summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* tsm-client: 8.1.14.0 -> 8.1.15.0•••IBM's "Authorized Program Analysis Report"s (something like release notes): https://www.ibm.com/support/pages/node/6590857 README: https://www.ibm.com/support/pages/node/6593819 Security Bulletins: https://www.ibm.com/support/pages/node/6596379 (CVE-2021-35550, CVE-2021-35603) https://www.ibm.com/support/pages/node/6596741 (CVE-2022-22478, CVE-2022-22474) https://www.ibm.com/support/pages/node/6596399 (CVE-2022-0778) (cherry picked from commit 4f4aa9685a7860a140100f31bd8c2108d65526d6) origin/backport-172372-to-release-22.05Yarny02022-07-081-2/+2
* tsm-client: fix patching rpath with autoPatchelf•••Since commit https://github.com/NixOS/nixpkgs/commit/7b9fd5d1c9802131ca0a01ff08a3ff64379d2df4 tsm-client no longer produces working binaries (discovered with bisection). Instead, calling the command line client `dsmc` just produces the error > error while loading shared libraries: libtsmxerces-depdom.so.28: cannot open shared object file: No such file or directory Output of `ldd $out/dsmc` > linux-vdso.so.1 (0x00007ffd89f70000) > libgsk8ssl_64.so => /nix/store/i21g0x44g336ag8rkx0dgndb9v4w2xhk-tsm-client-8.1.13.3-unwrapped/local/ibm/gsk8_64/lib64/libgsk8ssl_64.so (0x0000791c8eb34000) > libgsk8iccs_64.so => /nix/store/i21g0x44g336ag8rkx0dgndb9v4w2xhk-tsm-client-8.1.13.3-unwrapped/local/ibm/gsk8_64/lib64/libgsk8iccs_64.so (0x0000791c8e9b7000) > libgsk8km_64.so => /nix/store/i21g0x44g336ag8rkx0dgndb9v4w2xhk-tsm-client-8.1.13.3-unwrapped/local/ibm/gsk8_64/lib64/libgsk8km_64.so (0x0000791c8e791000) > libxmlutil-8.1.13.0.so => /nix/store/i21g0x44g336ag8rkx0dgndb9v4w2xhk-tsm-client-8.1.13.3-unwrapped/opt/tivoli/tsm/client/api/bin64/libxmlutil-8.1.13.0.so (0x0000791c8e675000) > libcrypt.so.1 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libcrypt.so.1 (0x0000791c8e639000) > libpthread.so.0 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libpthread.so.0 (0x0000791c8e619000) > libdl.so.2 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libdl.so.2 (0x0000791c8e614000) > libstdc++.so.6 => /nix/store/ndnqiz3nnifj1blhg9q626xlmkqq1nmh-gcc-10.3.0-lib/lib/libstdc++.so.6 (0x0000791c8e43f000) > libgpfs.so => /nix/store/i21g0x44g336ag8rkx0dgndb9v4w2xhk-tsm-client-8.1.13.3-unwrapped/opt/tivoli/tsm/client/api/bin64/libgpfs.so (0x0000791c8e22a000) > libdmapi.so => /nix/store/i21g0x44g336ag8rkx0dgndb9v4w2xhk-tsm-client-8.1.13.3-unwrapped/opt/tivoli/tsm/client/api/bin64/libdmapi.so (0x0000791c8e020000) > librt.so.1 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/librt.so.1 (0x0000791c8e015000) > libm.so.6 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libm.so.6 (0x0000791c8ded4000) > libgcc_s.so.1 => /nix/store/ndnqiz3nnifj1blhg9q626xlmkqq1nmh-gcc-10.3.0-lib/lib/libgcc_s.so.1 (0x0000791c8deba000) > libc.so.6 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libc.so.6 (0x0000791c8dce5000) > libgsk8cms_64.so => /nix/store/i21g0x44g336ag8rkx0dgndb9v4w2xhk-tsm-client-8.1.13.3-unwrapped/local/ibm/gsk8_64/lib64/libgsk8cms_64.so (0x0000791c8d78d000) > /nix/store/4s21k8k7p1mfik0b33r2spq5hq7774k1-glibc-2.33-108/lib/ld-linux-x86-64.so.2 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib64/ld-linux-x86-64.so.2 (0x0000791c8f074000) > libtsmxerces-depdom.so.28 => not found > libtsmxerces-c.so.28 => not found Output of `ldd $out/lib/libtsmxerces-depdom.so.28` > linux-vdso.so.1 (0x00007fff69388000) > libpthread.so.0 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libpthread.so.0 (0x000078f150454000) > libtsmxerces-c.so.28 => not found > libstdc++.so.6 => /nix/store/ndnqiz3nnifj1blhg9q626xlmkqq1nmh-gcc-10.3.0-lib/lib/libstdc++.so.6 (0x000078f15027f000) > libm.so.6 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libm.so.6 (0x000078f15013e000) > libgcc_s.so.1 => /nix/store/ndnqiz3nnifj1blhg9q626xlmkqq1nmh-gcc-10.3.0-lib/lib/libgcc_s.so.1 (0x000078f150124000) > libc.so.6 => /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib/libc.so.6 (0x000078f14ff4d000) > /nix/store/qjgj2642srlbr59wwdihnn66sw97ming-glibc-2.33-123/lib64/ld-linux-x86-64.so.2 (0x000078f150601000) The commit given above rewrote the `autoPatchelfHook`. The new hook still calls `patchelf` to actually modify binary files, but the discovery of shared libraries apparently got changed. Thorough investigation of all `patchelf` calls in the old and new autoPatchelfHook showed that all files are treated equally up the the files * $out/opt/tivoli/tsm/client/api/bin64/libtsmxerces-depdom.so.28.0 * $out/opt/tivoli/tsm/client/api/bin64/libxmlutil-8.1.13.0.so where the new autoPatchelf implementation replaced `$out/lib` with `$out/opt/tivoli/tsm/client/api/bin64` in the rpath. I failed to see *why* the new algorithm does that, or if that might be considered a bug. The `tsm-client` package has some confusing symlink structure which certainly might confuse `autoPatchelfHook`. The following ideas to "restore" the old behaviour of `autoPatchelfHook` failed to produce a working package: * add "$out" or "${placeholder "out"}" to `runtimeDependencies` * use `addAutoPatchelfSearchPath` with `$out/lib` or another so-file-containing directory The commit at hand fixes the issue by directly adding `$out/lib` to the rpath of all shared libraries in that directory. This has to be done *after* `autoPatchelf` got executed. To accomplish this, we disable auto-calling `autoPatchelf` (it would run after `postFixup`) and instead call it manually in `postFixup`, just before we patch the rpath by hand. (cherry picked from commit 1ed9ba08f1e83a5fdcebcffa0aff2d5b4452c9b1) Yarny02022-07-081-0/+10
* blender: fix on darwin•••(cherry picked from commit 007c4341fe6a37ad70a584f78f0cc837edf8d0d1) Dmitry Kalinkin2022-07-073-21/+40
* Merge pull request #180563 from NixOS/backport-180092-to-release-22.05•••[Backport release-22.05] Linux kernel updates 2022-07-04Maximilian Bosch2022-07-077-14/+14
|\
| * linux: 5.4.202 -> 5.4.203•••(cherry picked from commit 111751879d8a0d59c20eae929b95b93fc7aef68f) Maximilian Bosch2022-07-071-2/+2
| * linux: 5.18.8 -> 5.18.9•••(cherry picked from commit 39a8cebc2b637f6a9a14ae448939d2ff81785cd7) Maximilian Bosch2022-07-071-2/+2
| * linux: 5.15.51 -> 5.15.52•••(cherry picked from commit edd230fbc47fae924ce94153c3c393e8b83a1ae0) Maximilian Bosch2022-07-071-2/+2
| * linux: 5.10.127 -> 5.10.128•••(cherry picked from commit 1e013585246f212144f7f7da5124706d5061c121) Maximilian Bosch2022-07-071-2/+2
| * linux: 4.9.320 -> 4.9.321•••(cherry picked from commit 734b6f6d30aebb10f0eacd47f73a9ad05f625213) Maximilian Bosch2022-07-071-2/+2
| * linux: 4.19.249 -> 4.19.250•••(cherry picked from commit 67b230bd08146e4a822ff1e6bc314501dc7b768c) Maximilian Bosch2022-07-071-2/+2
| * linux: 4.14.285 -> 4.14.286•••(cherry picked from commit a9b933df1cc93c2fedd5b9d06a1d4daa48d8c15b) Maximilian Bosch2022-07-071-2/+2
* | Merge pull request #180564 from NixOS/backport-180165-to-release-22.05•••[Backport release-22.05] virtualbox: update patch linux-5.18 -> linux-5.19Domen Kožar2022-07-072-287/+7
|\ \
| * | virtualbox: update patch linux-5.18 -> linux-5.19•••Some history: The linux kernel v5.18-rc contains the commit > commit 6e8ec2552c7d13991148e551e3325a624d73fac6 > Author: Jason A. Donenfeld <Jason@zx2c4.com> > Date: 2022-01-16 14:23:10 +0100 > > random: use computational hash for entropy extraction > [...] which modifies the kernels random number generator. This change broke VirtualBox 6.1.34 in several ways: It causes random crashes and filesystem corruption in the guest (at least on some host CPU models). More details can be found in the corresponding ticket in the VirtualBox bug tracker: https://www.virtualbox.org/ticket/20914 That ticket also contains a patch "vbox-linux-5.18.patch" for VirtualBox that fixes the problem, at least for kernels 5.18 and (hopefully) above. This patch got added to nixpkgs' VirtualBox build recipe with https://github.com/NixOS/nixpkgs/pull/175507/commits/9c8132494fbfb6c5cf09767b18d703103d067a17 . Meanwhile, the kernel patch got backported to LTS kernels. As the VirtualBox patch contains several `#if RTLNX_VER_MIN(5,18,0)` clauses to apply the fix, it can't heal VirtualBox on LTS kernel versions. The result is that VirtualBox is still broken if used with linux kernels 5.10 and 5.15 (currenly the default kernel in nixpkgs). Luckily, VirtualBox developers updated the patch (now named "vbox-linux-5.19.patch") to not only fix the problem for the upcoming 5.19 kernel, but also address backport releases. The commit at hand replaces "vbox-linux-5.18.patch" with the new "vbox-linux-5.19.patch", fixing VirtualBox for LTS kernel releases. (cherry picked from commit 0ad873b44b73ab2fde8c378470cd1b75b7a3c4d2) Yarny02022-07-072-287/+7
|/ /
* | Merge pull request #177413 from NixOS/backport-175507-to-release-22.05•••[Backport release-22.05] virtualbox: 6.1.30 -> 6.1.34Domen Kožar2022-07-076-5/+314
|\ \ | |/ |/|
| * virtualbox: 6.1.30 -> 6.1.34•••(cherry picked from commit 9c8132494fbfb6c5cf09767b18d703103d067a17) origin/backport-175507-to-release-22.05André Silva2022-06-126-5/+314
* | Merge pull request #180559 from NixOS/backport-179702-to-release-22.05•••[Backport release-22.05] Assorted kernel updates for 2022-06-29Maximilian Bosch2022-07-075-28/+28
|\ \
| * | linux/hardened/patches/5.4: 5.4.201-hardened1 -> 5.4.202-hardened1•••(cherry picked from commit f8b452f1278baa0530d354facfbcd7ead5a9f773) K9002022-07-071-5/+5
| * | linux/hardened/patches/5.18: 5.18.7-hardened1 -> 5.18.8-hardened1•••(cherry picked from commit 87f3f3ab17074e6e969ce0aa4425e792d076e311) K9002022-07-071-5/+5
| * | linux/hardened/patches/5.15: 5.15.50-hardened1 -> 5.15.51-hardened1•••(cherry picked from commit 362d5a564f3c2b8cf93ea33381ab86a9126cb8fa) K9002022-07-071-5/+5
| * | linux/hardened/patches/5.10: 5.10.125-hardened1 -> 5.10.127-hardened1•••(cherry picked from commit 02281899164fd848736c8ad278e25c98e76df85e) K9002022-07-071-5/+5
| * | linux: 5.4.201 -> 5.4.202•••(cherry picked from commit 7b061f8eb6de460c9622ad473f9ee4cc6efca8ee) K9002022-07-071-2/+2
| * | linux: 5.18.7 -> 5.18.8•••(cherry picked from commit 7c4567e0d4bb5a54c3827ca95d1222ac5b5b39df) K9002022-07-071-2/+2
| * | linux: 5.15.50 -> 5.15.51•••(cherry picked from commit 5a52c81969a9c8d6b32753adb0c2fe41e1379775) K9002022-07-071-2/+2
| * | linux: 5.10.126 -> 5.10.127•••(cherry picked from commit 6ed6ef2ea1b60edbf2f47932494b62c3486a7973) K9002022-07-071-2/+2
|/ /
* | Merge pull request #180519 from NixOS/backport-179055-to-release-22.05ajs1242022-07-075-10/+10
|\ \
| * | nginx: build with pcre•••Pcre2 is not currently supported by nginx lua module. (cherry picked from commit bc6a464c32f22fc1f12c136d5b29a757594e9da3) Izorkin2022-07-071-3/+0
| * | nixos/tests: small update nginx-http3 test•••(cherry picked from commit f169a1af97b28a0835e6447873ff7e4d5f4041db) Izorkin2022-07-071-0/+3
| * | nginxModules.moreheaders: v0.33 -> unstable-2022-06-21•••(cherry picked from commit ccff32fa91711f2c05b4f4b7ce80d2890690814a) Izorkin2022-07-071-2/+2
| * | nginxQuic: 5b1011b5702b -> 8d0753760546•••(cherry picked from commit ec443943f5b3e96e704b8cdc69c1f300548cea35) Izorkin2022-07-071-3/+3
| * | nginxMainline: 1.22.0 -> 1.23.0•••(cherry picked from commit 7a8c541412ff6c714c06f4c8f953e0e250879a8b) Izorkin2022-07-071-2/+2
* | | wireshark: 3.6.3 -> 3.6.5•••Changelogs: - https://www.wireshark.org/docs/relnotes/wireshark-3.6.4.html - https://www.wireshark.org/docs/relnotes/wireshark-3.6.5.html (cherry picked from commit 086468ce4e09508eb2105d42be3b80cfc7cf4b37) Georg Haas2022-07-071-2/+2
* | | Merge pull request #180126 from NixOS/backport-178858-to-release-22.05•••[Backport release-22.05] nixos/matrix-synapse: update docsMaximilian Bosch2022-07-071-95/+140
|\ \ \ | |/ / |/| |
| * | nixos/matrix-synapse: update docs•••* Update attribute names in code examples (* -> settings.*). * Use `nix-shell -p` rather than `nix run` because the example won't work with the current default Nix. * Update config values for `element-web`. * Fix link to `element-web` security considerations. * Make the synapse expression even smaller and use callout-lists to explain the code. * Document how to correctly deploy the shared registration secret. [1] https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient (cherry picked from commit 899a37d1909be0d4a11102bbdaeaebef793a5177) origin/backport-178858-to-release-22.05Maximilian Bosch2022-07-041-95/+140
* | | Merge pull request #180514 from mweinelt/22.05/openssl_3Martin Weinelt2022-07-074-8/+9
|\ \ \
| * | | openssl_3: 3.0.4 -> 3.0.5•••https://www.openssl.org/news/secadv/20220705.txt We already acted on the first public disclosure, so this release removes the previous patch and upgrades to the release including the fix. Related: CVE-2022-2274 Fixes: CVE-2022-2097 (cherry picked from commit 1dbf7b45e26a6ef990ea72387dc1195e185c5fa0) Martin Weinelt2022-07-071-2/+2
| * | | openssl_3: rename from openssl_3_0•••With their new versioning scheme, OpenSSL have committed[1] to API and ABI compatibility for the whole 3.x.x release series, so we shouldn't be overly specific in our attribute name. [1]: https://www.openssl.org/blog/blog/2018/11/28/version/ (cherry picked from commit fd6a8fb8942cc81f39fe6fcfdc404ff4535c7c57) Alyssa Ross2022-07-074-6/+7
|/ / /
* | | stgit: mark as unbroken on darwin (#180414)•••Marked as broken by 37c633f7ae5 (treewide: pkgs/applications: mark broken for darwin, 2022-05-28) probably by mistake. It builds and works just fine. (cherry picked from commit bdae2919d2759e4ce37e72a725b1dddb9bd6a5b0) Co-authored-by: Sebastián Mancilla <smancill@smancill.dev>github-actions[bot]2022-07-061-1/+0
* | | Merge pull request #180367 from NixOS/backport-180230-to-release-22.05Martin Weinelt2022-07-071-2/+2
|\ \ \
| * | | webkitgtk: 2.36.3 → 2.36.4•••https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html https://webkitgtk.org/security/WSA-2022-0006.html (cherry picked from commit a238ca2853b59b81fb3f2e4d7151295a0fd3935c) Jan Tojnar2022-07-061-2/+2
* | | | Merge pull request #180408 from NixOS/backport-180403-to-release-22.05Martin Weinelt2022-07-072-100/+2
|\ \ \ \
| * | | | python3Packages.ldap: 3.4.0 -> 3.4.2•••https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.2 (cherry picked from commit c3f498f8c02ff11f2328de9cfee960c7b55d0850) Martin Weinelt2022-07-062-100/+2
|/ / / /
* | | | Merge pull request #180406 from WeebSorceress/backport-179942-to-release-22.05•••[Backport release-22.05] adl: init at 3.0.1superherointj2022-07-062-0/+45
|\ \ \ \
| * | | | adl: init at 3.0.1•••(cherry picked from commit a885d43d61a501ffc777809a70ca55c1ce4f29d3) WeebSorceress2022-07-062-0/+45
* | | | | Merge pull request #180379 from NixOS/backport-179871-to-release-22.05•••[Backport release-22.05] hplip: 3.21.12 -> 3.22.6Thomas Tuegel2022-07-062-4/+77
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | hplip: 3.21.12 -> 3.22.6•••* add patch from Debian which removes closed-source binary blobs from the package and fixes the build on aarch64-linux * add patch that reverts calls of `strcpy` replaced with `snprintf` Fixes #162141. (cherry picked from commit 3ed1328b9bdc61bb220d516fbbcdbf7befa74b41) Claudio Bley2022-07-062-4/+77
| |/ / /
* | | | Merge pull request #180376 from NixOS/backport-180351-to-release-22.05•••[Backport release-22.05] dovecot: fix CVE-2022-30550ajs1242022-07-061-0/+6
|\ \ \ \ | |/ / / |/| | |
| * | | dovecot: fix CVE-2022-30550•••(cherry picked from commit 6870d49feace5011d1ada61ce6600a141dca35fd) ajs1242022-07-061-0/+6
|/ / /
* | | Merge pull request #180255 from squalus/librewolf-backport•••[22.05] librewolf: 100.0-3 -> 102.0-2Martin Weinelt2022-07-061-5/+5
|\ \ \
| * | | librewolf: 100.0-3 -> 102.0-2•••(cherry picked from commit 55c5a83c4c8a3ba59e62d612383b1a4aacf27be0) squalus2022-07-061-5/+5
|/ / /
* | | qemu-utils: ensure we cut off qemu dependency•••(cherry picked from commit 312d91f14d33f08a296c744e495f61529ba77268) Arthur Gautier2022-07-061-0/+1
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 05:38:50 +0000