[Nix-dev] Channel Issues and Security fixes from 2016-12-17 20:12 UTC
Graham Christensen
graham at grahamc.com
Sat Dec 17 21:27:46 CET 2016
****** SPECIAL NOTES ABOUT LETS ENCRYPT ******
Due to the issue with channels mentioned below, LetsEncrypt users are at
risk of expiring certificates. LetsEncrypt's simp_le client was updated,
and part of this change broke the old clients.
The necessary changes are in the 16.09 branch of Nixpkgs, but have not
made it out to the channels.
If your certificates are near expiring, you may need to take action to
resolve this issue. A temporary fix has been sent to the mailing list:
http://lists.science.uu.nl/pipermail/nix-dev/2016-December/022348.html
Due to this, I have cross-posted this message to nix-dev.
****** SPECIAL NOTE ABOUT THE CHANNELS ******
Due to changes in Nix, Hydra, and Nixpkgs, channels have been
substantially delayed in releasing updates.
- nixos-16.09-small is most up to date, with successful builds as
recent as 2 days ago
- nixos-16.09 is about 8 days old
- nixos-unstable is 10 days old
These issues are not currently resolved, and channels aren't currently
moving forward. There are efforts under way to fix the problem.
(a bit) more information can be found here:
https://github.com/NixOS/nixpkgs/issues/21145
****** NORMAL ANNOUNCEMENTS ******
The following issues have been resolved in NixOS in unstable and
release-16.09. They remain potentially vulnerable on older major
releases.
These patches will be released to the unstable and
release-16.09 channels when Hydra finishes building the "tested" job
for each channel:
- https://hydra.nixos.org/job/nixos/release-16.09/tested
- https://hydra.nixos.org/job/nixos/trunk-combined/tested
Please consider helping with the next security roundup by commenting on
https://github.com/NixOS/nixpkgs/issues/21145.
master 16.09 Message Notes
--- --- --- ---
86cf682 237af50 firefox: 50.0.2 -> 50.1.0, firefox-esr: 45.5.1e... n/a
8a7cf06 953889b firefox-bin: 50.0.2 -> 50.1.0 n/a
503c572 c801fdd go_1_6: 1.6.3 -> 1.6.4 for DoS vector n/a
891e391 5c9c1a1 go: 1.7.3 -> 1.7.4 n/a
d1a5dc0 f8bea71 grsecurity: 4.8.12-201612062306 -> 4.8.13-20161... n/a
601058e 632100b grsecurity: 4.8.13-201612082118 -> 4.8.14-20161... n/a
f0e77cd 2d688ed grsecurity: 4.8.14-201612110933 -> 4.8.15-20161... n/a
4fa5237 9d2912e libgsf: 1.14.36 -> 1.14.41 for CVE-2016-9888 n/a
e861a5f a8e2b3e linux: 4.4.36 -> 4.4.37 n/a
f576c49 7bb361e linux: 4.4.37 -> 4.4.38 n/a
cb9ff3f b2040b9 linux: 4.4.38 -> 4.4.39 n/a
bfffbb5 fbd303f linux: 4.8.12 -> 4.8.13 n/a
b69822c 2eba51d linux: 4.8.13 -> 4.8.14 n/a
0e8e4a0 f23dae0 linux: 4.8.14 -> 4.8.15 n/a
7a813d3 f38c537 linux_{4_8,grsec_nixos}: patch to fix build fai... n/a
971ae27 f4d9efc perlPackages.DBDmysql: 4.039 -> 4.041 for CVE-2... n/a
2ec1990 34b6d7d php56: 5.6.28 -> 5.6.29 n/a
c8c6ff4 e1dd3e2 simp_le: bump acme dependency to newer version n/a
1edf951 478fa35 subversion: 1.8.16 -> 1.8.17 n/a
b139b17 b18b055 subversion: 1.9.4 -> 1.9.5 n/a
a26acf9 8851080 torbrowser: 6.0.7 -> 6.0.8 n/a
5cbb0f7 b3ccb69 unzip: patch for CVE-2014-9913 and CVE-2016-9844 n/a
4bc0c87 547a940 xstatic-jquery-ui: 1.11.0.1 -> 1.12.0.1 n/a
8800ea7 b48a510 zabbix22: 2.2.2 -> 2.2.16 for CVE-2016-4338 CVE... n/a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161217/7b331200/attachment-0001.sig>
More information about the nix-dev
mailing list