summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* nixos/wrappers: require argc to be at least one•••setuid applications were exploited in the past with an empty argv, such as pkexec using CVE-2021-4034. (cherry picked from commit 2a6a3d2c47626782f604a1fb4ec506c834efb47a) origin/backport-156822-to-release-21.11Konrad Borowski2022-05-161-0/+1
* nixos/wrappers: create a new assert macro that always asserts•••C's assert macro only works when NDEBUG is undefined. Previously NDEBUG was undefined incorrectly which meant that the assert macros in wrapper.c did not work. (cherry picked from commit 1009d6e79e7f4ef92d7db27214c55a36f5e22c6f) Konrad Borowski2022-05-161-17/+20
* Merge pull request #173268 from DeterminateSystems/podman•••[21.11] podman: add patch for CVE-2022-27649adisbladis2022-05-161-0/+10
|\
| * podman: add patch for CVE-2022-27649•••"default inheritable capabilities for linux container not empty" https://github.com/advisories/GHSA-qvf8-p83w-v58j Fixes: CVE-2022-27649 Linus Heckemann2022-05-161-0/+10
* | Merge pull request #173257 from NixOS/backport-172369-to-release-21.11•••[Backport release-21.11] microcodeIntel: 20220419 -> 20220510Linus Heckemann2022-05-161-2/+2
|\ \
| * | microcodeIntel: 20220419 -> 20220510•••https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html Fixes: CVE-2022-21151 (cherry picked from commit 72429cd8ea51ffac7272bb144b36939d4268ac07) Martin Weinelt2022-05-161-2/+2
|/ /
* | Merge pull request #173244 from NixOS/backport-172835-to-release-21.11•••[Backport release-21.11] clamav: 0.103.5 -> 0.103.6Linus Heckemann2022-05-161-2/+2
|\ \
| * | clamav: 0.103.5 -> 0.103.6•••Fixes a number of vulnerabilities. https://github.com/Cisco-Talos/clamav/blob/rel/0.103/NEWS.md#01036 https://mmmds.pl/clamav/ Fixes: CVE-2022-20803, CVE-2022-20770, CVE-2022-20796, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792 (cherry picked from commit 833884de60dc28084a3fc7177a4152094f06412a) Linus Heckemann2022-05-161-2/+2
|/ /
* | Merge pull request #169198 from NixOS/backport-168875-to-release-21.11•••[Backport release-21.11] hydrus: 480 -> 481Artturi2022-05-161-3/+3
|\ \
| * | hydrus: 480 -> 481•••(cherry picked from commit 6592797222ea9b4c91b642b31322c57e9f8a2ca5) origin/backport-168875-to-release-21.11R. Ryantm2022-04-181-3/+3
* | | Merge pull request #169963 from NixOS/backport-160246-to-release-21.11•••[Backport release-21.11] droidmote: init at 3.0.6Artturi2022-05-162-0/+63
|\ \ \
| * | | droidmote: init at 3.0.6•••(cherry picked from commit ad605efb5fbdc2fa33f4ab385a4511fb1ba3f615) origin/backport-160246-to-release-21.11Átila Saraiva2022-04-232-0/+63
* | | | [Backport release-21.11] libde265: fix CVE-2022-1253 (#172856)•••* libde265: fix CVE-2022-1253 Closes #172496 (cherry picked from commit 8699bfd2149e9122e677e08f0a46e3104a5ad290) * Update pkgs/development/libraries/libde265/default.nix Co-authored-by: Linus Heckemann <git@sphalerite.org> (cherry picked from commit fe4ca85c970a7bbd1746869865040787a8e6a5ec) * Update pkgs/development/libraries/libde265/default.nix (cherry picked from commit 0bc6dafb12b79112a695c7027fa6c3d0f97ab917) Co-authored-by: Sandro Jäckel <sandro.jaeckel@sap.com> Co-authored-by: Sandro <sandro.jaeckel@gmail.com>github-actions[bot]2022-05-161-2/+9
* | | | Merge pull request #164803 from NixOS/backport-164735-to-release-21.11•••[Backport release-21.11] nixos/nixos-enter: fix resolv.conf error handling and cleanupArtturi2022-05-161-11/+11
|\ \ \ \
| * | | | nixos/nixos-enter: cleanup resolv.conf handling•••(cherry picked from commit 69cff425e6654786fdacbdc495a4f560fcdc7c61) origin/backport-164735-to-release-21.11Ben Wolsieffer2022-03-191-10/+10
| * | | | nixos/nixos-enter: fix resolv.conf error handling•••(cherry picked from commit 1ee3d9477ba01dbc3545de8cb321005dd1c7b37f) Ben Wolsieffer2022-03-191-1/+1
* | | | | Merge pull request #173178 from DarkOnion0/drawio-backport•••[21.11] drawio: 15.7.3 -> 18.0.4Jörg Thalheim2022-05-151-2/+2
|\ \ \ \ \
| * | | | | drawio: 15.7.3 -> 18.0.4DarkOnion02022-05-151-2/+2
* | | | | | Merge pull request #173176 from prusnak/backport-172961-to-release-21.11•••[21.11] electron: (mostly) remove dependency on libXss.soPavol Rusnak2022-05-151-3/+2
|\ \ \ \ \ \
| * | | | | | electron: (mostly) remove dependency on libXss.so•••Electron 10, which is built from Chromium 85.0.4183.84, no longer depends on libXScrnSaver. This was removed from Chromium upstream in revision 782094 (https://chromium-review.googlesource.com/c/chromium/src/+/2261490), which landed in Chromium 85.0.4182.0 (https://storage.googleapis.com/chromium-find-releases-static/aa5.html#aa5c637805cd33366f2181ed6ec54e0ed174a6f9). This change removes the LD_PRELOAD of libXss.so.1 and simply includes libXScrnSaver in the rpath for Electron versions prior to 10.0.0. (cherry picked from commit f26abaa2ef8d4f17d79ef60a4f4a1389d840b7f8) Noah Fontes2022-05-151-3/+2
|/ / / / / /
* | | | | | Merge pull request #172618 from nh2/consul-1.11.5-nixos-21.11•••[21.11] consul: 1.10.3 -> 1.10.10Niklas Hambüchen2022-05-141-3/+3
|\ \ \ \ \ \
| * | | | | | [21.11] consul: 1.10.3 -> 1.10.10•••Fixes #166623. Fixes #172481. Niklas Hambüchen2022-05-121-3/+3
* | | | | | | Merge pull request #172919 from bachp/minio-2022-05-08T23-50-31Z_21.11•••[Backport release-21.11] minio: 2022-01-08T03-11-54Z -> 2022-05-08T23-50-31Mario Rodas2022-05-141-3/+3
|\ \ \ \ \ \ \
| * | | | | | | minio: 2022-03-22T02-05-10Z -> 2022-05-08T23-50-31ZPascal Bach2022-05-131-3/+3
| * | | | | | | minio: 2022-03-17T06-34-49Z -> 2022-03-22T02-05-10ZR. Ryantm2022-05-131-3/+3
| * | | | | | | minio: 2022-02-26T02-54-46Z -> 2022-03-17T06-34-49ZPascal Bach2022-05-131-3/+3
| * | | | | | | minio: 2022-02-24T22-12-01Z -> 2022-02-26T02-54-46ZR. Ryantm2022-05-131-3/+3
| * | | | | | | minio: 2022-02-18T01-50-10Z -> 2022-02-24T22-12-01ZR. Ryantm2022-05-131-3/+3
| * | | | | | | minio: 2022-02-16T00-35-27Z -> 2022-02-18T01-50-10ZR. Ryantm2022-05-131-3/+3
| * | | | | | | minio: 2022-02-12T00-51-25Z -> 2022-02-16T00-35-27ZR. Ryantm2022-05-131-3/+3
| * | | | | | | minio: 2022-02-07T08-17-33Z -> 2022-02-12T00-51-25ZR. Ryantm2022-05-131-3/+3
| * | | | | | | minio: 2022-01-08T03-11-54Z -> 2022-02-07T08-17-33ZR. Ryantm2022-05-131-3/+3
* | | | | | | | Merge pull request #172984 from NixOS/backport-172942-to-release-21.11•••[Backport release-21.11] signal-desktop: 5.42.0 -> 5.43.0Mario Rodas2022-05-141-2/+2
|\ \ \ \ \ \ \ \
| * | | | | | | | signal-desktop: 5.42.0 -> 5.43.0•••(cherry picked from commit 7c2e6fb71ee40cae273a9f030c117040c33f7b4b) Eduardo Quiros2022-05-141-2/+2
| |/ / / / / / /
* | | | | | | | Merge pull request #172876 from NixOS/backport-172848-to-release-21.11•••[Backport release-21.11] Linux kernels 2022-05-13Maximilian Bosch2022-05-148-44/+44
|\ \ \ \ \ \ \ \
| * | | | | | | | linux/hardened/patches/5.4: 5.4.192-hardened1 -> 5.4.193-hardened1•••(cherry picked from commit 081daee45eb4f594f19a522cfbbccc32482e4e99) Maximilian Bosch2022-05-131-5/+5
| * | | | | | | | linux/hardened/patches/5.17: 5.17.6-hardened1 -> 5.17.7-hardened1•••(cherry picked from commit 1d8fa8ef14afe31260258fa88a8aef704afcd61b) Maximilian Bosch2022-05-131-5/+5
| * | | | | | | | linux/hardened/patches/5.15: 5.15.38-hardened1 -> 5.15.39-hardened1•••(cherry picked from commit b644615669498e3590c7c277ec580d67cd343d13) Maximilian Bosch2022-05-131-5/+5
| * | | | | | | | linux/hardened/patches/5.10: 5.10.114-hardened1 -> 5.10.115-hardened1•••(cherry picked from commit 6abf4b2b96b4ee1cec95f36282d16cc9db98437a) Maximilian Bosch2022-05-131-5/+5
| * | | | | | | | linux/hardened/patches/4.19: 4.19.241-hardened1 -> 4.19.242-hardened1•••(cherry picked from commit 34ede69b72f824d00c21473b6d6321c629f57246) Maximilian Bosch2022-05-131-5/+5
| * | | | | | | | linux/hardened/patches/4.14: 4.14.277-hardened1 -> 4.14.278-hardened1•••(cherry picked from commit ab2f51774bbb2e0ab8075f7126a424ea0efff538) Maximilian Bosch2022-05-131-5/+5
| * | | | | | | | linux: 5.4.192 -> 5.4.193•••(cherry picked from commit 354346828022e1a70f4f2f4eb713955182c58a95) Maximilian Bosch2022-05-131-2/+2
| * | | | | | | | linux: 5.17.6 -> 5.17.7•••(cherry picked from commit dcc82f4e65f0c9a132c7b419596d97ed5c89b0cd) Maximilian Bosch2022-05-131-2/+2
| * | | | | | | | linux: 5.15.38 -> 5.15.39•••(cherry picked from commit 2b8fcabeb6bf5177513f2cff8bd1a62df43da6a8) Maximilian Bosch2022-05-131-2/+2
| * | | | | | | | linux: 5.10.114 -> 5.10.115•••(cherry picked from commit 2bea336233b08d53820a042f77d843129e4befb2) Maximilian Bosch2022-05-131-2/+2
| * | | | | | | | linux: 4.9.312 -> 4.9.313•••(cherry picked from commit 7885a531970b1011d33b1069255e1d55374ca0b3) Maximilian Bosch2022-05-131-2/+2
| * | | | | | | | linux: 4.19.241 -> 4.19.242•••(cherry picked from commit 30efbf1352085cae280f1a1230798f2e999f9849) Maximilian Bosch2022-05-131-2/+2
| * | | | | | | | linux: 4.14.277 -> 4.14.278•••(cherry picked from commit 6956681f24429de5973a171bd0add6857c377867) Maximilian Bosch2022-05-131-2/+2
| |/ / / / / / /
* | | | | | | | Merge pull request #172669 from NixOS/backport-172574-to-release-21.11•••[Backport release-21.11] element-{web,desktop}: 1.10.11 -> 1.10.12Maximilian Bosch2022-05-142-8/+8
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | |
| * | | | | | | element-{web,desktop}: 1.10.11 -> 1.10.12•••(cherry picked from commit 8ca6240a846001c14662600bc5e8d5ba99180711) Sumner Evans2022-05-122-8/+8
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 05:13:51 +0000