Merge pull request #182834 from mayflower/security-fixes

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Security fixes

authored by

Maximilian Bosch and committed by

GitHub 3 years ago 7be3a05e db04e3c1

+8 -3

3 changed files

expand all

pkgs

applications

editors

vim

common.nix

virtualization

qemu

default.nix

tools

misc

grub

2.0x.nix

+2 -2

pkgs/applications/editors/vim/common.nix

··· 1 1 { lib, fetchFromGitHub }: 2 2 rec { 3 - version = "9.0.0001"; 3 + version = "9.0.0057"; 4 4 5 5 src = fetchFromGitHub { 6 6 owner = "vim"; 7 7 repo = "vim"; 8 8 rev = "v${version}"; 9 - sha256 = "sha256-WnMm3q5Stn3s33rxQt76goURSa1Rq+jMVWYiS+uJTX0="; 9 + sha256 = "sha256-KEEuWRxattBrOAC0dWnWGRVqyOIEMe34ivMvSeuxKyA"; 10 10 }; 11 11 12 12 enableParallelBuilding = true;

pkgs/applications/virtualization/qemu/default.nix

··· 121 121 url = "https://gitlab.com/qemu/qemu/-/commit/f5643914a9e8f79c606a76e6a9d7ea82a3fc3e65.patch"; 122 122 sha256 = "sha256-8i13wU135h+YxoXFtkXweBN3hMslpWoNoeQ7Ydmn3V4="; 123 123 }) 124 + (fetchpatch { 125 + name = "CVE-2022-35414.patch"; 126 + url = "https://gitlab.com/qemu-project/qemu/-/commit/418ade7849ce7641c0f7333718caf5091a02fd4c.patch"; 127 + sha256 = "sha256-zQHDXedIXZBnabv4+3TA4z5mY1+KZiPmqUbhaSkGLgA="; 128 + }) 124 129 ] 125 130 ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch; 126 131

+1 -1

pkgs/tools/misc/grub/2.0x.nix

··· 67 67 68 68 # Pull upstream patch to fix linkage against binutils-2.36. 69 69 (fetchpatch { 70 - name = "binutils-2.36"; 70 + name = "binutils-2.36.patch"; 71 71 url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701"; 72 72 sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82"; 73 73 })