It was found that Quassel could be remotely crashed and had an
unauthenticated RCE vulnerability. The public annoucement can be found
on the oss-sec archive [1]. The bump to 0.12.5 is supposed fixe both issues.
[1] http://seclists.org/oss-sec/2018/q2/77
This should not be needed because they are using `#!/usr/bin/env python` as the shebang and in fact it will break inkscape.x86_64-darwin.
https://hydra.nixos.org/build/73283875/
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/darktable/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3/bin/darktable-cltest help’ got 0 exit code
- ran ‘/nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3/bin/darktable-cmstest -h’ got 0 exit code
- ran ‘/nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3/bin/darktable-cmstest --help’ got 0 exit code
- ran ‘/nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3/bin/darktable-cmstest help’ got 0 exit code
- ran ‘/nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3/bin/.darktable-cmstest-wrapped -h’ got 0 exit code
- ran ‘/nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3/bin/.darktable-cmstest-wrapped --help’ got 0 exit code
- ran ‘/nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3/bin/.darktable-cmstest-wrapped help’ got 0 exit code
- found 2.4.3 with grep in /nix/store/9c4h87rp848ik02prxawwi85qzidjkmz-darktable-2.4.3
- directory tree listing: https://gist.github.com/70f09e7ec3ef4b1bba88d54f066cf9df
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/containerd/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr help’ got 0 exit code
- found 1.1.0 with grep in /nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0
- directory tree listing: https://gist.github.com/7b4a990853acfbf946f8abe02582f41d
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/kid3/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/frn5bzzva0ysc1vk9adf7lwmlqg28br9-kid3-3.6.1/bin/kid3-cli -h’ got 0 exit code
- ran ‘/nix/store/frn5bzzva0ysc1vk9adf7lwmlqg28br9-kid3-3.6.1/bin/kid3-cli --help’ got 0 exit code
- ran ‘/nix/store/frn5bzzva0ysc1vk9adf7lwmlqg28br9-kid3-3.6.1/bin/kid3-cli help’ got 0 exit code
- found 3.6.1 with grep in /nix/store/frn5bzzva0ysc1vk9adf7lwmlqg28br9-kid3-3.6.1
- directory tree listing: https://gist.github.com/b9be08ae08dde4714bfceaebaf277eab
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/ott/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/2lbl8zpp2lrrh9pgh2gnyhimq6i86rl1-ott-0.28/bin/ott --help’ got 0 exit code
- ran ‘/nix/store/2lbl8zpp2lrrh9pgh2gnyhimq6i86rl1-ott-0.28/bin/ott.opt --help’ got 0 exit code
- found 0.28 with grep in /nix/store/2lbl8zpp2lrrh9pgh2gnyhimq6i86rl1-ott-0.28
- directory tree listing: https://gist.github.com/177f63b8c23bae6301ced29fb0e617c4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/smplayer/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/5vy4663v65r0ks1d1jcy0p24m2lk0zmh-smplayer-18.4.0/bin/smplayer -h’ got 0 exit code
- ran ‘/nix/store/5vy4663v65r0ks1d1jcy0p24m2lk0zmh-smplayer-18.4.0/bin/smplayer --help’ got 0 exit code
- found 18.4.0 with grep in /nix/store/5vy4663v65r0ks1d1jcy0p24m2lk0zmh-smplayer-18.4.0
- directory tree listing: https://gist.github.com/25ca7c094ad35c4c5ed4c2c33dfb9be2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/tini/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0/bin/tini -h’ got 0 exit code
- ran ‘/nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0/bin/tini --version’ and found version 0.18.0
- found 0.18.0 with grep in /nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0
- directory tree listing: https://gist.github.com/c992fd0a24dfc0365d6b62ac567d395c
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
The first problem that was introduced in a276d5160c
was a linking error:
ld: cannot find -licui18n
ld: cannot find -licuuc
ld: cannot find -licudata
So I added icu to the buildInputs.
The second problem was that the interpreter wasn't patched in
share/filters, apparently this is only needed when building with
autotools:
make[3]: Entering directory '/build/inkscape-0.92.3/share/filters'
./i18n.py ./filters.svg > ./filters.svg.h
./i18n.py: /usr/bin/env: bad interpreter: No such file or directory
A similar error also occurs for share/palettes, share/patterns,
share/symbols and share/templates, so I added patching the interpreter
there as well.
Switching to autotools in Inkscape is a very bad idea, because upstream
currently still has their own autotools files in the 0.92.x tree but
master already has them removed, see this commit:
e471a664f9
However for the sake of trying to not break Inkscape on Darwin again,
I tried to keep the fixes minimal and not went back to CMake.
I did however mark the stuff that's unneeded for CMake, so that we can
avoid forgetting to remove that crap once we get back to CMake.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @matthewbauer
Otherwise the build fails with the perplexing error
make: *** No rule to make target 'cmd-list.made', needed by 'doc.dep'. Stop.
make: Leaving directory '/tmp/nix-build-git-2.16.3.drv-0/git-2.16.3/Documentation'
on NixOS (but not on Debian, where it succeeds, presumably since it picks up the
system perl).
it's broken, and even after adjusting the derivation to the currently
available downloads it does not run well for me and it is rather
annoying to adjust the derivation to the moving
google-earth-stable_current source download link
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/latte-dock/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/6nvkkskm7j4ngqfy722ajp289gqhg1a9-latte-dock-0.7.5/bin/latte-dock -h’ got 0 exit code
- ran ‘/nix/store/6nvkkskm7j4ngqfy722ajp289gqhg1a9-latte-dock-0.7.5/bin/latte-dock --help’ got 0 exit code
- found 0.7.5 with grep in /nix/store/6nvkkskm7j4ngqfy722ajp289gqhg1a9-latte-dock-0.7.5
- directory tree listing: https://gist.github.com/8f58b4f85d4c80752b6d66e912ce92c0
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/pcmanfm/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/z37gyw9vskaby2caizkzghjd7ikafv64-pcmanfm-1.3.0/bin/pcmanfm -h’ got 0 exit code
- ran ‘/nix/store/z37gyw9vskaby2caizkzghjd7ikafv64-pcmanfm-1.3.0/bin/pcmanfm --help’ got 0 exit code
- ran ‘/nix/store/z37gyw9vskaby2caizkzghjd7ikafv64-pcmanfm-1.3.0/bin/.pcmanfm-wrapped -h’ got 0 exit code
- ran ‘/nix/store/z37gyw9vskaby2caizkzghjd7ikafv64-pcmanfm-1.3.0/bin/.pcmanfm-wrapped --help’ got 0 exit code
- found 1.3.0 with grep in /nix/store/z37gyw9vskaby2caizkzghjd7ikafv64-pcmanfm-1.3.0
- directory tree listing: https://gist.github.com/f15deaa66af5124a632abbca797f7240
Unfortunately, the new version fails its test suite AGAIN when the recommended
packages are not build. Makes one wonder whether maybe we should offer the R
developers CI builds that check this. I've reported the issue upstream, let's
see what happens.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/urh/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/cs9vqxk0xqcpqcs10bbqhq6h7vdbmyny-urh-2.0.2/bin/.urh-wrapped --version’ and found version 2.0.2
- ran ‘/nix/store/cs9vqxk0xqcpqcs10bbqhq6h7vdbmyny-urh-2.0.2/bin/urh --version’ and found version 2.0.2
- found 2.0.2 with grep in /nix/store/cs9vqxk0xqcpqcs10bbqhq6h7vdbmyny-urh-2.0.2
- directory tree listing: https://gist.github.com/fd267c85c4f90f14b9af167c50b169a0
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
