e7785f1148
This update bumps the package to the latest stable version containing a few security fixes: - CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
Nixpkgs is a collection of packages for the Nix package manager. It is periodically built and tested by the Hydra build daemon as so-called channels. To get channel information via git, add nixpkgs-channels as a remote:
% git remote add channels https://github.com/NixOS/nixpkgs-channels.git
For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. nixos-18.03 for the latest
release and nixos-unstable for the latest successful build of master:
% git remote update channels
% git rebase channels/nixos-18.03
For pull-requests, please rebase onto nixpkgs master.
NixOS Linux distribution source code is located inside
nixos/ folder.
- NixOS installation instructions
- Documentation (Nix Expression Language chapter)
- Manual (How to write packages for Nix)
- Manual (NixOS)
- Community maintained wiki
- Continuous package builds for unstable/master
- Continuous package builds for 18.03 release
- Tests for unstable/master
- Tests for 18.03 release
Communication: