Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 0ed7328aabc1
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3ac988a5eb04
Choose a head ref
  • 3 commits
  • 4 files changed
  • 1 contributor

Commits on Nov 28, 2017

  1. Merge #31905: samba: security 4.6.8 -> 4.6.11 

    (cherry picked from commit c024f0b)
    @vcunat
    vcunat committed Nov 28, 2017
    Copy the full SHA
    043cbe5 View commit details

  2. Merge #32126: ffmpeg-3.4: fix CVE CVE-2017-16840 

    (cherry picked from commit c917950)
    @vcunat
    vcunat committed Nov 28, 2017
    Copy the full SHA
    db0bb7f View commit details

  3. Merge #32134: pcre2: Patch for CVE-2017-8786 

    (cherry picked from commit e6a7a2e)
    @vcunat
    vcunat committed Nov 28, 2017
    Copy the full SHA
    3ac988a View commit details
10 changes: 9 additions & 1 deletion pkgs/development/libraries/ffmpeg-full/default.nix
View file
Original file line number Diff line number Diff line change
@@ -238,7 +238,15 @@ stdenv.mkDerivation rec {
sha256 = "00nq8ng2p16yb48acargaz1hlp9kq24vfwvkqjlslz4a7864k4x8";
};

patchPhase = ''patchShebangs .
patchPhase = let
cve_2017_16840_patch = (fetchurl{
name = "CVE-2017-16840.patch";
url = "http://git.videolan.org/?p=ffmpeg.git;a=patch;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74";
sha256 = "1rjr9lc71cyy43wsa2zxb9ygya292h9jflvr5wk61nf0vp97gjg3";
});
in
'' patch -p1 < ${cve_2017_16840_patch}
patchShebangs .
'' + stdenv.lib.optionalString stdenv.isDarwin ''
sed -i 's/#ifndef __MAC_10_11/#if 1/' ./libavcodec/audiotoolboxdec.c
'' + stdenv.lib.optionalString (frei0r != null) ''
11 changes: 10 additions & 1 deletion pkgs/development/libraries/ffmpeg/3.3.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, callPackage
{ stdenv, callPackage, fetchpatch
# Darwin frameworks
, Cocoa, CoreMedia
, ...
@@ -9,4 +9,13 @@ callPackage ./generic.nix (args // rec {
branch = "3.3.5";
sha256 = "02h6y5sadqmci2ssalaxg65wa69ldscj05311zym8zijibzlqhqv";
darwinFrameworks = [ Cocoa CoreMedia ];

patches = [
(fetchpatch{
name = "CVE-2017-16840.patch";
url = "http://git.videolan.org/?p=ffmpeg.git;a=patch;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74";
sha256 = "1rjr9lc71cyy43wsa2zxb9ygya292h9jflvr5wk61nf0vp97gjg3";
})
];

})
7 changes: 7 additions & 0 deletions pkgs/development/libraries/pcre2/default.nix
View file
Original file line number Diff line number Diff line change
@@ -29,6 +29,13 @@ stdenv.mkDerivation rec {
stripLen = 2;
addPrefixes = true;
})
(fetchpatch {
name = "CVE-2017-8786.patch";
url = "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692&r2=697&view=patch";
sha256 = "1c629nzrk4il2rfclwyc1a373q58m4q9ys9wr91zhl4skfk7x19b";
stripLen = 2;
addPrefixes = true;
})
];

outputs = [ "bin" "dev" "out" "doc" "man" "devdoc" ];
4 changes: 2 additions & 2 deletions pkgs/servers/samba/4.x.nix
View file
Original file line number Diff line number Diff line change
@@ -19,11 +19,11 @@ with lib;

stdenv.mkDerivation rec {
name = "samba-${version}";
version = "4.6.8";
version = "4.6.11";

src = fetchurl {
url = "mirror://samba/pub/samba/stable/${name}.tar.gz";
sha256 = "0pap686cl0j5c9v1v09krpqdk416x3851fbcap5ysp1zajrfw7aq";
sha256 = "07gd41y4ajdiansfqa8c5wvrincgddfzyfgh1pf7g388zaq7l6q5";
};

outputs = [ "out" "dev" "man" ];