summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Merge #325769: staging-next-23.11 iteration 10•••...into release-23.11 A bit late roundup of what's been staged during June. Most likely we'll only ever make binaries for *-linux. (darwin people hopefully use the darwin channel, so they'll get the older binaries) origin/release-23.11origin/nixos-23.11-smallorigin/nixos-23.11Vladimír Čunát2024-07-099-17/+82
|\
| * Merge branch 'release-23.11' into staging-next-23.11origin/staging-next-23.11Vladimír Čunát2024-07-054-6/+45
| |\ | |/ |/|
* | python3Packages.clustershell: remove blocking test•••remove tests/TreeGatewayTest.py because it does not return. apparently def wait(self): """wait for task/thread termination""" # can be blocked indefinitely if StreamWorker doesn't complete self.task.join() does apply in nix sandbox fixes #315146 (cherry picked from commit c217dc9717e9250e5cd05139e2dee3c8fa150e49) origin/nixpkgs-23.11-darwinFrank Doepper2024-07-021-5/+1
* | openssh_{hpn,gssapi}: add backported security fix patches•••Fixes a critical security bug allowing remote code execution as root: <https://www.openssh.com/txt/release-9.8> This may be CVE-2024-6387 (currently embargoed): <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> Thanks to upstream and Sam James <sam@gentoo.org> for the backport: <https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338> Please don’t use these packages on the open internet if you care a lot about security. (cherry picked from commit e21559153b81b0de896f735893796bb9042a54d4) Emily2024-07-011-0/+4
* | Merge pull request #323765 from emilazy/openssh-security-backport-23.11•••[23.11] openssh: add backported security fix patchesLeona Maroni2024-07-013-1/+40
|\ \
| * | openssh: add backported security fix patches•••Fixes a critical security bug allowing remote code execution as root: <https://www.openssh.com/txt/release-9.8> This may be CVE-2024-6387 (currently embargoed): <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> Thanks to upstream and Sam James <sam@gentoo.org> for the backport: <https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338> Emily2024-07-013-1/+40
|/ /
| * Merge branch 'staging-23.11' into staging-next-23.11Vladimír Čunát2024-07-059-17/+82
| |\
| | * Merge staging-next-23.11 into staging-23.11origin/staging-23.11github-actions[bot]2024-07-016-15/+15
| | |\ | | |/ | |/|
| * | Merge release-23.11 into staging-next-23.11github-actions[bot]2024-07-016-15/+15
| |\ \ | |/ / |/| |
* | | Merge pull request #323649 from NixOS/backport-322037-to-release-23.11•••[Backport release-23.11] mysql80: 8.0.36 -> 8.0.37Weijia Wang2024-06-301-2/+2
|\ \ \
| * | | mysql80: 8.0.36 -> 8.0.37•••Changes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-37.html Fixes: * CVE-2024-21047 * CVE-2024-21069 * CVE-2024-21060 * CVE-2024-21087 * CVE-2024-20998 * CVE-2024-21009 * CVE-2024-21054 * CVE-2024-21062 * CVE-2024-21102 * CVE-2024-21096 * CVE-2024-21008 * CVE-2024-21013 * CVE-2024-21000 https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixMSQL (cherry picked from commit 9b648599eaff67fd4d7045e22fa85f7656777eff) Thomas Gerbet2024-06-301-2/+2
* | | | Merge pull request #319649 from ShamrockLee/backport-apptainer-update-1.3.2•••[Backport release-23.11] apptainer: 1.2.5 -> 1.3.2Weijia Wang2024-06-301-3/+3
|\ \ \ \
| * | | | apptainer: 1.2.5 -> 1.3.2•••Fix CVE-2024-3727 in a dependent Go module. Backport https://github.com/NixOS/nixpkgs/pull/315423 Yueh-Shun Li2024-06-141-3/+3
* | | | | Merge pull request #321974 from LeSuisse/freeipa-4.11.2-23.11•••[23.11] freeipa: 4.11.1 -> 4.11.2Weijia Wang2024-06-301-2/+2
|\ \ \ \ \
| * | | | | freeipa: 4.11.1 -> 4.11.2•••Fixes CVE-2024-2698 and CVE-2024-3183. Changes: https://www.freeipa.org/release-notes/4-11-2.html (cherry picked from commit bd2722f46d467a268ee7090ea0180dabcc8047c1) Thomas Gerbet2024-06-231-2/+2
* | | | | | Merge pull request #323416 from Ma27/grafana-2311•••[23.11] grafana: 10.2.7 -> 10.2.8Weijia Wang2024-06-301-3/+3
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | |
| * | | | | grafana: 10.2.7 -> 10.2.8•••ChangeLog: https://github.com/grafana/grafana/releases/tag/v10.2.8 Maximilian Bosch2024-06-291-3/+3
* | | | | | Merge pull request #323023 from NixOS/backport-322661-to-release-23.11•••[Backport release-23.11] netbird: 0.27.10 -> 0.28.3Nick Cao2024-06-301-3/+3
|\ \ \ \ \ \
| * | | | | | netbird: 0.27.10 -> 0.28.3•••(cherry picked from commit 27fdb4ca2cacfddff59147701295168193e1b862) R. Ryantm2024-06-271-3/+3
* | | | | | | Merge pull request #323561 from NixOS/backport-323526-to-release-23.11Jon Seager2024-06-301-2/+2
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | |
| * | | | | | google-chrome: 126.0.6478.114 -> 126.0.6478.126•••(cherry picked from commit 7dfa379b930f604e6c5da312124f6ec12e3a943c) R. Ryantm2024-06-301-2/+2
|/ / / / / /
| | | | | * Merge pull request #323233 from LeSuisse/doxygen-polyfill.io-bad-actor•••[23.11] doxygen: apply patch removing the usage of polyfill.ioWeijia Wang2024-06-301-0/+9
| | | | | |\
| | | | | | * doxygen: apply patch removing the usage of polyfill.io•••The template used by doxygen when MathJax is needed uses a JS script provided by polyfill.io which is now considered to be a bad actor. https://sansec.io/research/polyfill-supply-chain-attack Thomas Gerbet2024-06-281-0/+9
| | | | | * | pandoc: apply patch removing the usage of polyfill.io in the templates•••If you output HTML with MathJax content Pandoc might uses a JS library provided by cdn.polyfill.io which is now considered to be a bad actor. https://sansec.io/research/polyfill-supply-chain-attack `haskellPackages.pandoc` is not impacted, the concerned domain is not used To reproduce the issue: 1. Create a file `math.tex` with the following content `$a^2 + b^2 = c^2$` 2. Call `pandoc` with `pandoc math.tex -s --mathjax -o ex.html` 3. Look at the injected scripts in `ex.html` Thomas Gerbet2024-06-301-1/+7
| | | | | * | Merge staging-next-23.11 into staging-23.11github-actions[bot]2024-06-302-9/+75
| | | | | |\ \ | | | | | |/ / | | | | |/| |
| | | | * | | Merge release-23.11 into staging-next-23.11github-actions[bot]2024-06-302-9/+75
| | | | |\ \ \ | |_|_|_|/ / / |/| | | | | |
* | | | | | | Merge pull request #323248 from LeSuisse/limesurvey-hardcoded-crypto-settings•••[23.11] nixos/limesurvey: drop default encryption key and nonceWeijia Wang2024-06-292-9/+75
|\ \ \ \ \ \ \
| * | | | | | | nixos/limesurvey: drop default encryption key and nonce•••(cherry picked from commit daa81ecb2e752df8fb88d6b6ce9dd4f37a172ef7) Weijia Wang2024-06-282-9/+75
|/ / / / / / /
| | | | | * | Merge pull request #323385 from NixOS/backport-321349-to-staging-23.11•••[Backport staging-23.11] libndp: apply patch for CVE-2024-5564Robert Scott2024-06-291-1/+10
| | | | | |\ \
| | | | | | * | libndp: apply patch for CVE-2024-5564•••(cherry picked from commit e546e8ff516328a6500b68a7ebb72882f8ff4df7) Thomas Gerbet2024-06-291-1/+10
| | | | | |/ /
| | | | | * | Merge staging-next-23.11 into staging-23.11github-actions[bot]2024-06-291-16/+16
| | | | | |\ \ | | | | | |/ / | | | | |/| |
| | | | * | | Merge release-23.11 into staging-next-23.11github-actions[bot]2024-06-291-16/+16
| | | | |\ \ \ | |_|_|_|/ / / |/| | | | | |
* | | | | | | Merge pull request #323188 from NixOS/backport-322978-to-release-23.11•••[Backport release-23.11] Discord updatesArtturin2024-06-281-16/+16
|\ \ \ \ \ \ \
| * | | | | | | Discord updates•••discord: 0.0.56 -> 0.0.58 discord-ptb: 0.0.90 -> 0.0.92 discord-canary: 0.0.431 -> 0.0.438 discord-development: 0.0.19 -> 0.0.21 pkgsCross.aarch64-darwin.discord: 0.0.307 -> 0.0.309 pkgsCross.aarch64-darwin.discord-ptb: 0.0.119 -> 0.0.121 pkgsCross.aarch64-darwin.discord-canary: 0.0.531 -> 0.0.547 pkgsCross.aarch64-darwin.discord-development: 0.0.41 -> 0.0.43 (cherry picked from commit 76551701c130bd08fb6722cdd9b95d75bd021634) Artturin2024-06-281-16/+16
|/ / / / / / /
* | | | | | | Merge pull request #323186 from NixOS/backport-321674-to-release-23.11•••[Backport release-23.11] discord-canary: 0.0.422 -> 0.0.431Artturin2024-06-281-2/+2
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | |
| * | | | | | discord-canary: 0.0.422 -> 0.0.431•••(cherry picked from commit b8877d07e8a2068b2f8718550b39ba2cc41eef1c) R. Ryantm2024-06-281-2/+2
|/ / / / / /
| | | | * | Merge pull request #318322 from thillux/mtheil/23.11-openssl-update-2024-06•••(23.11) openssl_3: 3.0.13 -> 3.0.14; openssl_3_1: 3.1.5 -> 3.1.6Robert Scott2024-06-281-4/+4
| | | | |\ \ | | | | | |/ | | | | |/|
| | | | | * openssl_3_1: 3.1.5 -> 3.1.6•••Changelog: https://github.com/openssl/openssl/blob/openssl-3.1/CHANGES.md#changes-between-315-and-316-4-jun-2024 CVEs fixed: - Fixed potential use after free after SSL_free_buffers() is called. (CVE-2024-4741) - Fixed an issue where checking excessively long DSA keys or parameters may be very slow. (CVE-2024-4603) - Fixed an issue where some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service. (CVE-2024-2511) Signed-off-by: Markus Theil <theil.markus@gmail.com> Markus Theil2024-06-081-2/+2
| | | | | * openssl_3: 3.0.13 -> 3.0.14•••Changelog: https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md#changes-between-3013-and-3014-4-jun-2024 CVEs fixed: - Fixed potential use after free after SSL_free_buffers() is called. (CVE-2024-4741) - Fixed an issue where checking excessively long DSA keys or parameters may be very slow. (CVE-2024-4603) - Fixed an issue where some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service. (CVE-2024-2511) Signed-off-by: Markus Theil <theil.markus@gmail.com> Markus Theil2024-06-081-2/+2
| | | | * | Merge staging-next-23.11 into staging-23.11github-actions[bot]2024-06-2816-480/+97
| | | | |\ \ | | | | |/ / | | | |/| |
| | | * | | Merge release-23.11 into staging-next-23.11github-actions[bot]2024-06-2816-480/+97
| | | |\ \ \ | |_|_|/ / / |/| | | | |
* | | | | | Merge pull request #323007 from fricklerhandwerk/backport-322886-to-release-2...•••nixVersions: bump patch releasesWeijia Wang2024-06-272-9/+9
|\ \ \ \ \ \
| * | | | | | nixVersions: bump patch releases•••(cherry picked from commit 144ac0d7fc16609847d957d53a715d393caaeef2) Valentin Gagarin2024-06-272-9/+9
|/ / / / / /
* | | | | | Merge pull request #322672 from NixOS/backport-322437-to-release-23.11•••[Backport release-23.11] knot-dns: 3.3.6 -> 3.3.7Nick Cao2024-06-271-2/+2
|\ \ \ \ \ \
| * | | | | | knot-dns: 3.3.6 -> 3.3.7•••https://gitlab.nic.cz/knot/knot-dns/-/releases/v3.3.7 (cherry picked from commit 1622a46318041a0cce995a1eea6976396af0556c) Vladimír Čunát2024-06-261-2/+2
* | | | | | | gitlab: 16.11.4 -> 16.11.5•••https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.5-ee/CHANGELOG.md Fixes CVE-2024-1493 Fixes CVE-2024-1816 Fixes CVE-2024-2177 Fixes CVE-2024-2191 Fixes CVE-2024-3115 Fixes CVE-2024-3959 Fixes CVE-2024-4011 Fixes CVE-2024-4025 Fixes CVE-2024-4557 Fixes CVE-2024-4901 Fixes CVE-2024-4994 Fixes CVE-2024-5430 Fixes CVE-2024-5655 Fixes CVE-2024-6323 (cherry picked from commit aff7eed4e7a1eddce866312da4f131b4b8af4066) Yaya2024-06-274-11/+11
* | | | | | | Merge pull request #321714 from alois31/nix-2.18.3-23.11•••nixVersions.nix_2_18: 2.18.1 -> 2.18.3Artturin2024-06-273-390/+7
|\ \ \ \ \ \ \
| * | | | | | | nixVersions.nix_2_18: 2.18.1 -> 2.18.3•••Diff: https://github.com/NixOS/nix/compare/2.18.1...2.18.3 The patch for CVE-2024-27297 can be dropped since it's included upstream. The regression that prevented the upgrade to 2.18.2 so far is fixed too. Alois Wohlschlager2024-06-223-390/+7
* | | | | | | | Merge pull request #322927 from NixOS/backport-322908-to-release-23.11•••[Backport release-23.11] Kernel updates for 2024-06-27K9002024-06-273-14/+14
|\ \ \ \ \ \ \ \
| * | | | | | | | linux-rt_6_6: 6.6.34-rt33 -> 6.6.35-rt34•••(cherry picked from commit f6c43dab739c8bcce80577c80cefeaea031c7a4f) K9002024-06-271-3/+3
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 03:03:02 +0000