| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Merge pull request #125335 from NixOS/backport-125306-to-release-20.09•••[Backport release-20.09] firefox-esr: 78.10.1esr -> 78.11.0esrorigin/nixos-20.09-aarch64 | Martin Weinelt | 2021-06-03 | 1 | -2/+2 |
| |\ |
|
| | * | firefox-esr: 78.10.1esr -> 78.11.0esr•••https://www.mozilla.org/en-US/firefox/78.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/
(cherry picked from commit f42ea75dec8fff9becbdf2094044485ec103dcd1)
origin/backport-125306-to-release-20.09 | Martin Weinelt | 2021-06-02 | 1 | -2/+2 |
| |/ |
|
| * | Merge pull request #125098 from risicle/ris-python-websockets-CVE-2018-100051...•••[20.09] python3Packages.websockets: add patch for CVE-2018-1000518-redux | Robert Scott | 2021-06-01 | 1 | -0/+10 |
| |\ |
|
| | * | python3Packages.websockets: add patch for CVE-2018-1000518-redux•••this is a reintroduction of CVE-2018-1000518 which doesn't appear to
have its own CVE assigned (yet?)
| Robert Scott | 2021-05-31 | 1 | -0/+10 |
| * | | Merge pull request #124594 from mohe2015/backport-124347-20.09 | Sandro | 2021-06-01 | 4 | -758/+19 |
| |\ \
| |/
|/| |
|
| | * | step-cli: 0.13.3 -> 0.15.16 | Hedtke, Moritz | 2021-05-27 | 2 | -460/+10 |
| | * | step-ca: 0.13.3 -> 0.15.15 | Hedtke, Moritz | 2021-05-27 | 2 | -298/+9 |
| * | | Merge pull request #125053 from NixOS/backport-124957-to-release-20.09•••[Backport release-20.09] ungoogled-chromium: 90.0.4430.212 -> 91.0.4472.77 | Michael Weiss | 2021-05-31 | 2 | -13/+10 |
| |\ \ |
|
| | * | | ungoogled-chromium: 90.0.4430.212 -> 91.0.4472.77•••(cherry picked from commit 6c638ee6b10e7b9f567601068a195f45740805fc)
| Michael Weiss | 2021-05-31 | 2 | -13/+10 |
| |/ / |
|
| * | | neomutt: add patch for CVE-2021-32055•••no upstream release yet
(cherry picked from commit edcde75b989c69d566b8da67db2fa7351ca3c191)
| Robert Scott | 2021-05-31 | 1 | -0/+8 |
| * | | Merge pull request #124944 from NixOS/backport-124472-to-release-20.09•••[Backport release-20.09] keycloak: 13.0.0 -> 13.0.1 | Kim Lindberger | 2021-05-30 | 1 | -2/+2 |
| |\ \ |
|
| | * | | keycloak: 13.0.0 -> 13.0.1•••(cherry picked from commit 153eed52048365b0c91be1346dd566a41710eb69)
| R. RyanTM | 2021-05-30 | 1 | -2/+2 |
| |/ / |
|
| * | | Merge pull request #123109 from prusnak/electron-20.09 | Sandro | 2021-05-30 | 1 | -21/+23 |
| |\ \ |
|
| | * | | electron_10: 10.4.5 -> 10.4.7•••https://github.com/electron/electron/releases/tag/v10.4.6
https://github.com/electron/electron/releases/tag/v10.4.7
(cherry picked from commit f8fbfa538bcb8a8c187f4d60946cf8f0dc9dc6a7)
| TredwellGit | 2021-05-28 | 1 | -7/+7 |
| | * | | electron_11: 11.4.6 -> 11.4.7•••https://github.com/electron/electron/releases/tag/v11.4.7
(cherry picked from commit 505298f812a263244c2189549933c02d810965a7)
| TredwellGit | 2021-05-28 | 1 | -7/+8 |
| | * | | electron_12: 12.0.7 -> 12.0.9•••https://github.com/electron/electron/releases/tag/v12.0.8
https://github.com/electron/electron/releases/tag/v12.0.9
(cherry picked from commit a0426609c8cbf16e8ef1bbae34faa060fec6fe05)
| TredwellGit | 2021-05-28 | 1 | -7/+8 |
| | * | | electron_12: 12.0.6 -> 12.0.7•••https://github.com/electron/electron/releases/tag/v12.0.7
(cherry picked from commit 537c040cebe877774bce9169001a0978d8db35d7)
| TredwellGit | 2021-05-17 | 1 | -7/+7 |
| | * | | electron_11: 11.4.5 -> 11.4.6•••https://github.com/electron/electron/releases/tag/v11.4.6
(cherry picked from commit 88772a7a42a7d9bed9b11662b86fdd89e1b4e95d)
| TredwellGit | 2021-05-17 | 1 | -7/+7 |
| | * | | electron_12: 12.0.5 -> 12.0.6•••https://github.com/electron/electron/releases/tag/v12.0.6
(cherry picked from commit 1d0bf51a6e8c9ca21a9a07f271971528813b05f3)
| TredwellGit | 2021-05-15 | 1 | -7/+7 |
| | * | | electron_11: 11.4.4 -> 11.4.5•••(cherry picked from commit 547cf3fbc28dd55d3716698a6501b65b7b75f3a8)
| Pavol Rusnak | 2021-05-15 | 1 | -7/+7 |
| | * | | electron_10: 10.4.4 -> 10.4.5•••(cherry picked from commit d4c3ac5c50234cd44276e2814600e1ff2950535a)
| Pavol Rusnak | 2021-05-15 | 1 | -7/+7 |
| * | | | Merge pull request #124885 from risicle/ris-yara-4.0.5-r20.09•••[20.09] yara: 4.0.1 -> 4.0.5 | Sandro | 2021-05-30 | 1 | -3/+17 |
| |\ \ \ |
|
| | * | | | yara: 4.0.1 -> 4.0.5•••(cherry picked from commit e7b4f9b91e6c93b67f681471f5fa68ab672d9dad)
| roblabla | 2021-05-29 | 1 | -3/+17 |
| * | | | | Merge pull request #124894 from NixOS/backport-124839-to-release-20.09•••[Backport release-20.09] nixos/wordpress: regenerate secret keys if misspelled key name is found | Martin Weinelt | 2021-05-30 | 1 | -1/+3 |
| |\ \ \ \
| |/ / /
|/| | | |
|
| | * | | | nixos/wordpress: regenerate secret keys if misspelled key name is found•••A secret key generated by the nixos module was misspelled, which could
possibly impact the security of session cookies.
To recover from this situation we will wipe all security keys that were
previously generated by the NixOS module, when the misspelled one is
found. This will result in all session cookies being invalidated. This
is confirmed by the wordpress documentation:
> You can change these at any point in time to invalidate all existing
> cookies. This does mean that all users will have to login again.
https://wordpress.org/support/article/editing-wp-config-php/#security-keys
Meanwhile this issue shouldn't be too grave, since the salting function
of wordpress will rely on the concatenation of both the user-provided
and automatically generated values, that are stored in the database.
> Secret keys are located in two places: in the database and in the
> wp-config.php file. The secret key in the database is randomly
> generated and will be appended to the secret keys in wp-config.php.
https://developer.wordpress.org/reference/functions/wp_salt/
Fixes: 2adb03fdaea6186299c6ff578bb6814d8f3bb30b ("nixos/wordpress:
generate secrets locally")
Reported-by: Moritz Hedtke <Moritz.Hedtke@t-online.de>
(cherry picked from commit 724ed08df02546fea2ab38613d615dd47461528c)
| Martin Weinelt | 2021-05-29 | 1 | -1/+3 |
| |/ / / |
|
| * | | | Merge pull request #124809 from Moredread/backport/vcv-rack-pffft-source•••[20.09] Backport Fetch pffft from upstream project website instead of bitbucket | Sandro | 2021-05-29 | 1 | -5/+3 |
| |\ \ \ |
|
| | * | | | vcv-rack: fetch pffft from upstream project website instead of bitbucket•••Starting from this commit
https://github.com/VCVRack/Rack/commit/2db08f15a00f6792bb3a45db31dd13f94966beed
the upstream project does not expect to use bitbucket anymore. The title
mentions that “BitBucket deleted all Mercurial repos”. Instead, an archive of
the pffft source is hosted on vcvrack.com directly. The unziped sha256 is the
same as before this change.
(cherry picked from commit 7964c9827f7ade5bc0a76e60fb364dfb72b5468e)
| EEva (JPotier) | 2021-05-28 | 1 | -5/+3 |
| |/ / / |
|
| * | | | Merge pull request #124517 from mohe2015/update/wordpress-20.09•••[20.09] wordpress: 5.6.2 -> 5.6.4 | Martin Weinelt | 2021-05-28 | 1 | -2/+2 |
| |\ \ \ |
|
| | * | | | wordpress: 5.6.2 -> 5.6.4 | Hedtke, Moritz | 2021-05-26 | 1 | -2/+2 |
| * | | | | Merge pull request #124738 from markuskowa/upd-slurm•••[20.09] slurm: 20.02.6.1 -> 20.02.7.1 | markuskowa | 2021-05-28 | 1 | -2/+2 |
| |\ \ \ \ |
|
| | * | | | | slurm: 20.02.6.1 -> 20.02.7.1•••Fix CVE-2021-31215
| Markus Kowalewski | 2021-05-28 | 1 | -2/+2 |
| |/ / / / |
|
| * | | | | openvpn: 2.4.9 -> 2.4.11 (#124708)•••Fixes CVE-2020-15078.
https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 | Robert Schütz | 2021-05-28 | 1 | -2/+2 |
| * | | | | samba: 4.12.14 -> 4.12.15•••fixes https://www.samba.org/samba/security/CVE-2021-20254.html
| Robert Schütz | 2021-05-27 | 1 | -2/+2 |
| * | | | | Merge pull request #124692 from rnhmjoj/mutt-20.09•••mutt: patch for CVE-2021-32055 | Michele Guerini Rocco | 2021-05-27 | 1 | -0/+5 |
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | * | | | mutt: patch for CVE-2021-32055 | rnhmjoj | 2021-05-27 | 1 | -0/+5 |
| | |/ / |
|
| * | | | Merge pull request #124478 from LeSuisse/sssd-1.16.5-20.09•••[20.09] sssd: 1.16.4 -> 1.16.5 | Robert Scott | 2021-05-26 | 1 | -9/+13 |
| |\ \ \
| |/ /
|/| | |
|
| | * | | sssd: 1.16.4 -> 1.16.5•••Fixes CVE-2018-16838.
https://sssd.io/release-notes/sssd-1.16.5.html
(cherry picked from commit affda4029fdc80149c0f30c8cc6021cf4efda0e7)
| Thomas Gerbet | 2021-05-26 | 1 | -9/+13 |
| * | | | file-roller: 3.36.3 -> 3.36.4•••Fixes #120373 - [CVE-2020-36314](https://nvd.nist.gov/vuln/detail/CVE-2020-36314)
| Claudio Bley | 2021-05-26 | 1 | -2/+2 |
| * | | | Merge pull request #124424 from primeos/chromium-backport-oldstable•••[20.09] chromium: 90.0.4430.212 -> 91.0.4472.77 | Michael Weiss | 2021-05-26 | 1 | -9/+9 |
| |\ \ \
| |/ /
|/| | |
|
| | * | | chromium: 90.0.4430.212 -> 91.0.4472.77•••https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
This update includes 32 security fixes.
CVEs:
CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524
CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528
CVE-2021-30529 CVE-2021-30530 CVE-2021-30531 CVE-2021-30532
CVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-21212
CVE-2021-30536 CVE-2021-30537 CVE-2021-30538 CVE-2021-30539
CVE-2021-30540
(cherry picked from commit e522464f9afb7b1fda4c02117e6fa27ef1ade396)
| Michael Weiss | 2021-05-25 | 1 | -9/+9 |
| * | | | Merge pull request #124433 from mweinelt/20.09/nginx•••[20.09] nginx: Fix off-by-one in DNS resolver heap write | Andreas Rammhold | 2021-05-26 | 1 | -0/+8 |
| |\ \ \ |
|
| | * | | | nginx: Fix off-by-one in DNS resolver heap write•••Quoting from oss-security:
An off-by-one error in ngx_resolver_copy() while processing DNS
responses allows a network attacker to write a dot character ('.', 0x2E)
out of bounds in a heap allocated buffer. The vulnerability can be
triggered by a DNS response in reply to a DNS request from nginx when
the resolver primitive is configured. A specially crafted packet allows
overwriting the least significant byte of next heap chunk metadata with
0x2E. A network attacker capable of providing DNS responses to a nginx
server can achieve Denial-of-Service and likely remote code execution.
Due to the lack of DNS spoofing mitigations in nginx and the fact that
the vulnerable function is called before checking the DNS Transaction
ID, remote attackers might be able to exploit this vulnerability by
flooding the victim server with poisoned DNS responses in a feasible
amount of time.
https://www.openwall.com/lists/oss-security/2021/05/25/5
https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
Fixes: CVE-2021-23017
| Martin Weinelt | 2021-05-26 | 1 | -0/+8 |
| |/ / / |
|
| * | | | Merge pull request #123985 from LeSuisse/vault-1.6.5-20.09•••[20.09] vault: 1.6.4 -> 1.6.5 | Robert Scott | 2021-05-25 | 2 | -7/+7 |
| |\ \ \
| |/ /
|/| | |
|
| | * | | vault: 1.6.4 -> 1.6.5•••Fixes CVE-2021-32923.
| Thomas Gerbet | 2021-05-22 | 2 | -7/+7 |
| * | | | Merge pull request #124327 from sumnerevans/element-1.7.29-backport-20.09•••element: 1.7.28 -> 1.7.29 (backport to 20.09) | Martin Weinelt | 2021-05-25 | 3 | -5/+5 |
| |\ \ \ |
|
| | * | | | element: 1.7.28 -> 1.7.29 | Sumner Evans | 2021-05-24 | 3 | -5/+5 |
| * | | | | Merge pull request #124369 from ldesgoui/backport-20.09/discord | Sandro | 2021-05-25 | 1 | -6/+6 |
| |\ \ \ \
| |/ / /
|/| | | |
|
| | * | | | discord: 0.0.14 -> 0.0.15•••Discord prevents you from using the application if a new version is out.
(cherry picked from commit 501e54080dfc82c41011d371677a7390eab61586)
| wearemnr | 2021-05-25 | 1 | -6/+6 |
| |/ / / |
|
| * | | | Merge branch 'staging-20.09' into release-20.09 | Vladimír Čunát | 2021-05-25 | 1 | -0/+7 |
| |\ \ \ |
|
| | * \ \ | Merge branch 'release-20.09' into staging-20.09 | Vladimír Čunát | 2021-05-21 | 51 | -5419/+5239 |
| | |\ \ \ |
|
