Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: bd72d71be231
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 6f13032b6ec0
Choose a head ref
  • 4 commits
  • 1 file changed
  • 2 contributors

Commits on Feb 23, 2018

  1. zziplib: use postPatch instead of patchPhase

    @flokli
    flokli committed Feb 23, 2018
    Copy the full SHA
    cdf19ab View commit details
    Browse the repository at this point in the history

  2. zziplib: add docbook_xml_dtd_412

    @flokli
    flokli committed Feb 23, 2018
    Copy the full SHA
    ee16fee View commit details
    Browse the repository at this point in the history

  3. zziplib: 0.13.67 -> 0.13.68 

    Bump zziplib to 0.13.68 to fix multiple CVE issues:

 - CVE-2018-6381
 (gdraheim/zziplib@a803559)
 - CVE-2018-6484
 (gdraheim/zziplib#14 (comment))
 - CVE-2018-6540
 (gdraheim/zziplib@72ec933)
 - CVE-2018-6541
 (gdraheim/zziplib#16 (comment))
 - CVE-2018-6542
 (gdraheim/zziplib@931f962)

Unfortunately, getting only those patches is hard, as they're not well
referenced to linked issues. The testsuite checking for vulns
requires network access (so we can't easily test it here).

gdraheim/zziplib#20 might still be an issue,
so keeping this as a TODO here.
    @flokli
    flokli committed Feb 23, 2018
    Copy the full SHA
    9f6a942 View commit details
    Browse the repository at this point in the history

Commits on Feb 24, 2018

  1. Merge pull request #35421 from flokli/CVE-zziplib-0.13.67 

    zziplib: 0.13.67 -> 0.13.68
    @adisbladis
    adisbladis committed Feb 24, 2018
    Copy the full SHA
    6f13032 View commit details
    Browse the repository at this point in the history