/NEWS\#L1-L52
(cherry picked from commit a3b7468)
    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    27c390f View commit details

  5. gnuchess: 6.2.3 -> 6.2.4 for CVEs 

    CVE-2015-8972: stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess
(cherry picked from commit 4a5c661)
    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    1980c26 View commit details

  6. libarchive: 3.2.1 -> 3.2.2 for unspecified vulnerabilities 

    The release notes don't cover anything in particular:

https://github.com/libarchive/libarchive/blob/ba3dec4495496280226a463b3270a60c8864a4f1/NEWS#L3
(cherry picked from commit 9118702)
    @grahamc
    grahamc committed Nov 24, 2016
    Copy the full SHA
    5f69faa View commit details
6 changes: 3 additions & 3 deletions pkgs/applications/graphics/graphicsmagick/default.nix
View file
Original file line number Diff line number Diff line change
@@ -15,15 +15,15 @@ stdenv.mkDerivation {
patches = [
./disable-popen.patch
(fetchpatch {
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7996_CVE-2016-7997.patch";
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-7996_CVE-2016-7997.patch";
sha256 = "0xsby2z8n7cnnln7szjznq7iaabq323wymvdjra59yb41aix74r2";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part1.patch";
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-7800_part1.patch";
sha256 = "02s0x9bkbnm5wrd0d2x9ld4d9z5xqpfk310lyylyr5zlnhqxmwgn";
})
(fetchpatch {
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part2.patch";
url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-7800_part2.patch";
sha256 = "1h4xv3i1aq5avsd584rwa5sa7ca8f7w9ggmh7j2llqq5kymwsv5f";
})
(fetchpatch {
13 changes: 7 additions & 6 deletions pkgs/applications/networking/browsers/w3m/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchgit, fetchpatch
{ stdenv, fetchFromGitHub, fetchpatch
, ncurses, boehmgc, gettext, zlib
, sslSupport ? true, openssl ? null
, graphicsSupport ? true, imlib2 ? null
@@ -15,12 +15,13 @@ assert mouseSupport -> gpm-ncurses != null;
with stdenv.lib;

stdenv.mkDerivation rec {
name = "w3m-0.5.3-2015-12-20";
name = "w3m-v0.5.3+git20161120";

src = fetchgit {
url = "git://anonscm.debian.org/collab-maint/w3m.git";
rev = "e0b6e022810271bd0efcd655006389ee3879e94d";
sha256 = "1vahm3719hb0m20nc8k88165z35f8b15qasa0whhk78r12bls1q6";
src = fetchFromGitHub {
owner = "tats";
repo = "w3m";
rev = "v0.5.3+git20161120";
sha256 = "06n5a9jdyihkd4xdjmyci32dpqp1k2l5awia5g9ng0bn256bacdc";
};

NIX_LDFLAGS = optionalString stdenv.isSunOS "-lsocket -lnsl";
5 changes: 5 additions & 0 deletions pkgs/applications/virtualization/qemu/default.nix
View file
Original file line number Diff line number Diff line change
@@ -123,6 +123,11 @@ stdenv.mkDerivation rec {
url = "http://git.qemu.org/?p=qemu.git;a=patch;h=8caed3d564672e8bc6d2e4c6a35228afd01f4723";
sha256 = "19sq6fh7nh8wrk52skky4vwm80029lhm093g11f539krmzjgipik";
})
(fetchpatch {
name = "qemu-CVE-2016-7907.patch";
url = "http://git.qemu.org/?p=qemu.git;a=patch;h=070c4b92b8cd5390889716677a0b92444d6e087a";
sha256 = "0in89697r6kwkf302v3cg16390q7qs33n2b4kba26m4x65632dxm";
})

# FIXME: Fix for CVE-2016-9101 not yet ready: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html

4 changes: 2 additions & 2 deletions pkgs/development/libraries/libarchive/default.nix
View file
Original file line number Diff line number Diff line change
@@ -3,11 +3,11 @@

stdenv.mkDerivation rec {
name = "libarchive-${version}";
version = "3.2.1";
version = "3.2.2";

src = fetchurl {
url = "${meta.homepage}/downloads/${name}.tar.gz";
sha256 = "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj";
sha256 = "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739";
};

outputs = [ "out" "lib" "dev" ];
52 changes: 3 additions & 49 deletions pkgs/development/libraries/libtiff/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
{ stdenv, fetchurl, fetchpatch, pkgconfig, zlib, libjpeg, xz }:

let
version = "4.0.6";
debversion = "3";
version = "4.0.7";
in
stdenv.mkDerivation rec {
name = "libtiff-${version}";

src = fetchurl {
url = "http://download.osgeo.org/libtiff/tiff-${version}.tar.gz";
sha256 = "136nf1rj9dp5jgv1p7z4dk0xy3wki1w0vfjbk82f645m0w4samsd";
sha256 = "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz";
};

outputs = [ "bin" "dev" "out" "doc" ];
@@ -20,56 +19,11 @@ stdenv.mkDerivation rec {

enableParallelBuilding = true;

patches = let p = "https://sources.debian.net/data/main/t/tiff/${version}-${debversion}/debian/patches"; in [
(fetchpatch {
url = "${p}/01-CVE-2015-8665_and_CVE-2015-8683.patch";
sha256 = "1c4zmvxj124873al8fvkiv8zq7wx5mv2vd4f1y9w8liv92cm7hkc";
})
(fetchpatch {
url = "${p}/02-fix_potential_out-of-bound_writes_in_decode_functions.patch";
sha256 = "0rsc7zh7cdhgcmx2vbjfaqrb0g93a3924ngqkrzb14w5j2fqfbxv";
})
(fetchpatch {
url = "${p}/03-fix_potential_out-of-bound_write_in_NeXTDecode.patch";
sha256 = "1s01xhp4sl04yhqhqwp50gh43ykcqk230mmbv62vhy2jh7v0ky3a";
})
(fetchpatch {
url = "${p}/04-CVE-2016-5314_CVE-2016-5316_CVE-2016-5320_CVE-2016-5875.patch";
sha256 = "0by35qxpzv9ib3mnh980gd30jf3qmsfp2kl730rq4pq66wpzg9m8";
})
(fetchpatch {
url = "${p}/05-CVE-2016-6223.patch";
sha256 = "0rh8ia0wsf5yskzwdjrlbiilc9m0lq0igs42k6922pl3sa1lxzv1";
})
(fetchpatch {
url = "${p}/06-CVE-2016-5321.patch";
sha256 = "0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0";
})
(fetchpatch {
url = "${p}/07-CVE-2016-5323.patch";
sha256 = "1j6w8g6qizkx5h4aq95kxzx6bgkn4jhc8l22swwhvlkichsh4910";
})
(fetchurl {
url = "${p}/08-CVE-2016-3623_CVE-2016-3624.patch";
sha256 = "1xnvwjvgyxi387h1sdiyp4360a3176jmipb7ghm8vwiz7cisdn9z";
})
(fetchurl {
url = "${p}/09-CVE-2016-5652.patch";
sha256 = "1yqfq32gzh21ab2jfqkq13gaz0nin0492l06adzsyhr5brvdhnx8";
})
(fetchurl {
url = "${p}/10-CVE-2016-3658.patch";
sha256 = "01kb8rfk30fgjf1hy0m088yhjfld1yyh4bk3gkg8jx3dl9bd076d";
})


];

doCheck = true;

meta = with stdenv.lib; {
description = "Library and utilities for working with the TIFF image file format";
homepage = http://www.remotesensing.org/libtiff/;
homepage = http://download.osgeo.org/libtiff;
license = licenses.libtiff;
platforms = platforms.unix;
};
4 changes: 2 additions & 2 deletions pkgs/games/gnuchess/default.nix
View file
Original file line number Diff line number Diff line change
@@ -3,10 +3,10 @@ let
s = # Generated upstream information
rec {
baseName="gnuchess";
version="6.2.2";
version="6.2.4";
name="${baseName}-${version}";
url="mirror://gnu/chess/${name}.tar.gz";
sha256="1a41ag03q66pwy3pjrmbxxjpzi9fcaiiaiywd7m9v25mxqac2xkp";
sha256="1vw2w3jwnmn44d5vsw47f8y70xvxcsz9m5msq9fgqlzjch15qhiw";
};
buildInputs = [
flex