This update bumps the package to the latest stable version containing a
few security fixes:
- CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type
confusion, allowing for an arbitrary read and write. This leads to
remote code execution inside the sandboxed content process when
triggered.
- CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results in the stack
pointer being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an
exploit inside the sandboxed content process.
Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
This update bumps the package to the latest stable version containing a
few security fixes:
- CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type
confusion, allowing for an arbitrary read and write. This leads to
remote code execution inside the sandboxed content process when
triggered.
- CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results in the stack
pointer being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an
exploit inside the sandboxed content process.
Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
This update bumps the package to the latest stable version containing a
few security fixes:
- CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type
confusion, allowing for an arbitrary read and write. This leads to
remote code execution inside the sandboxed content process when
triggered.
- CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results in the stack
pointer being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an
exploit inside the sandboxed content process.
Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
Before, providers were only built indirectly. Since proviers don't
depend on terraform to build they can be moved into their own collection
of packages. This also has the advantage that they can be reached
directly using an attribute path (Eg: terraform-providers.nixos).
Co-authored-by: Wael Nasreddine <wael.nasreddine@gmail.com>
In a few cases it wasn't clear so I left them as-is.
While visiting these moved other things to nativeBuildInputs
when it was clear they were one of these cases:
* makeWrapper
* archive utilities (in order to unpack src)
* a few of these might no longer be needed but leaving for another day
* needs at least qtgraphicaleffects not mentioned in docs
* doesn't want to use our libqmatrixclient, so let it use bundled
* took a few runs (or perhaps just patience with one) to populate,
when my profile icon appeared it seemed ready-- then click it
to see list of rooms and such.
The patchPhase wasn't being applied at all.
This patch re-enables that and also re-thinks the setting that we want
to have. Turning off the auto-update is more accurate and doesn't lose
information like it did before.
The darwin build fails and other platforms will probably run into
similar issues.
Determining if the Q_WS_QWS exist failed with the following output:
Change Dir: /tmp/nix-build-eiskaltdcpp-2.2.10.drv-0/source/build/CMakeFiles/CMakeTmp
Run Build Command:"/nix/store/qfag24z6xsr6jkyi8gb4cv62rp945rbk-gnumake-4.2.1/bin/make" "cmTC_14e67/fast"
/nix/store/qfag24z6xsr6jkyi8gb4cv62rp945rbk-gnumake-4.2.1/bin/make -f CMakeFiles/cmTC_14e67.dir/build.make CMakeFiles/cmTC_14e67.dir/build
make[1]: Entering directory '/private/tmp/nix-build-eiskaltdcpp-2.2.10.drv-0/source/build/CMakeFiles/CMakeTmp'
Building CXX object CMakeFiles/cmTC_14e67.dir/CheckSymbolExists.cxx.o
/nix/store/2gdwhdzhy4iwkp7fh8v6gy6nxj1zi9pv-clang-wrapper-5.0.2/bin/clang++ -I/nix/store/8dzqilmdr0p3qmmrxh51xk7wli6grm0i-qt-4.8.7/include -F/nix/store/8dzqilmdr0p3qmmrxh51xk7wli6grm0i-qt-4.8.7/lib -std=c++0x -pipe -Wformat -Werror=format-security -arch x86_64 -o CMakeFiles/cmTC_14e67.dir/CheckSymbolExists.cxx.o -c /tmp/nix-build-eiskaltdcpp-2.2.10.drv-0/source/build/CMakeFiles/CMakeTmp/CheckSymbolExists.cxx
/tmp/nix-build-eiskaltdcpp-2.2.10.drv-0/source/build/CMakeFiles/CMakeTmp/CheckSymbolExists.cxx:8:19: error: use of undeclared identifier 'Q_WS_QWS'
return ((int*)(&Q_WS_QWS))[argc];
^
/cc ZHF #45961
Qt 5.11 was downgraded to 5.9 because of two issues:
- spawns errors like
```
qrc:/qml/SignInWaiting.qml:20:9: QML BusyIndicator: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:26:9: QML Text: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:20:9: QML BusyIndicator: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:26:9: QML Text: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:20:9: QML BusyIndicator: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:26:9: QML Text: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:20:9: QML BusyIndicator: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:26:9: QML Text: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:20:9: QML BusyIndicator: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
qrc:/qml/SignInWaiting.qml:26:9: QML Text: Detected anchors on an item that is managed by a layout. This is undefined behavior; use Layout.alignment instead.
```
- Google login doesn't work. It just doesn't start embedded webbrowser