Skip to content
Permalink
Browse files

Merge branch 'staging-19.03' into release-19.03

  • Loading branch information
vcunat committed Jan 14, 2020
2 parents c8db7a8 + 9aa361c commit 8818bed7716f713fc1afb9bc615b5594439a551a
@@ -28,6 +28,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/GNUAspell/aspell/commit/8089fa02122fed0a.diff";
sha256 = "1b3p1zy2lqr2fknddckm58hyk95hw4scf6hzjny1v9iaic2p37ix";
})
(fetchpatch {
name = "CVE-2019-17544.patch";
url = "https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e.patch";
sha256 = "0k5dnh8gcb7chnyx7jgkksqmz2hm05hmrvcd0znsfib975pvp4rg";
})
] ++ stdenv.lib.optional searchNixProfiles ./data-dirs-from-nix-profiles.patch;

postPatch = ''
@@ -27,6 +27,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/fribidi/fribidi/pull/88.patch";
sha256 = "1n4l6333vhbxfckwg101flmvq6bbygg66fjp69ddcjqaqb6gh9k9";
})
(fetchpatch {
name = "CVE-2019-18397.patch";
url = "https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568.patch";
sha256 = "102xrbf1l5gvavkxd6csx8pj3rlgcw10c0y4h4d40yhn84b1p0y8";
})
];

postPatch = ''
@@ -120,8 +120,8 @@ let
in {

openssl_1_0_2 = common {
version = "1.0.2t";
sha256 = "1g67ra0ph7gpz6fgvv1i96d792jmd6ymci5kk53vbikszr74djql";
version = "1.0.2u";
sha256 = "ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16";
patches = [
./1.0.2/nix-ssl-cert-file.patch

@@ -9,6 +9,7 @@
, pretend
, flaky
, glibcLocales
, fetchpatch
}:

with stdenv.lib;
@@ -64,6 +65,27 @@ buildPythonPackage rec {
runHook postCheck
'';

patches = [
# 4 patches for 2020 bug
# https://github.com/pyca/pyopenssl/pull/828
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/0d2fd1a24b30077ead6960bd63b4a9893a57c101.patch;
sha256 = "1c27g53qrwxddyx04sxf8yvj7xgbaabla7mc1cgbfd426rncbqf3";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/d08a742573c3205348a4eec9a65abaf6c16110c4.patch;
sha256 = "18xn8s1wpycz575ivrbsbs0qd2q48z8pdzsjzh8i60xba3f8yj2f";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/60b9e10e6da7ccafaf722def630285f54510ed12.patch;
sha256 = "0aw8qvy8m0bhgp39lmbcrpprpg4bhpssm327hyrk476wwgajk01j";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/7a37cc23fcbe43abe785cd4badd14bdc7acfb175.patch;
sha256 = "1c7zb568rs71rsl16p6dq7aixwlkgzfnba4vzmfvbmy3zsnaslq2";
})
];

# Seems to fail unpredictably on Darwin. See http://hydra.nixos.org/build/49877419/nixlog/1
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
doCheck = !stdenv.isDarwin;

0 comments on commit 8818bed

Please sign in to comment.
You can’t perform that action at this time.