nixos/nixpkgs - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Expand)	Author	Age	Files	Lines
*	thunderbird-bin: 91.7.0 -> 91.8.0•••(cherry picked from commit 067b774e7c998b93ce678c964a4886c81dad0747) origin/backport-168888-to-release-21.11	taku0	2022-04-16	1	-261/+261
*	chromium: 100.0.4896.88 -> 100.0.4896.127 (#168959)•••https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html This update includes 2 security fixes. Google is aware that an exploit for CVE-2022-1364 exists in the wild. CVEs: CVE-2022-1364 (cherry picked from commit a6a25ec43d65f9dbf77ed52d28f582fb6ed03d68)	Louis Bettens	2022-04-16	1	-3/+3
*	Merge pull request #168949 from NixOS/backport-168705-to-release-21.11•••[Backport release-21.11] discourse: 2.9.0.beta3 -> 2.9.0.beta4	Kim Lindberger	2022-04-16	22	-106/+104
\|\
\| *	discourse: 2.9.0.beta3 -> 2.9.0.beta4•••(cherry picked from commit 8c33504431e9669f324db150174d5bc8de2bbfcf)	Ryan Mulligan	2022-04-16	22	-106/+104
\|/
*	Merge pull request #168914 from NixOS/backport-165968-to-release-21.11•••[Backport release-21.11] xprintidle: init at 0.2.4	Timo Kaufmann	2022-04-16	2	-0/+42
\|\
\| *	xprintidle: init at 0.2.4•••(cherry picked from commit 745dd2d18bdcbf1a8f175174b523e20341bbe579)	Francesco Gazzetta	2022-04-16	2	-0/+42
\|/
*	Merge pull request #168898 from NixOS/backport-168754-to-release-21.11•••[Backport release-21.11] element-{web,desktop}: 1.10.9 -> 1.10.10	Maximilian Bosch	2022-04-16	2	-4/+4
\|\
\| *	element-{web,desktop}: 1.10.9 -> 1.10.10•••ChangeLog: https://github.com/vector-im/element-web/releases/tag/v1.10.10 (cherry picked from commit c30945a93fbd3122a55ee6a63c9bfef7556bc82e)	Maximilian Bosch	2022-04-16	2	-4/+4
* \|	Merge pull request #168886 from Ma27/neomutt-security•••[21.11] neomutt: apply patch for CVE-2022-1328	Maximilian Bosch	2022-04-16	1	-0/+7
\|\ \ \| \|/ \|/\|
\| *	neomutt: apply patch for CVE-2022-1328•••This fixes a buffer overflow in NeoMutt, to quote the original report[1]: > Hello, In mutt_decode_uuencoded(), the line length is read from the > untrusted uuencoded part without validation. This could result in > including private memory in message parts, for example fragments of > other messages, passphrases or keys in replys. Security advistory for the corresponding CVE-2022-1328 is on GitHub[2]. Applying the entire release 20220415 is IMHO too risky because too much has changed, but applying the patch only works fine as well here. In NeoMutt 20220415 / Mutt 2.2.3 there's also a fix for an integer overflow[3] of a `strlen()` for very large messages which is however not exploitable for NeoMutt according to the upstream maintainers[4], so I won't backport this patch as well. Related to https://github.com/NixOS/nixpkgs/pull/168800. [1] https://gitlab.com/muttmua/mutt/-/issues/404 [2] https://github.com/advisories/GHSA-qfrq-pp74-gpff [3] https://gitlab.com/muttmua/mutt/-/issues/405 [4] https://github.com/neomutt/neomutt/commit/2bedc9762e2be679a24c8af9c56d16d670aef958:	Maximilian Bosch	2022-04-16	1	-0/+7
* \|	Merge pull request #168896 from NixOS/backport-168385-to-release-21.11•••[Backport release-21.11] element{-desktop,}: 1.10.8 -> 1.10.9	Maximilian Bosch	2022-04-16	2	-5/+5
\|\ \
\| * \|	element{-desktop,}: 1.10.8 -> 1.10.9•••(cherry picked from commit 2e7cca769034e5cb84d56138f2b198ee12fefd11)	Sumner Evans	2022-04-16	2	-5/+5
\|/ /
* \|	Merge pull request #168757 from Ma27/backport-php•••[21.11] php74: 7.4.28 -> 7.4.29, php80: 8.0.17 -> 8.0.18	Maximilian Bosch	2022-04-16	2	-4/+4
\|\ \ \| \|/ \|/\|
\| *	php80: 8.0.17 -> 8.0.18•••(cherry picked from commit abb096f629d69fba4067ed4542ce871548948436)	Pol Dellaiera	2022-04-15	1	-2/+2
\| *	php74: 7.4.28 -> 7.4.29•••(cherry picked from commit ba45a559b5c42e123af07272b0241a73dcfa03b0)	Pol Dellaiera	2022-04-15	1	-2/+2
* \|	Merge pull request #168805 from Luflosi/backport-168330-to-release-21.11	Martin Weinelt	2022-04-16	1	-2/+2
\|\ \
\| * \|	ipfs: 0.11.0 -> 0.11.1•••https://github.com/ipfs/go-ipfs/releases/tag/v0.11.1	Luflosi	2022-04-15	1	-2/+2
* \| \|	Merge pull request #168802 from NixOS/backport-168720-to-release-21.11•••[Backport release-21.11] mruby: add patch for CVE-2022-1212	Mario Rodas	2022-04-15	1	-1/+9
\|\ \ \
\| * \| \|	mruby: add patch for CVE-2022-1212•••(cherry picked from commit fbfa7ea82dd27b19d56c9f505ff5a013e749a630)	Robert Scott	2022-04-15	1	-1/+9
\|/ / /
* \| \|	Merge pull request #168785 from drupol/php/composer-fix-CVE-2022-24828-backpo...•••[21.11] php.packages.composer: 2.1.9 -> 2.3.5	Maximilian Bosch	2022-04-15	1	-2/+2
\|\ \ \ \| \|/ / \|/\| \|
\| * \|	php74Packages.composer: 2.3.3 -> 2.3.5•••https://github.com/composer/composer/releases/tag/2.3.4 https://github.com/composer/composer/releases/tag/2.3.5 https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6 Fixes: CVE-2022-24828 (cherry picked from commit 6f2f0aaeb76a3c80557afae8eafe22b985cc3e01)	Pol Dellaiera	2022-04-15	1	-2/+2
\| * \|	php74Packages.composer: 2.2.9 -> 2.3.3•••(cherry picked from commit 3aa6277c43b1e393b400af53c82715202e0ea5da)	R. Ryantm	2022-04-15	1	-2/+2
\| * \|	php74Packages.composer: 2.2.7 -> 2.2.9•••(cherry picked from commit 8bf228ce2a408f30a4415b259f8089b65d3df5d6)	R. Ryantm	2022-04-15	1	-2/+2
\| * \|	php74Packages.composer: 2.2.6 -> 2.2.7•••(cherry picked from commit d118f55e2310b29fdb037d900e062705edcb27dd)	R. Ryantm	2022-04-15	1	-2/+2
\| * \|	php74Packages.composer: 2.2.3 -> 2.2.6•••(cherry picked from commit 2b225076c7d5bcdfd0b942d8bb1e01db88ac7980)	R. Ryantm	2022-04-15	1	-2/+2
\| * \|	php74Packages.composer: 2.2.1 -> 2.2.3•••(cherry picked from commit cb9f7cafde34992f107ab6f745c258884f5861b9)	R. Ryantm	2022-04-15	1	-2/+2
\| * \|	php74Packages.composer: 2.1.14 -> 2.2.1•••(cherry picked from commit 5c6e813ba3efc77e5ad1b10a122c9ebea579393a)	R. Ryantm	2022-04-15	1	-2/+2
\| * \|	php74Packages.composer: 2.1.9 -> 2.1.14•••(cherry picked from commit 0782984c0593939330fe14c6fd1f70105742ddfb)	R. Ryantm	2022-04-15	1	-2/+2
\|/ /
* \|	Merge pull request #168718 from NixOS/backport-168588-to-release-21.11•••[Backport release-21.11] Linux kernels 2022-04-13	Maximilian Bosch	2022-04-15	6	-13/+13
\|\ \ \| \|/ \|/\|
\| *	linux-rt_5_4: 5.4.182-rt72 -> 5.4.188-rt73•••(cherry picked from commit 73a50cd17b6a6e1d555619c383667dac48273443)	TredwellGit	2022-04-14	1	-3/+3
\| *	linux: 5.17.2 -> 5.17.3•••(cherry picked from commit d061104f96b538697aea9044505b265403ccb2a1)	TredwellGit	2022-04-14	1	-2/+2
\| *	linux: 5.16.19 -> 5.16.20•••(cherry picked from commit e70511248b567d91eefffe92b918063acc39b097)	TredwellGit	2022-04-14	1	-2/+2
\| *	linux: 5.15.33 -> 5.15.34•••(cherry picked from commit 34a4c9124c31c09899784ccb36f0d0ab860ab0a4)	TredwellGit	2022-04-14	1	-2/+2
\| *	linux: 5.10.110 -> 5.10.111•••(cherry picked from commit 2e87b82c8301100544162d1404e04c637c66e165)	TredwellGit	2022-04-14	1	-2/+2
\| *	linux: 4.9.309 -> 4.9.310•••(cherry picked from commit 9415d2917ce2331bbc31e62ab45f941273c67a6e)	TredwellGit	2022-04-14	1	-2/+2
* \|	Merge pull request #168742 from mweinelt/21.11/brave	Martin Weinelt	2022-04-15	1	-2/+2
\|\ \ \| \|/ \|/\|
\| *	brave: 1.37.109 -> 1.37.113•••(cherry picked from commit 8838263f3ca36f8d5b7354aa780d9114f395d0c1)	R. Ryantm	2022-04-15	1	-2/+2
\| *	brave: 1.36.122 -> 1.37.109•••https://github.com/brave/brave-browser/blob/master/CHANGELOG_DESKTOP.md#137109 (cherry picked from commit 82230fc6ea9d56192346d3d9be1f2c7d951de52f)	TredwellGit	2022-04-15	1	-2/+2
\|/
*	Merge pull request #168621 from NixOS/backport-168467-to-release-21.11•••[Backport release-21.11] palemoon: 29.4.5.1 -> 29.4.6	Anderson Torres	2022-04-14	1	-2/+2
\|\
\| *	palemoon: 29.4.5.1 -> 29.4.6•••(cherry picked from commit 93b9c6708e7dfdb1ad18a7854fdb3bb14346f354)	R. Ryantm	2022-04-14	1	-2/+2
* \|	Merge pull request #168625 from NixOS/backport-168426-to-release-21.11•••[Backport release-21.11] vscode: 1.66.1 -> 1.66.2	Mario Rodas	2022-04-14	1	-6/+6
\|\ \
\| * \|	vscode: 1.66.1 -> 1.66.2•••(cherry picked from commit db770979f19b8c95a458e5b6e53506f605610f01)	nixpkgs-upkeep-bot	2022-04-14	1	-6/+6
\| \|/
* \|	grafana: 8.4.5 -> 8.4.6•••No-op release: https://github.com/grafana/grafana/releases/tag/v8.4.6 Yes, this is actually not really needed since we only provide the OSS version of Grafana and the CVE in question is only exploitable on Grafana enterprise, but I decided to perform this update to test the update script I previously implemented in 7708fccf01e0cdc38ce020c30e5c84427c2bec8e. (cherry picked from commit e633d427477c310891553b4218648e05da1db56c)	Maximilian Bosch	2022-04-14	1	-3/+3
* \|	Merge pull request #168624 from NixOS/backport-168449-to-release-21.11•••[Backport release-21.11] vscodium: 1.66.1 -> 1.66.2	Mario Rodas	2022-04-14	1	-5/+5
\|\ \ \| \|/ \|/\|
\| *	vscodium: 1.66.1 -> 1.66.2•••(cherry picked from commit 5acc34d95a1f550a62b71e49a3867863e2a2a82d)	nixpkgs-upkeep-bot	2022-04-14	1	-5/+5
\|/
*	Merge pull request #168602 from NixOS/backport-168459-to-release-21.11•••[Backport release-21.11] nomachine-client: 7.8.2 -> 7.9.2	Kim Lindberger	2022-04-14	1	-3/+3
\|\
\| *	nomachine-client: 7.8.2 -> 7.9.2•••(cherry picked from commit 756d8c1d4f33bfc582fc374a99a85a246b951a98)	talyz	2022-04-14	1	-3/+3
\|/
*	Merge pull request #167142 from rnhmjoj/pr-gitea-cve•••gitea: patch for CVE-2022-0905, CVE-2022-1058	Michele Guerini Rocco	2022-04-14	1	-0/+11
\|\
\| *	gitea: patch for CVE-2022-0905, CVE-2022-1058	rnhmjoj	2022-04-09	1	-0/+11
* \|	Merge pull request #168458 from rnhmjoj/pr-mutt-cve•••mutt: patch for CVE-2022-1328	Michele Guerini Rocco	2022-04-14	1	-1/+8
\|\ \