| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Merge pull request #49550 from c0bw3b/sec/1803/openjpeg•••[18.03] openjpeg: adding patch for CVE-2018-7648origin/staging-18.03gitlab.intr/staging-18.03 | Renaud | 2018-11-06 | 1 | -0/+8 |
| |\ |
|
| | * | openjpeg: adding patch for CVE-2018-7648 | Timon Stampfli | 2018-10-31 | 1 | -0/+8 |
| |/ |
|
| * | Merge pull request #47926 from edef1c/git-2.16.5•••git: 2.16.4 -> 2.16.5 (CVE-2018-17456) | Andreas Rammhold | 2018-10-05 | 1 | -2/+2 |
| |\ |
|
| | * | git: 2.16.4 -> 2.16.5 (CVE-2018-17456) | edef | 2018-10-05 | 1 | -2/+2 |
| |/ |
|
| * | Merge pull request #47881 from primeos/security-backports-for-18.03•••[18.03] fscrypt: 0.2.3 -> 0.2.4 (security, CVE-2018-6558) | Michael Weiss | 2018-10-04 | 1 | -4/+4 |
| |\ |
|
| | * | fscrypt: Fix the build (requires Go 1.10) | Michael Weiss | 2018-10-04 | 1 | -2/+2 |
| | * | fscrypt: 0.2.3 -> 0.2.4 (security, CVE-2018-6558)•••(cherry picked from commit 4f519e5dc8d41acfc31ded7b1bbb46b55aa23e3a)
Reason: Security update: "The pam_fscrypt module in fscrypt before 0.2.4
may incorrectly restore primary and supplementary group IDs to the
values associated with the root user, which allows attackers to gain
privileges via a successful login through certain applications that use
Linux-PAM (aka pam)."
| Michael Weiss | 2018-10-04 | 1 | -2/+2 |
| * | | Merge pull request #47873 from primeos/security-backports-for-18.03•••Minor security backports (Jekyll and Gollum) for 18.03. | Michael Weiss | 2018-10-04 | 9 | -168/+208 |
| |\| |
|
| | * | jekyll: 3.7.3 -> 3.7.4 (security)•••Reason: Security update: "fix include bypass of EntryFilter#filter
symlink check".
| Michael Weiss | 2018-10-04 | 6 | -120/+116 |
| | * | gollum: 4.1.3 -> 4.1.4 (security, CVE-2018-3740)•••(cherry picked from commit 18b468ed8186131d5a8a6590ff10253e12d0195a)
Reason: Security update: "Depend on new version of gollum-lib that
relies on a patched version of sanitize, which solves a vulnerability
(CVE-2018-3740). See https://github.com/gollum/gollum-lib/pull/296."
| Michael Weiss | 2018-10-04 | 2 | -11/+11 |
| | * | gollum: 4.1.2 -> 4.1.3•••(cherry picked from commit 265c5fc485267a2be8ca5d555bc247766bc72dbc)
Reason: Security update: "Solves a vulnerability in the File view and
All Pages view that would allow XSS."
| Michael Weiss | 2018-10-04 | 3 | -44/+88 |
| * | | Merge pull request #47761 from andir/18.03/thunderbird•••[18.03] thunderbird: 52.9.0 -> 60, thunderbird-bin: 52.9.0 -> 60 | Andreas Rammhold | 2018-10-04 | 2 | -276/+283 |
| |\ \ |
|
| | * | | thunderbird: 60.0 -> 60.2.1 | taku0 | 2018-10-03 | 1 | -4/+14 |
| | * | | thunderbird: 52.9.0 -> 60.0•••This is a port of the current state of thunderbird from the master
branch. We did miss a bunch of security fixes when thunderbird 60 was
released. This is an attempt to take a shortcut by simply copying over
the expression from the master branch.
Security related fixes in this release are:
- CVE-2018-12359: Buffer overflow using computed size of canvas element
A buffer overflow can occur when rendering canvas content while
adjusting the height and width of the <canvas> element dynamically,
causing data to be written outside of the currently computed
boundaries. This results in a potentially exploitable crash.
- CVE-2018-12360: Use-after-free when using focus()
A use-after-free vulnerability can occur when deleting an input
element during a mutation event handler triggered by focusing that
element. This results in a potentially exploitable crash.
- CVE-2018-12361: Integer overflow in SwizzleData
An integer overflow can occur in the SwizzleData code while
calculating buffer sizes. The overflowed value is used for subsequent
graphics computations when their inputs are not sanitized which
results in a potentially exploitable crash.
- CVE-2018-12362: Integer overflow in SSSE3 scaler
An integer overflow can occur during graphics operations done by the
Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in
a potentially exploitable crash.
- CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
A vulnerability can occur when capturing a media stream when the media
source type is changed as the capture is occuring. This can result in
stream data being cast to the wrong type causing a potentially
exploitable crash.
- CVE-2018-12363: Use-after-free when appending DOM nodes
A use-after-free vulnerability can occur when script uses mutation
events to move DOM nodes between documents, resulting in the old
document that held the node being freed but the node still having a
pointer referencing it. This results in a potentially exploitable
crash.
- CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin
requests, bypassing CORS by making a same-origin POST that does a 307
redirect to the target site. This allows for a malicious site to
engage in cross-site request forgery (CSRF) attacks.
- CVE-2018-12365: Compromised IPC child process can list local filenames
A compromised IPC child process can escape the content sandbox and
list the names of arbitrary files on the file system without user
consent or interaction. This could result in exposure of private local
files.
- CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
An integer overflow vulnerability in the Skia library when allocating
memory for edge builders on some systems with at least 16 GB of RAM.
This results in the use of uninitialized memory, resulting in a
potentially exploitable crash.
- CVE-2018-12366: Invalid data handling during QCMS transformations
An invalid grid size during QCMS (color profile) transformations can
result in the out-of-bounds read interpreted as a float value. This
could leak private data into the output.
- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
In the previous mitigations for Spectre, the resolution or precision
of various methods was reduced to counteract the ability to measure
precise time intervals. In that work, PerformanceNavigationTiming was
not adjusted but it was found that it could be used as a precision
timer.
- CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
Mozilla developers and community members Christian Holler, Sebastian
Hengst, Nils Ohlmeier, Jon Coppeard, Randell Jesup, Ted Campbell, Gary
Kwong, and Jean-Yves Avenard reported memory safety bugs present in
Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort that some of
these could be exploited to run arbitrary code.
- CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60
Mozilla developers and community members Alex Gaynor, Christoph Diehl,
Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B.
Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory
safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR
52.8. Some of these bugs showed evidence of memory corruption and we
presume that with enough effort that some of these could be exploited
to run arbitrary code.
| Andreas Rammhold | 2018-10-03 | 1 | -19/+26 |
| | * | | thunderbird-bin: 52.9.0 -> 60.2.1•••(cherry picked from commit d4de3b2d34100c3253f18b3404bfe041197324ef)
| taku0 | 2018-10-03 | 1 | -255/+245 |
| * | | | linux: 4.14.73 -> 4.14.74•••(cherry picked from commit 575c118a6469cd2148ed3092de90f0d8d3aaec53)
| Tim Steinbach | 2018-10-03 | 1 | -2/+2 |
| * | | | linux: 4.9.130 -> 4.9.131•••(cherry picked from commit e6ff57b328e913ae656e038a819b12926eadd230)
| Tim Steinbach | 2018-10-03 | 1 | -2/+2 |
| |/ / |
|
| * | | Merge pull request #47713 from andir/18.03/firefox•••[18.03] firefox{-bin,}: 62.0.2 -> 62.0.3, firefox-esr-60: 60.2.1 -> 60.2.2 | Andreas Rammhold | 2018-10-03 | 2 | -401/+401 |
| |\ \ |
|
| | * | | firefox-esr-60: 60.2.1 -> 60.2.2 [critical security fixes]•••This update bumps the package to the latest stable version containing a
few security fixes:
- CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type
confusion, allowing for an arbitrary read and write. This leads to
remote code execution inside the sandboxed content process when
triggered.
- CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results in the stack
pointer being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an
exploit inside the sandboxed content process.
Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
(cherry picked from commit 246d2848ff657d56fcf2d8596709e8869ce8616a)
| Andreas Rammhold | 2018-10-03 | 1 | -2/+2 |
| | * | | firefox: 62.0.2 -> 62.0.3 [critical security fixes]•••This update bumps the package to the latest stable version containing a
few security fixes:
- CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type
confusion, allowing for an arbitrary read and write. This leads to
remote code execution inside the sandboxed content process when
triggered.
- CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results in the stack
pointer being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an
exploit inside the sandboxed content process.
Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
(cherry picked from commit e7785f1148a8d9535b320eef4aa2d8cd8b64c400)
| Andreas Rammhold | 2018-10-03 | 1 | -2/+2 |
| | * | | firefox-bin: 62.0.2 -> 62.0.3 [critical security fixes]•••This update bumps the package to the latest stable version containing a
few security fixes:
- CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type
confusion, allowing for an arbitrary read and write. This leads to
remote code execution inside the sandboxed content process when
triggered.
- CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results in the stack
pointer being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an
exploit inside the sandboxed content process.
Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
(cherry picked from commit 64d02660cb832ceaf1e3fe88c9c3e9a27609cbd4)
| Andreas Rammhold | 2018-10-03 | 1 | -397/+397 |
| |/ / |
|
| * | | haskell: fix x509-system on mojave•••darwin.security_tool is currently broken in Mojave. See issue #45042
for more info. Our security_tool stuff comes from 10.9 so I suspect
that it needs an update.
Here I am putting in a hack to get things working again. This uses the
system provided security binary at /usr/bin/security to avoid the
issue in Haskell’s x509-system package. Unfortunately, this will break
with the sandbox. I am also working on a proper fix, but this requires
updating lots of Apple stuff (and also copumpkin’s new CF). You can
follow the progress on this branch:
https://github.com/matthewbauer/nixpkgs/tree/xcode-security
This commit should be backported to release-18.03 and release-18.09.
/cc @copumpkin @lnl7 @pikajude
| Matthew Bauer | 2018-10-02 | 1 | -1/+9 |
| * | | linux: 4.14.72 -> 4.14.73•••(cherry picked from commit 00e57782bcf0f57ebea3200b51769b2c6f28b599)
| Tim Steinbach | 2018-09-29 | 1 | -2/+2 |
| * | | linux: 4.9.129 -> 4.9.130•••(cherry picked from commit 74f56e14d932fa1d964cff5a0f85bda5e0e3cd34)
| Tim Steinbach | 2018-09-29 | 1 | -2/+2 |
| * | | linux: 4.4.158 -> 4.4.159•••(cherry picked from commit 7769fd6a80a5ac8a1ea7d50749eaeae2263cb92e)
| Tim Steinbach | 2018-09-29 | 1 | -2/+2 |
| * | | linux: 4.14.71 -> 4.14.72•••(cherry picked from commit 61452c82aed78741a20c93f6c7ae1a86d06a86f0)
| Tim Steinbach | 2018-09-26 | 1 | -2/+2 |
| * | | linux: 4.9.128 -> 4.9.129•••(cherry picked from commit 8e4d980904ca333d116a157a30069b9f8f6085c6)
| Tim Steinbach | 2018-09-26 | 1 | -2/+2 |
| * | | linux: 4.4.157 -> 4.4.158•••(cherry picked from commit 656ca2296c803dbb8dda2bbf67b18282380a5daa)
| Tim Steinbach | 2018-09-26 | 1 | -2/+2 |
| * | | Merge pull request #47288 from 1000101/release-18.03•••trezord: 2.0.12 -> 2.0.19 and nixos/trezord: revised and updated udev rules | Michael Raskin | 2018-09-24 | 3 | -13/+17 |
| |\ \ |
|
| | * | | nixos/trezord: revised and updated udev rules | 1000101 | 2018-09-24 | 1 | -8/+7 |
| | * | | trezord: 2.0.12 -> 2.0.19 | 1000101 | 2018-09-24 | 1 | -5/+5 |
| | * | | add myself 1000101 as maintainer | 1000101 | 2018-09-24 | 1 | -0/+5 |
| * | | | Merge pull request #47276 from andir/18.03/firefox•••[18.03] firefox, firefox-bin 62.0 -> 62.0.2, firefox-esr: 60.2.0esr -> 60.2.1esr [Moderate security fixes] | Andreas Rammhold | 2018-09-24 | 2 | -401/+401 |
| |\ \ \
| |/ /
|/| | |
|
| | * | | firefox-esr: 60.2.0esr -> 60.2.1esr•••(cherry picked from commit e5778a9991194f19c78968ea0f71cb27313595ed)
| taku0 | 2018-09-24 | 1 | -2/+2 |
| | * | | firefox: 62.0 -> 62.0.2•••(cherry picked from commit da9823672fb0474c82dcf7417535e2fd20219586)
| taku0 | 2018-09-24 | 1 | -2/+2 |
| | * | | firefox-bin: 62.0 -> 62.0.2•••(cherry picked from commit 5b79f81a39130d26785ed16ca82a5c9c910c2638)
| taku0 | 2018-09-24 | 1 | -397/+397 |
| * | | | Merge pull request #47227 from flokli/php-mysql-sock-18.03•••php: set mysql socket path if mysql[i] or pdo_mysql support is enabled | Jörg Thalheim | 2018-09-24 | 1 | -3/+6 |
| |\ \ \ |
|
| | * | | | php: set mysql socket path if mysql[i] or pdo_mysql support is enabled•••PHP tries to discover the mysql default socket path during configure
phase by probing the file system:
https://github.com/php/php-src/blob/cf3b852109a88a11370d0207cd3b72a53b6a64c3/ext/mysqli/config.m4#L4
This obviously fails to discover /run/mysqld/mysqld.sock, which is being
used (hardcoded) across all MySQL flavours.
This leads to PHP having no mysql socket path set for the mysql[i]
extensions, and `/tmp/mysql.sock` set for pdo_mysql,
meaning one currently has to manually configure and set it in php.ini.
Luckily, PHP supports setting that path via
`--with-mysql-sock=/run/mysqld/mysqld.sock` during configure phase,
so let's do this as soon as one of the three modules is enabled.
(cherry picked from commit baa04e4204b80225c5086611f305a0c412dc9967)
| Florian Klink | 2018-09-23 | 1 | -3/+6 |
| | | |/
| |/| |
|
| * / | | libsndfile: Add patch for CVE-2018-13139 (#47160)•••(cherry picked from commit fcde178ed5f76626d57b3b02848f2fedf5fd9928)
| Andrew Dunham | 2018-09-23 | 1 | -0/+5 |
| |/ / |
|
| * | | haskellPackages.sbv: fix location of z3 executable•••A lot of the functionality of the z3 library depends on it being able to
find the z3 executable on $PATH. Hard-coding it here means it will never
be unable to find it and z3 doesn't need to pollute $PATH.
(cherry picked from commit c8598daad4dee3d15e312608b56ce50532830c90)
Signed-off-by: Austin Seipp <aseipp@pobox.com>
| Nathan van Doorn | 2018-09-20 | 1 | -0/+6 |
| * | | bitcoin: 0.16.2 -> 0.16.3 (#46891)•••(cherry picked from commit fab901ddd3d034c53901c640d9787c0794d1bcad)
security: fixes CVE-2018-17144
| roconnor | 2018-09-21 | 1 | -2/+2 |
| * | | bitcoin: 0.16.1 -> 0.16.2•••(cherry picked from commit 75d567e8a5089540cb88adc55490f909c03ad372)
| Russell O'Connor | 2018-09-21 | 1 | -2/+2 |
| * | | altcoins.bitcoin: 0.16.0 -> 0.16.1•••Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/bitcoin/versions.
These checks were done:
- built on NixOS
- /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1/bin/bitcoind passed the binary check.
- /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1/bin/bitcoin-cli passed the binary check.
- /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1/bin/bitcoin-tx passed the binary check.
- /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1/bin/test_bitcoin passed the binary check.
- /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1/bin/bench_bitcoin passed the binary check.
- Warning: no invocation of /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1/bin/bitcoin-qt had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1/bin/test_bitcoin-qt had a zero exit code or showed the expected version
- 5 of 7 passed binary check by having a zero exit code.
- 0 of 7 passed binary check by having the new version present in output.
- found 0.16.1 with grep in /nix/store/5fjv944ikyak1s83624ay8i9h4gbs2c0-bitcoin-0.16.1
- directory tree listing: https://gist.github.com/a5e5d745910497ae913d4577342deba5
- du listing: https://gist.github.com/5f62bec50f6ab977a25c8ee0f118cb10
(cherry picked from commit 77f3ac7b7638b33ab198330eaabbd6e0a2e751a9)
| R. RyanTM | 2018-09-21 | 1 | -2/+2 |
| * | | Merge pull request #46801 from vaibhavsagar/bump-all-cabal-hashes-18.03•••all-cabal-hashes: update snapshot to Hackage at 2018-09-12T08:26:27Z | Peter Simons | 2018-09-20 | 1 | -2/+2 |
| |\ \ |
|
| | * | | all-cabal-hashes: update snapshot to Hackage at 2018-09-12T08:26:27Z•••(cherry picked from commit ee6ecb0eafd65637140c898ae563a2d2c0f530d2)
| Peter Simons | 2018-09-17 | 1 | -2/+2 |
| * | | | linux: 4.14.70 -> 4.14.71•••(cherry picked from commit 1c620c669655c1aa7a101a7fafba7327a60293c1)
| Tim Steinbach | 2018-09-20 | 1 | -2/+2 |
| * | | | linux: 4.9.127 -> 4.9.128•••(cherry picked from commit 172e43335443b15ba25989759eb4085bed55542a)
| Tim Steinbach | 2018-09-20 | 1 | -2/+2 |
| * | | | linux: 4.4.156 -> 4.4.157•••(cherry picked from commit 9d678ecf88ee0691cd85d348a790802239faaa10)
| Tim Steinbach | 2018-09-20 | 1 | -2/+2 |
| | |/
|/| |
|
| * | | python/hetzner: 0.8.0 -> 0.8.1•••This is only a minor bugfix release and updates the fallback CA root
certificates. For NixOS this is usually not required as the probe paths
will match there, but for non-NixOS users it might be helpful.
Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit 48d1c50f7ab8da79b24e567e546e876dd602c106)
Reason: This might be relevant for NixOps users on Mac OS X and the
update won't break anything that wasn't broken before.
| aszlig | 2018-09-19 | 1 | -2/+2 |
| * | | Merge pull request #46772 from srhb/backport-skype-bump•••Backport 18.03: skypeforlinux: 8.24.0.2 -> 8.28.0.41 | Jörg Thalheim | 2018-09-18 | 1 | -2/+2 |
| |\ \
| |/
|/| |
|
