pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #13513 from grahamc/omnibus-cves

Several CVEs

Franz Pletz bc4dbca2 f7167648

+36 -22
unified split
+5 -5
nixos/modules/services/web-servers/apache-httpd/moodle.nix
··· 46 46 ''; 47 47 # Unpack Moodle and put the config file in its root directory. 48 48 moodleRoot = pkgs.stdenv.mkDerivation rec { 49 - name= "moodle-2.8.5"; 49 + name= "moodle-2.8.10"; 50 50 51 51 src = pkgs.fetchurl { 52 52 url = "https://download.moodle.org/stable28/${name}.tgz"; 53 - sha256 = "1a159a193010cddedce10ee009184502e6f732e4d7c85167d8597fe5dff9e190"; 53 + sha256 = "0c3r5081ipcwc9s6shakllnrkd589y2ln5z5m1q09l4h6a7cy4z2"; 54 54 }; 55 55 56 56 buildPhase = 57 57 '' 58 - ''; 58 + ''; 59 59 60 60 installPhase = 61 61 '' ··· 132 132 cleartext in the Nix store! 133 133 ''; 134 134 }; 135 - 135 + 136 136 dbPrefix = mkOption { 137 137 default = "mdl_"; 138 138 example = "my_other_mdl_"; ··· 158 158 type = types.path; 159 159 }; 160 160 161 - 161 + 162 162 extraConfig = mkOption { 163 163 default = ""; 164 164 example =
+3 -3
pkgs/applications/graphics/PythonMagick/default.nix
··· 2 2 3 3 let 4 4 5 - version = "0.9.11"; 5 + version = "0.9.12"; 6 6 7 7 in 8 8 ··· 10 10 name = "pythonmagick-${version}"; 11 11 12 12 src = fetchurl { 13 - url = "http://www.imagemagick.org/download/python/releases/PythonMagick-${version}.tar.gz"; 14 - sha256 = "01z01mlqkk0lvrh2jsmf84qjw29sq4rpj0653x7nqy7mrszwwp2v"; 13 + url = "http://www.imagemagick.org/download/python/releases/PythonMagick-${version}.tar.xz"; 14 + sha256 = "1l1kr3d7l40fkxgs6mrlxj65alv2jizm9hhgg9i9g90a8qj8642b"; 15 15 }; 16 16 17 17 buildInputs = [python boost pkgconfig imagemagick];
+3 -1
pkgs/applications/graphics/xara/default.nix
··· 8 8 url = http://downloads2.xara.com/opensource/XaraLX-0.7r1785.tar.bz2; 9 9 sha256 = "05xbzq1i1vw2mdsv7zjqfpxfv3g1j0g5kks0gq6sh373xd6y8lyh"; 10 10 }; 11 - 11 + 12 12 nativeBuildInputs = [ automake pkgconfig gettext perl zip ]; 13 13 buildInputs = [ wxGTK gtk libxml2 freetype pango ]; 14 14 ··· 17 17 patches = map fetchurl (import ./debian-patches.nix); 18 18 19 19 prePatch = "patchShebangs Scripts"; 20 + 21 + meta.broken = true; 20 22 }
+1 -1
pkgs/applications/networking/mailreaders/thunderbird/default.nix
··· 13 13 enableOfficialBranding ? false 14 14 }: 15 15 16 - let version = "38.3.0"; in 16 + let version = "38.6.0"; in 17 17 let verName = "${version}"; in 18 18 19 19 stdenv.mkDerivation rec {
+4 -4
pkgs/applications/version-management/git-and-tools/cgit/default.nix
··· 5 5 6 6 stdenv.mkDerivation rec { 7 7 name = "cgit-${version}"; 8 - version = "0.11.2"; 8 + version = "0.12"; 9 9 10 10 src = fetchurl { 11 11 url = "http://git.zx2c4.com/cgit/snapshot/${name}.tar.xz"; 12 - sha256 = "0fryh56kyah7v9a8zzhbhwlyy2j116w87sxmgrn2kmwk0rvnw4if"; 12 + sha256 = "1dx54hgfyabmg9nm5qp6d01f54nlbqbbdwhwl0llb9imjf237qif"; 13 13 }; 14 14 15 15 # cgit is tightly coupled with git and needs a git source tree to build. ··· 18 18 # NOTE: as of 0.10.1, the git version is compatible from 1.9.0 to 19 19 # 1.9.2 (see the repository history) 20 20 gitSrc = fetchurl { 21 - url = "mirror://kernel/software/scm/git/git-2.3.2.tar.xz"; 22 - sha256 = "09gqijsjfnxlbsxbxzlvllg37bfs9f4jwa2plqsanmba09i89sqq"; 21 + url = "mirror://kernel/software/scm/git/git-2.7.0.tar.xz"; 22 + sha256 = "03bvb8s5j8i54qbi3yayl42bv0wf2fpgnh1a2lkhbj79zi7b77zs"; 23 23 }; 24 24 25 25 buildInputs = [
+2 -1
pkgs/development/libraries/jasper/default.nix
··· 9 9 }; 10 10 11 11 patches = [ 12 + ./jasper-CVE-2016-1867.diff 12 13 ./jasper-CVE-2014-8137-variant2.diff 13 14 ./jasper-CVE-2014-8137-noabort.diff 14 15 ./jasper-CVE-2014-8138.diff ··· 21 22 propagatedBuildInputs = [ libjpeg ]; 22 23 23 24 configureFlags = "--enable-shared"; 24 - 25 + 25 26 meta = { 26 27 homepage = https://www.ece.uvic.ca/~frodo/jasper/; 27 28 description = "JPEG2000 Library";
+11
pkgs/development/libraries/jasper/jasper-CVE-2016-1867.diff
··· 1 + --- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c 2007-01-19 22:43:07.000000000 +0100 2 + +++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c 2016-01-14 14:22:24.569056412 +0100 3 + @@ -429,7 +429,7 @@ 4 + } 5 + 6 + for (pi->compno = pchg->compnostart, pi->picomp = 7 + - &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, 8 + + &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, 9 + ++pi->picomp) { 10 + pirlvl = pi->picomp->pirlvls; 11 + pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
+3 -3
pkgs/development/libraries/libbsd/default.nix
··· 1 1 { stdenv, fetchurl }: 2 2 3 - let name = "libbsd-0.7.0"; 3 + let name = "libbsd-0.8.2"; 4 4 in stdenv.mkDerivation { 5 5 inherit name; 6 6 7 7 src = fetchurl { 8 8 url = "http://libbsd.freedesktop.org/releases/${name}.tar.xz"; 9 - sha256 = "1fqhbi0vd6xjxazf633x388cc8qyn58l78704s0h6k63wlbhwfqg"; 9 + sha256 = "02i5brb2007sxq3mn862mr7yxxm0g6nj172417hjyvjax7549xmj"; 10 10 }; 11 11 12 12 patchPhase = '' ··· 15 15 --replace "{exec_prefix}" "{prefix}" 16 16 ''; 17 17 18 - meta = { 18 + meta = { 19 19 description = "Common functions found on BSD systems"; 20 20 homepage = http://libbsd.freedesktop.org/; 21 21 license = stdenv.lib.licenses.bsd3;
+2 -2
pkgs/development/libraries/mbedtls/default.nix
··· 1 1 { stdenv, fetchurl, perl }: 2 2 3 3 stdenv.mkDerivation rec { 4 - name = "mbedtls-1.3.14"; 4 + name = "mbedtls-1.3.16"; 5 5 6 6 src = fetchurl { 7 7 url = "https://polarssl.org/download/${name}-gpl.tgz"; 8 - sha256 = "1y3gr3kfai3d13j08r4pv42sh47nbfm4nqi9jq8c9d06qidr2xmy"; 8 + sha256 = "f413146c177c52d4ad8f48015e2fb21dd3a029ca30a2ea000cbc4f9bd092c933"; 9 9 }; 10 10 11 11 nativeBuildInputs = [ perl ];
+2 -2
pkgs/servers/sql/mysql/5.5.x.nix
··· 4 4 5 5 stdenv.mkDerivation rec { 6 6 name = "mysql-${version}"; 7 - version = "5.5.45"; 7 + version = "5.5.48"; 8 8 9 9 src = fetchurl { 10 10 url = "mirror://mysql/MySQL-5.5/${name}.tar.gz"; 11 - sha256 = "0clkr3r44j8nsgmjzv6r09pb0vjangn5hpyjxgg5ynr674ygskkl"; 11 + sha256 = "10fpzvf6hxvqgaq8paiz8fvhcbbs4qnzqw0svq40bvlyhx2qfgyc"; 12 12 }; 13 13 14 14 patches = if stdenv.isCygwin then [