| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | chromium: 122.0.6261.69 -> 122.0.6261.94•••https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
This update includes 4 security fixes.
(cherry picked from commit fdf83ea2badb17cb9a198e971a09c34d9638c6f7)
origin/backport-291931-to-release-23.11 | emilylange | 2024-02-28 | 1 | -3/+3 |
| * | chromedriver: 122.0.6261.69 -> 122.0.6261.94•••(cherry picked from commit e7a302b9aab79bfc75df08558fd0b0ce70358a59)
| emilylange | 2024-02-28 | 1 | -4/+4 |
| * | Merge pull request #292048 from NixOS/backport-291756-to-release-23.11•••[Backport release-23.11] floorp: 11.10.2 -> 11.10.5 | Martin Weinelt | 2024-02-28 | 1 | -2/+2 |
| |\ |
|
| | * | floorp: 11.10.2 -> 11.10.5•••Signed-off-by: Christoph Heiss <christoph@c8h4.io>
(cherry picked from commit 5d7e7bfc9d3f647ab768e76ff31dc7d447e187fd)
| Christoph Heiss | 2024-02-28 | 1 | -2/+2 |
| * | | Merge pull request #287489 from NixOS/backport-276332-to-release-23.11•••[Backport release-23.11] _1password: 2.23.0 -> 2.24.0 | Mario Rodas | 2024-02-28 | 1 | -5/+5 |
| |\ \
| |/
|/| |
|
| | * | _1password: 2.23.0 -> 2.24.0•••Changelog: https://app-updates.agilebits.com/product_history/CLI2#v2240001
(cherry picked from commit 5d73f1b783744b6396d44a087b461f54a6188b00)
origin/backport-276332-to-release-23.11 | Mario Rodas | 2024-02-09 | 1 | -5/+5 |
| * | | Merge pull request #291948 from NixOS/backport-289780-to-release-23.11•••[Backport release-23.11] dc3dd: remove darwin support | a-n-n-a-l-e-e | 2024-02-28 | 1 | -4/+2 |
| |\ \ |
|
| | * | | dc3dd: remove darwin support•••(cherry picked from commit 81f4ba14c530aab952780ccd399068d460c42ec3)
| D3vil0p3r | 2024-02-28 | 1 | -4/+2 |
| * | | | Merge pull request #289922 from NixOS/backport-281520-to-release-23.11•••[Backport release-23.11] dockerTools: Fix chown in fakeRootCommands | Robert Hensing | 2024-02-28 | 1 | -0/+18 |
| |\ \ \ |
|
| | * | | | dockerTools: Add chown test•••proot's --root-id "allows" chown only in the sense that it makes it
succeed vacuously, i.e. a no-op. This is undesired if the goal is to
actually create a layer with some files owned by different users.
Fortunately, fakeroot does allow persistence of emulated file owners,
and it is possible to combine fakeroot with proot, so replace proot
--root-id with fakeroot to do so.
This was fixed recently in d538fefb62a2dc0e40235606bb02615b47d02583,
so this commit just adds a test.
(cherry picked from commit 84b5bcae2667942984b5e8ee3ae9b14f48f7d0a6)
origin/backport-281520-to-release-23.11 | WxNzEMof | 2024-02-19 | 1 | -0/+18 |
| * | | | | Merge pull request #288893 from NixOS/backport-271976-to-release-23.11•••[Backport release-23.11] nixos/dockerTools: fix includeStorePaths when enableFakechroot | Robert Hensing | 2024-02-28 | 3 | -0/+30 |
| |\ \ \ \ |
|
| | * | | | | nixosTests.docker-tools: Use both code paths in includeStorePath test•••(cherry picked from commit 1f9e86f31462b395d77151469a53543a94e46c36)
origin/backport-271976-to-release-23.11 | Robert Hensing | 2024-02-14 | 2 | -0/+26 |
| | * | | | | nixos/dockerTools: fix includeStorePaths when enableFakechroot•••After #268458, when setting `enableFakechroot = true` and
`includeStorePaths = false`, some of the store paths were getting
included into the image anyway, thru `bind-paths`.
This resulted in unexpectedly large images.
Now, the images will not contain any store paths under those
circumstances.
(cherry picked from commit 8353fad13da8983b95c47426a355e044099cee91)
| Robert K. Bell | 2024-02-14 | 3 | -0/+4 |
| * | | | | | Merge pull request #290724 from rafameou/wayland-pipewire-idle-inhibit/backport•••[23.11] wayland-pipewire-idle-inhibit: init at 0.4.5 | Nick Cao | 2024-02-27 | 2 | -0/+48 |
| |\ \ \ \ \ |
|
| | * | | | | | wayland-pipewire-idle-inhibit: use rustPlatform.bindgenHook, fix cross compil...•••(cherry picked from commit dfa08b768c23fe5fa21383fa190f05714cc72d7b)
| Nick Cao | 2024-02-27 | 1 | -6/+2 |
| | * | | | | | wayland-pipewire-idle-inhibit: init at 0.4.5•••(cherry picked from commit b79fd410c38349c8761d832761bb1e4d1af1b358)
| Rafael Mazzutti | 2024-02-22 | 1 | -0/+46 |
| | * | | | | | maintainers: add rafameou•••(cherry picked from commit e3f9c0a0b8ff96364ffa927a21dc52ab29cc10d2)
| Rafael Mazzutti | 2024-02-22 | 1 | -0/+6 |
| * | | | | | | Merge pull request #291957 from adamcstephens/ovmf/23.11-csm•••[Release-23.11] OVMF/OVMFFull: drop CSM support | Adam C. Stephens | 2024-02-27 | 2 | -4/+1 |
| |\ \ \ \ \ \ |
|
| | * | | | | | | OVMF/OVMFFull: drop CSM support•••Upstream dropped CSM from the previous release.
Unfortunately, this release (edk2 202402) includes a number of critical security
fixes and it was backported to protect our users.
This may break some users, but I think the benefits of better security
outweigh some earlier inconvenience for them. They will have to find an
alternative in few months anyway.
| Adam Stephens | 2024-02-27 | 2 | -4/+1 |
| * | | | | | | | Merge pull request #291954 from NixOS/backport-291933-to-release-23.11•••[Backport release-23.11] lib.fileset: Fix tests on Darwin, more POSIX | Robert Hensing | 2024-02-28 | 1 | -48/+52 |
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
|
| | * | | | | | | lib.fileset: Fix tests on Darwin, more POSIX•••This was found when trying to run the fileset tests on Darwin
(https://github.com/NixOS/nix/pull/9546#issuecomment-1967409445), which mysteriously fail on Darwin:
test case at lib/fileset/tests.sh:342 failed: toSource { root = "/nix/store/foobar"; fileset = ./.; } should have errored with this regex pattern:
lib.fileset.toSource: `root` \(/nix/store/foobar\) is a string-like value, but it should be a path instead.
\s*Paths in strings are not supported by `lib.fileset`, use `lib.sources` or derivations instead.
but this was the actual error:
error: lib.fileset.toSource: `root` (/nix/store/foobar) is a string-like value, but it should be a path instead.
Paths in strings are not supported by `lib.fileset`, use `lib.sources` or derivations instead.
After dissecting this, I find out that apparently \s works on Linux, but not on Darwin for some reason!
From the bash source code, it looks like <regex.h> with `REG_EXTENDED` is used for all platforms the same,
so there's nothing odd there.
It's almost impossible to know where <regex.h> comes from,
but it looks to be a POSIX thing.
So after digging through the almost impossible to find POSIX specifications
(https://pubs.opengroup.org/onlinepubs/007908799/xbd/re.html#tag_007_003_005),
I can indeed confirm that there's no mention of \s or the like!
_However_, there is a mention of `[[:blank:]]`, so we'll use that instead.
(cherry picked from commit 34295941145b2df1b6c3a9b36c50ad2982227b2f)
| Silvan Mosberger | 2024-02-28 | 1 | -48/+52 |
| |/ / / / / / |
|
| * | | | | | | Merge pull request #291841 from NixOS/backport-291795-to-release-23.11•••[Backport release-23.11] snagboot: 1.2 -> 1.3 | OTABI Tomoya | 2024-02-28 | 1 | -3/+2 |
| |\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
|
| | * | | | | | snagboot: 1.2 -> 1.3•••Dropped hid[1] from nativeBuildInputs. Thanks for @natsukium reporting
this required change.
1. https://github.com/bootlin/snagboot/commit/bb767fee227030bcd7a1a6bd901e4329d01121a1
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
(cherry picked from commit a2f4aa4073bc37e1654d60829eef824b3962daa0)
| Otavio Salvador | 2024-02-27 | 1 | -3/+2 |
| * | | | | | | apt-mirror: init at 0.5.4•••(cherry picked from commit c6e364758ca42ba22f56cd183f2d82321ac2b014)
| arthsmn | 2024-02-27 | 1 | -0/+46 |
| * | | | | | | libtiff: drop maintainership•••When I added myself as a maintainer here, I thought it would be way
less work than it turns out to be, because I didn't realise how
vulnerability-prone libtiff is. I basically haven't been maintaining
it at all, so let's reflect reality.
(cherry picked from commit 411fd474e120d9d6f7640c1f3894cfd665866320)
| Alyssa Ross | 2024-02-27 | 1 | -1/+0 |
| * | | | | | | git-remote-hg.meta.maintainers: drop myself•••I use git-cinnabar now.
(cherry picked from commit 873a4ad363df2dca599cec5838e35c01c0419b8c)
| Alyssa Ross | 2024-02-27 | 1 | -1/+1 |
| * | | | | | | slack-cli.meta.maintainers: drop myself•••(cherry picked from commit 3162ba9f28814574068a7175ac1eb8358906b54d)
| Alyssa Ross | 2024-02-27 | 1 | -1/+1 |
| * | | | | | | Merge pull request #291779 from NixOS/backport-291643-to-release-23.11•••[Backport release-23.11] github-runner: 2.313.0 -> 2.314.0 | Nick Cao | 2024-02-27 | 1 | -2/+2 |
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | * | | | | | github-runner: 2.313.0 -> 2.314.0•••(cherry picked from commit 45f5bccce547aec88a43acba6344bf96df7bba26)
| Shea Levy | 2024-02-27 | 1 | -2/+2 |
| * | | | | | | linux_latest-libre: 19489 -> 19491•••(cherry picked from commit 1596dc1b7ac26b9efceefedc57dcc38c4d4de2df)
| Alyssa Ross | 2024-02-27 | 1 | -2/+2 |
| * | | | | | | linux_testing: 6.8-rc5 -> 6.8-rc6•••(cherry picked from commit c63ac9d4335bc253e0b0fa79b2ed6ad6f41ec808)
| Alyssa Ross | 2024-02-27 | 1 | -2/+2 |
| |/ / / / / |
|
| * | | | | | Merge #291607: aspellDicts: extend cp1252 workaround to all platforms•••...into release-23.11
Hydra still affected on 23.11:
https://hydra.nixos.org/eval/1804567?filter=aspellDicts#tabs-aborted
| Vladimír Čunát | 2024-02-27 | 1 | -2/+3 |
| |\ \ \ \ \ |
|
| | * | | | | | aspellDicts: extend cp1252 workaround to all platforms•••(cherry picked from commit 2c93b5fb8b61a0ab1a1806a12da1bf794eb2856a)
| K900 | 2024-02-26 | 1 | -2/+3 |
| * | | | | | | Merge pull request #291636 from flyingcircusio/23.11-matomo-4.16.1•••[23.11] matomo: 4.15.1 -> 4.16.1 | Leona Maroni | 2024-02-27 | 1 | -2/+2 |
| |\ \ \ \ \ \ |
|
| | * | | | | | | matomo: 4.16.0 -> 4.16.1•••- https://matomo.org/changelog/matomo-4-16-1/
(cherry picked from commit 744013228595ac1174a1fae196428ec9deb656c1)
| Tobias Stenzel | 2024-02-26 | 1 | -2/+2 |
| | * | | | | | | matomo: 4.15.1 -> 4.16.0•••https://matomo.org/changelog/matomo-4-16-0/
(cherry picked from commit 01eba3bcbaa9a60f4b9ed4a325ccd809dda668c6)
| Tobias Stenzel | 2024-02-26 | 1 | -2/+2 |
| | |/ / / / / |
|
| * | | | | | | Merge pull request #291658 from NixOS/backport-288677-to-release-23.11•••[Backport release-23.11] lib.fileset.toList: init | Silvan Mosberger | 2024-02-26 | 3 | -2/+82 |
| |\ \ \ \ \ \ |
|
| | * | | | | | | lib.fileset.toList: init•••(cherry picked from commit e3a6e380337820d17c154c54eaf50ab95bba5c0d)
| Silvan Mosberger | 2024-02-26 | 3 | -2/+82 |
| |/ / / / / / |
|
| * | | | | | | Merge pull request #291054 from NixOS/backport-291000-to-release-23.11•••[Backport release-23.11] edk2: 202311 -> 202402 | Adam C. Stephens | 2024-02-26 | 1 | -2/+2 |
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | * | | | | | edk2: 202311 -> 202402•••Fixes CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233,
CVE-2023-45234, CVE-2023-45235, CVE-2022-36763, CVE-2022-36764 and CVE-2022-36765.
GHSA-hc6x-cw6p-gj7h
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
GHSA-4hcq-p8q8-hj8j
Changelog:
https://github.com/tianocore/edk2/releases/tag/edk2-stable202402
(cherry picked from commit 60731f2750a2251cbfe9a1259eb3275a03020a3b)
origin/backport-291000-to-release-23.11 | Thomas Gerbet | 2024-02-24 | 1 | -2/+2 |
| * | | | | | | Merge pull request #291576 from NixOS/backport-291463-to-release-23.11•••[Backport release-23.11] packet-sd: fix chmod application order | Martin Weinelt | 2024-02-26 | 1 | -0/+5 |
| |\ \ \ \ \ \ |
|
| | * | | | | | | packet-sd: fix chmod application order•••(cherry picked from commit 5e721403ec713b20a3e7e4c17d7adeadb6f4cb95)
| Martin Weinelt | 2024-02-26 | 1 | -0/+5 |
| * | | | | | | | Merge pull request #291474 from NixOS/backport-291449-to-release-23.11 | Franz Pletz | 2024-02-26 | 1 | -2/+2 |
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
|
| | * | | | | | | whois: 5.5.20 -> 5.5.21•••Changes: https://github.com/rfc1036/whois/compare/v5.5.20...v5.5.21
(cherry picked from commit 26c37fca28c97d0431b403f4d6ba2bbdc39c0b3c)
| Sergei Trofimovich | 2024-02-26 | 1 | -2/+2 |
| * | | | | | | | yara: make patch unconditional•••(cherry picked from commit 5e84b19d911434d206bee21259afc60ce3527b00)
| Alyssa Ross | 2024-02-26 | 1 | -2/+1 |
| * | | | | | | | resholve: oildev: disable libc tests unconditionally•••There's no point testing the behaviour of libc on some platforms and
not others if we intend to run on all of them.
(cherry picked from commit a79f4e520e36174a6616ad92b99771c14732d065)
| Alyssa Ross | 2024-02-26 | 1 | -1/+0 |
| * | | | | | | | linux/hardened/patches/6.7: 6.7.5-hardened1 -> 6.7.6-hardened1•••(cherry picked from commit e67a2aaf19f432d0b7c7ac2129f47385a89b3011)
| Fabián Heredia Montiel | 2024-02-26 | 1 | -5/+5 |
| * | | | | | | | linux/hardened/patches/6.6: 6.6.17-hardened1 -> 6.6.18-hardened1•••(cherry picked from commit 990fbf3bce9b5d8c621e7e43c3fff65286cdf3e0)
| Fabián Heredia Montiel | 2024-02-26 | 1 | -5/+5 |
| * | | | | | | | linux/hardened/patches/6.1: 6.1.78-hardened1 -> 6.1.79-hardened1•••(cherry picked from commit 6183eb804d8cba59e4c9bf24aeb12ab28d8359f8)
| Fabián Heredia Montiel | 2024-02-26 | 1 | -5/+5 |
| * | | | | | | | linux/hardened/patches/5.4: 5.4.268-hardened1 -> 5.4.269-hardened1•••(cherry picked from commit 58be35f5c3503152880d6dae3c46708c40394208)
| Fabián Heredia Montiel | 2024-02-26 | 1 | -5/+5 |
