Loading pkgs/by-name/qu/quickjs-ng/package.nix +2 −21 Original line number Diff line number Diff line Loading @@ -2,7 +2,6 @@ lib, cmake, fetchFromGitHub, fetchpatch, stdenv, testers, texinfo, Loading @@ -10,33 +9,15 @@ stdenv.mkDerivation (finalAttrs: { pname = "quickjs-ng"; version = "0.11.0"; version = "0.13.0"; src = fetchFromGitHub { owner = "quickjs-ng"; repo = "quickjs"; tag = "v${finalAttrs.version}"; hash = "sha256-Mb0YyxTWU6a8HFTVBmlJ5yGEDmjKXHqTSszAvb8Y01U="; hash = "sha256-t1GvD1iBRfJwzZHoLxMbE2Gh1Ow8v0ZASxCVnOT7ST4="; }; patches = [ # CVE-2026-1145: Fix heap buffer overflow in js_typed_array_constructor_ta # https://github.com/quickjs-ng/quickjs/issues/1305 (fetchpatch { name = "CVE-2026-1145.patch"; url = "https://github.com/quickjs-ng/quickjs/commit/53aebe66170d545bb6265906fe4324e4477de8b4.patch"; hash = "sha256-PObMEqIush07mQ7YcoFUJ3rXitOlEU0tCsgVi6P2zW0="; }) # CVE-2026-1144: Fix OOB access in atomic ops # https://github.com/quickjs-ng/quickjs/issues/1301 # https://github.com/quickjs-ng/quickjs/issues/1302 (fetchpatch { name = "CVE-2026-1144.patch"; url = "https://github.com/quickjs-ng/quickjs/commit/ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141.patch"; hash = "sha256-ph6U+Mz7gxR4RWEtc+XU5fO6qjApQTqqW5dzwnOqTdc="; }) ]; outputs = [ "out" "bin" Loading pkgs/by-name/qu/quickjs/package.nix +1 −0 Original line number Diff line number Diff line Loading @@ -125,6 +125,7 @@ stdenv.mkDerivation (finalAttrs: { knownVulnerabilities = [ "CVE-2026-1144" "CVE-2026-1145" "CVE-2026-3979" ]; }; }) Loading
pkgs/by-name/qu/quickjs-ng/package.nix +2 −21 Original line number Diff line number Diff line Loading @@ -2,7 +2,6 @@ lib, cmake, fetchFromGitHub, fetchpatch, stdenv, testers, texinfo, Loading @@ -10,33 +9,15 @@ stdenv.mkDerivation (finalAttrs: { pname = "quickjs-ng"; version = "0.11.0"; version = "0.13.0"; src = fetchFromGitHub { owner = "quickjs-ng"; repo = "quickjs"; tag = "v${finalAttrs.version}"; hash = "sha256-Mb0YyxTWU6a8HFTVBmlJ5yGEDmjKXHqTSszAvb8Y01U="; hash = "sha256-t1GvD1iBRfJwzZHoLxMbE2Gh1Ow8v0ZASxCVnOT7ST4="; }; patches = [ # CVE-2026-1145: Fix heap buffer overflow in js_typed_array_constructor_ta # https://github.com/quickjs-ng/quickjs/issues/1305 (fetchpatch { name = "CVE-2026-1145.patch"; url = "https://github.com/quickjs-ng/quickjs/commit/53aebe66170d545bb6265906fe4324e4477de8b4.patch"; hash = "sha256-PObMEqIush07mQ7YcoFUJ3rXitOlEU0tCsgVi6P2zW0="; }) # CVE-2026-1144: Fix OOB access in atomic ops # https://github.com/quickjs-ng/quickjs/issues/1301 # https://github.com/quickjs-ng/quickjs/issues/1302 (fetchpatch { name = "CVE-2026-1144.patch"; url = "https://github.com/quickjs-ng/quickjs/commit/ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141.patch"; hash = "sha256-ph6U+Mz7gxR4RWEtc+XU5fO6qjApQTqqW5dzwnOqTdc="; }) ]; outputs = [ "out" "bin" Loading
pkgs/by-name/qu/quickjs/package.nix +1 −0 Original line number Diff line number Diff line Loading @@ -125,6 +125,7 @@ stdenv.mkDerivation (finalAttrs: { knownVulnerabilities = [ "CVE-2026-1144" "CVE-2026-1145" "CVE-2026-3979" ]; }; })
