-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade-2020-05-28-2efedf8fc74 #342
base: nixos-19.09
Are you sure you want to change the base?
Commits on Mar 12, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 6e67910 - Browse repository at this point
Copy the full SHA 6e67910View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4f40468 - Browse repository at this point
Copy the full SHA 4f40468View commit details -
Configuration menu - View commit details
-
Copy full SHA for d4acdf5 - Browse repository at this point
Copy the full SHA d4acdf5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8d27ad5 - Browse repository at this point
Copy the full SHA 8d27ad5View commit details -
Configuration menu - View commit details
-
Copy full SHA for d4148a7 - Browse repository at this point
Copy the full SHA d4148a7View commit details -
Merge pull request NixOS#82376 from flokli/19.09-gitlab-12.8.6
[19.09] gitlab 12.8.5 -> 12.8.6
Configuration menu - View commit details
-
Copy full SHA for 71b727e - Browse repository at this point
Copy the full SHA 71b727eView commit details -
Merge pull request NixOS#82354 from flokli/19.09-systemd-243.7
[19.09] systemd: 243.3 -> 243.7
Configuration menu - View commit details
-
Copy full SHA for 68d2f83 - Browse repository at this point
Copy the full SHA 68d2f83View commit details
Commits on Mar 14, 2020
-
(cherry picked from commit 243cd9f)
Configuration menu - View commit details
-
Copy full SHA for d0bdce3 - Browse repository at this point
Copy the full SHA d0bdce3View commit details -
thunderbird-bin: 68.5.0 -> 68.6.0
(cherry picked from commit 8330317)
Configuration menu - View commit details
-
Copy full SHA for 64565f9 - Browse repository at this point
Copy the full SHA 64565f9View commit details -
skypeforlinux: 8.51.0.92 -> 8.56.0.103
cherry-picked 4665c94 Closes NixOS#81868
Configuration menu - View commit details
-
Copy full SHA for 68ad45f - Browse repository at this point
Copy the full SHA 68ad45fView commit details -
openjpeg: add patch for CVE-2020-6851
(cherry picked from commit 773462c)
Configuration menu - View commit details
-
Copy full SHA for 1524ffc - Browse repository at this point
Copy the full SHA 1524ffcView commit details -
openjpeg: add patch for CVE-2020-8112
(cherry picked from commit 41d8bb1)
Configuration menu - View commit details
-
Copy full SHA for 3b9b10e - Browse repository at this point
Copy the full SHA 3b9b10eView commit details
Commits on Mar 15, 2020
-
Configuration menu - View commit details
-
Copy full SHA for c26a26d - Browse repository at this point
Copy the full SHA c26a26dView commit details -
Merge branch 'staging-19.09' into release-19.09
(Older version finished on Hydra.)
Configuration menu - View commit details
-
Copy full SHA for 021b296 - Browse repository at this point
Copy the full SHA 021b296View commit details -
Merge branch 'staging-19.09' into release-19.09
(Older version finished on Hydra.)
Configuration menu - View commit details
-
Copy full SHA for 686362c - Browse repository at this point
Copy the full SHA 686362cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0c2b734 - Browse repository at this point
Copy the full SHA 0c2b734View commit details -
Fixes CVE-2019-14889, issue NixOS#77264. Release notes: https://www.libssh.org/2019/12/10/libssh-0-9-3-and-libssh-0-8-8-security-release/ (cherry picked from commit 7ef8a42)
Configuration menu - View commit details
-
Copy full SHA for 45f415a - Browse repository at this point
Copy the full SHA 45f415aView commit details -
lz4: 1.9.1 -> 1.9.2 (PR NixOS#82437)
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2019-17543 Release notes: https://github.com/lz4/lz4/releases/tag/v1.9.2 (cherry picked from commit 18ac6ba)
Configuration menu - View commit details
-
Copy full SHA for cdd33cb - Browse repository at this point
Copy the full SHA cdd33cbView commit details -
samba4: patch all remaining security issues
https://www.samba.org/samba/history/security.html Tested: $ nix build -f nixos/release.nix tests.samba.x86_64-linux
Configuration menu - View commit details
-
Copy full SHA for 7d27cc8 - Browse repository at this point
Copy the full SHA 7d27cc8View commit details
Commits on Mar 16, 2020
-
python3Packages.signedjson: 1.0.0 -> 1.1.0
(cherry picked from commit 500375e)
Configuration menu - View commit details
-
Copy full SHA for a9d4746 - Browse repository at this point
Copy the full SHA a9d4746View commit details -
matrix-synapse: 1.9.1 -> 1.11.1
Contains only the version update from 8be61f7, the module-changes are not needed on 19.09 since the database is always configured properly here.
Configuration menu - View commit details
-
Copy full SHA for dce33f1 - Browse repository at this point
Copy the full SHA dce33f1View commit details -
Merge branch 'staging-19.09' into release-19.09
x86_64-linux rebuilds have finished, so let's merge to get the security fixes early.
Configuration menu - View commit details
-
Copy full SHA for 107ffbb - Browse repository at this point
Copy the full SHA 107ffbbView commit details -
libxml2: add patch for CVE-2019-20388
(cherry picked from commit 291c735) /cc roundup NixOS#79725
Configuration menu - View commit details
-
Copy full SHA for 9a808dd - Browse repository at this point
Copy the full SHA 9a808ddView commit details -
includes fix for nC-SA-2020-015. See nextcloud/server#19976, the SA currently has a typo - adressed in nextcloud/security-advisories#21.
Configuration menu - View commit details
-
Copy full SHA for 311c3fd - Browse repository at this point
Copy the full SHA 311c3fdView commit details -
Merge pull request NixOS#82697 from flokli/19.09-nextcloud-16.0.9
[19.09] nextcloud: 16.0.8 -> 16.0.9
Configuration menu - View commit details
-
Copy full SHA for 8d7fd7e - Browse repository at this point
Copy the full SHA 8d7fd7eView commit details
Commits on Mar 17, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 4f69f2c - Browse repository at this point
Copy the full SHA 4f69f2cView commit details -
The substitition in smtpd/parse.y isn't necessary anymore. The hardcoded /usr/libexec/ has been replaced by a PATH_LIBEXEC #define, which will be set properly by the build system. (cherry picked from commit 9658850)
Configuration menu - View commit details
-
Copy full SHA for 7db6a85 - Browse repository at this point
Copy the full SHA 7db6a85View commit details -
Fixes critical vulnerability: https://www.mail-archive.com/[email protected]/msg04850.html (cherry picked from commit 7b9bd59)
Configuration menu - View commit details
-
Copy full SHA for 3ecd571 - Browse repository at this point
Copy the full SHA 3ecd571View commit details -
(cherry picked from commit 77da495)
Configuration menu - View commit details
-
Copy full SHA for 7a106bd - Browse repository at this point
Copy the full SHA 7a106bdView commit details -
Release notes aren't available at this time [1] it is likely to be related to a recent mail to oss-security (either [2] or [3]). [1] https://www.mail-archive.com/[email protected]/msg04888.html [2] https://www.openwall.com/lists/oss-security/2020/02/24/5 [3] https://www.openwall.com/lists/oss-security/2020/02/24/4 (cherry picked from commit 09725e5)
Configuration menu - View commit details
-
Copy full SHA for 521c676 - Browse repository at this point
Copy the full SHA 521c676View commit details -
Revert "opensmtpd: mark as insecure due to CVE-2020-8794 / NixOS#80978"
This reverts commit 4f69f2c. We backported the latest opensmtpd version.
Configuration menu - View commit details
-
Copy full SHA for ce282f0 - Browse repository at this point
Copy the full SHA ce282f0View commit details -
Revert "opensmtpd: apply patch for CVE-2020-7247.patch"
This reverts commit f5c74e6. Already included in the opensmtpd version.
Configuration menu - View commit details
-
Copy full SHA for fe67f42 - Browse repository at this point
Copy the full SHA fe67f42View commit details -
opensmtpd: build against openssl
build fails against our local libressl version
Configuration menu - View commit details
-
Copy full SHA for 29431a0 - Browse repository at this point
Copy the full SHA 29431a0View commit details -
Merge pull request NixOS#82775 from Mic92/opensmtpd-backport
opensmtpd: 6.4.2p1 -> 6.6.4p1 [backport 19.09]
Configuration menu - View commit details
-
Copy full SHA for bf7c0f0 - Browse repository at this point
Copy the full SHA bf7c0f0View commit details -
a "Low severity" [0] security issue: > Fixed an overflow bug in the x64_64 Montgomery squaring procedure used > in exponentiation with 512-bit moduli (CVE-2019-1551) [0] https://www.openssl.org/news/vulnerabilities.html#y2019 (cherry picked from commit abecf82)
Configuration menu - View commit details
-
Copy full SHA for 41f1484 - Browse repository at this point
Copy the full SHA 41f1484View commit details -
Configuration menu - View commit details
-
Copy full SHA for 30fdf95 - Browse repository at this point
Copy the full SHA 30fdf95View commit details
Commits on Mar 18, 2020
-
buildGoModule: disable consult the checksum database on build
Since Go 1.13, `GOSUMDB` defaults to "sum.golang.org", to consult the checksum database of the main module's go.sum. We already use the default behavior when building `go-modules`, but Go tries to consult the checksum database again when building the module, and fails because since it requires `cacert` and `git` which are not propagated when building the package. (cherry picked from commit c5733e7)
Configuration menu - View commit details
-
Copy full SHA for 0e1cf19 - Browse repository at this point
Copy the full SHA 0e1cf19View commit details -
Signed-off-by: Martin Baillie <[email protected]> (cherry picked from commit 6e055c9)
Configuration menu - View commit details
-
Copy full SHA for dd9a493 - Browse repository at this point
Copy the full SHA dd9a493View commit details -
Fixes a severe bug with subnet routing. Signed-off-by: David Anderson <[email protected]> (cherry picked from commit f61f686)
Configuration menu - View commit details
-
Copy full SHA for 65ff637 - Browse repository at this point
Copy the full SHA 65ff637View commit details -
Merge pull request NixOS#82791 from andir/19.09/openssl
[19.09] openssl: 1.1.1d -> 1.1.1e
Configuration menu - View commit details
-
Copy full SHA for 87834cb - Browse repository at this point
Copy the full SHA 87834cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for b0055f4 - Browse repository at this point
Copy the full SHA b0055f4View commit details
Commits on Mar 19, 2020
-
keep brave up-to-date (cherry picked from commit 418e3e4) Reason: Browsers should be kept up-to-date for security reasons
Configuration menu - View commit details
-
Copy full SHA for 0e01f4f - Browse repository at this point
Copy the full SHA 0e01f4fView commit details -
Merge pull request NixOS#81789 from JeffLabonte/19_09-brave_1.4.95_to…
…_1.4.96 [19 09] brave 1.4.95 to 1.5.112
Configuration menu - View commit details
-
Copy full SHA for 8963012 - Browse repository at this point
Copy the full SHA 8963012View commit details -
Configuration menu - View commit details
-
Copy full SHA for 493a837 - Browse repository at this point
Copy the full SHA 493a837View commit details -
linuxPackages.wireguard: 0.0.20200215 -> 0.0.20200318
https://lists.zx2c4.com/pipermail/wireguard/2020-March/005188.html (cherry picked from commit e758e95)
Configuration menu - View commit details
-
Copy full SHA for 5d89c0b - Browse repository at this point
Copy the full SHA 5d89c0bView commit details -
Revert "openssl: 1.1.1d -> 1.1.1e"
This reverts commit 41f1484. openssl 1.1.1e introduces breaking changes in its EOF handling.
Configuration menu - View commit details
-
Copy full SHA for 49eed3a - Browse repository at this point
Copy the full SHA 49eed3aView commit details -
chromium: 80.0.3987.132 -> 80.0.3987.149
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html This update includes 13 security fixes. CVEs: CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2019-20503 CVE-2020-6449 Note: The release of version 81 is currently on pause: https://chromereleases.googleblog.com/2020/03/upcoming-chrome-and-chrome-os-releases.html (cherry picked from commit fe60ff7)
Configuration menu - View commit details
-
Copy full SHA for 359de6b - Browse repository at this point
Copy the full SHA 359de6bView commit details
Commits on Mar 20, 2020
-
wireguard-tools: 1.0.20200206 -> 1.0.20200319
https://lists.zx2c4.com/pipermail/wireguard/2020-March/005191.html (cherry picked from commit 19ceeb6)
Configuration menu - View commit details
-
Copy full SHA for 490d066 - Browse repository at this point
Copy the full SHA 490d066View commit details -
Merge pull request NixOS#82958 from primeos/chromium-backport
[19.09] chromium: 80.0.3987.132 -> 80.0.3987.149 (backport)
Configuration menu - View commit details
-
Copy full SHA for db12da3 - Browse repository at this point
Copy the full SHA db12da3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2cc4474 - Browse repository at this point
Copy the full SHA 2cc4474View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9b2a26d - Browse repository at this point
Copy the full SHA 9b2a26dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8e47767 - Browse repository at this point
Copy the full SHA 8e47767View commit details
Commits on Mar 21, 2020
-
openssl(_1_1): patch CVE-2019-1551
fetchpatch can't be used here and fetchurl from GitHub like in PR NixOS#82928 has the risk of breaking the hash later; fortunately the patches aren't too large.
Configuration menu - View commit details
-
Copy full SHA for 2071e3b - Browse repository at this point
Copy the full SHA 2071e3bView commit details -
Merge openssl(_1_1) downgrade (into release-19.09)
This fixes the regressed python3Packages.pyopenssl build and should unblock both channels.
Configuration menu - View commit details
-
Copy full SHA for b2d71b4 - Browse repository at this point
Copy the full SHA b2d71b4View commit details -
(cherry picked from commit 913e6b5)
Configuration menu - View commit details
-
Copy full SHA for 36cbcdc - Browse repository at this point
Copy the full SHA 36cbcdcView commit details -
(cherry picked from commit bf453da)
Configuration menu - View commit details
-
Copy full SHA for c3a9111 - Browse repository at this point
Copy the full SHA c3a9111View commit details -
grafana: add Frostman to maintainers
(cherry picked from commit 9e98d47)
Configuration menu - View commit details
-
Copy full SHA for 85600b7 - Browse repository at this point
Copy the full SHA 85600b7View commit details
Commits on Mar 22, 2020
-
grafana: Drop Frostman from maintainers
@Frostman is not in maintainers-list.nix on 19.09. This fails the build of the `channel` and `tarball` jobs on the small jobset. Follow-up of NixOS#83102
Configuration menu - View commit details
-
Copy full SHA for 4aac2c3 - Browse repository at this point
Copy the full SHA 4aac2c3View commit details -
Merge pull request NixOS#83109 from helsinki-systems/bp-drop-frostman
[19.09 unblock] grafana: Drop Frostman from maintainers
Configuration menu - View commit details
-
Copy full SHA for 8b8e73a - Browse repository at this point
Copy the full SHA 8b8e73aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 534e341 - Browse repository at this point
Copy the full SHA 534e341View commit details -
Configuration menu - View commit details
-
Copy full SHA for fb2dcec - Browse repository at this point
Copy the full SHA fb2dcecView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5801ac4 - Browse repository at this point
Copy the full SHA 5801ac4View commit details -
Configuration menu - View commit details
-
Copy full SHA for dbea1f6 - Browse repository at this point
Copy the full SHA dbea1f6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7dfe28c - Browse repository at this point
Copy the full SHA 7dfe28cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 216cd6c - Browse repository at this point
Copy the full SHA 216cd6cView commit details
Commits on Mar 23, 2020
-
tailscale: switch version and git ref to use a tag.
The tag points to the same commit hash, so the binary is unchanged. Signed-off-by: David Anderson <[email protected]> (cherry picked from commit 3fa813e)
Configuration menu - View commit details
-
Copy full SHA for 75569aa - Browse repository at this point
Copy the full SHA 75569aaView commit details -
tailscale: build using Go 1.13 explicitly.
Tailscale does not support Go 1.12. Signed-off-by: David Anderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 609a3da - Browse repository at this point
Copy the full SHA 609a3daView commit details
Commits on Mar 24, 2020
-
Add packages.json to the tarball job
Moved from nixos-homepage. (cherry picked from commit d6ec410)
Configuration menu - View commit details
-
Copy full SHA for 96c4045 - Browse repository at this point
Copy the full SHA 96c4045View commit details -
Compress optionsJSON using brotli
(cherry picked from commit 4052f9b)
Configuration menu - View commit details
-
Copy full SHA for 0ce53c4 - Browse repository at this point
Copy the full SHA 0ce53c4View commit details -
nixos/release-small.nix: Export options job
(cherry picked from commit e51c7f6)
Configuration menu - View commit details
-
Copy full SHA for 1a54743 - Browse repository at this point
Copy the full SHA 1a54743View commit details
Commits on Mar 25, 2020
-
protonvpn-cli-ng: 2.2.0 -> 2.2.2
Some changes were made after final review of the package. There was a missing runtime dependency that was discovered after merge of the backport (cherry picked from commit 9fe4a63) Reason: The dependency can make the package work or not
Configuration menu - View commit details
-
Copy full SHA for c0ce6d0 - Browse repository at this point
Copy the full SHA c0ce6d0View commit details -
gitlab: 12.8.6 -> 12.8.7 (NixOS#82838) (NixOS#83354)
https://about.gitlab.com/releases/2020/03/16/gitlab-12-8-7-released/ (cherry picked from commit 3a173c1)
Configuration menu - View commit details
-
Copy full SHA for da19ebc - Browse repository at this point
Copy the full SHA da19ebcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 67643b0 - Browse repository at this point
Copy the full SHA 67643b0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6f11eda - Browse repository at this point
Copy the full SHA 6f11edaView commit details
Commits on Mar 26, 2020
-
Merge pull request NixOS#83328 from JeffLabonte/update_protonvpn_ng_2…
….2.0-with_fix [19.09] protonvpn ng 2.2.0 to 2.2.2
Configuration menu - View commit details
-
Copy full SHA for ae48415 - Browse repository at this point
Copy the full SHA ae48415View commit details -
Configuration menu - View commit details
-
Copy full SHA for d5895b9 - Browse repository at this point
Copy the full SHA d5895b9View commit details -
Merge pull request NixOS#83417 from primeos/signal-desktop-backport
[19.09] signal-desktop: 1.32.1 -> 1.32.2 (backport)
Configuration menu - View commit details
-
Copy full SHA for 59c3b5f - Browse repository at this point
Copy the full SHA 59c3b5fView commit details -
nix-bash-completions: 0.6.7 -> 0.6.8 (NixOS#81019)
(cherry picked from commit 0e5d457)
Configuration menu - View commit details
-
Copy full SHA for 008fc89 - Browse repository at this point
Copy the full SHA 008fc89View commit details -
wire-desktop: Fix StartupWMClass
With quotes it doesn't match the Wire's screen, causing the window to not be grouped under its icon in Gnome. (cherry picked from commit da587da)
Configuration menu - View commit details
-
Copy full SHA for df07596 - Browse repository at this point
Copy the full SHA df07596View commit details -
Configuration menu - View commit details
-
Copy full SHA for a932b1c - Browse repository at this point
Copy the full SHA a932b1cView commit details -
Merge pull request NixOS#83450 from primeos/signal-desktop-backport
[19.09] signal-desktop: 1.32.2 -> 1.32.3 (backport)
Configuration menu - View commit details
-
Copy full SHA for 3be8b45 - Browse repository at this point
Copy the full SHA 3be8b45View commit details
Commits on Mar 27, 2020
-
(cherry picked from commit 8ab04fd)
Configuration menu - View commit details
-
Copy full SHA for fbdb1ae - Browse repository at this point
Copy the full SHA fbdb1aeView commit details -
matrix-synapse: 1.11.1 -> 1.12.0
(cherry picked from commit 425efa5)
Configuration menu - View commit details
-
Copy full SHA for 1881b34 - Browse repository at this point
Copy the full SHA 1881b34View commit details -
Merge pull request NixOS#82831 from danderson/tailscale-19.09
tailscale: init at 0.97-0 [backport 19.09]
Configuration menu - View commit details
-
Copy full SHA for 64a3ccb - Browse repository at this point
Copy the full SHA 64a3ccbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 939178c - Browse repository at this point
Copy the full SHA 939178cView commit details
Commits on Mar 28, 2020
-
nginx: Fix ETag patch to ignore realpath(3) error
While our ETag patch works pretty fine if it comes to serving data off store paths, it unfortunately broke something that might be a bit more common, namely when using regexes to extract path components of location directives for example. Recently, @devhell has reported a bug with a nginx location directive like this: location ~^/\~([a-z0-9_]+)(/.*)?$" { alias /home/$1/public_html$2; } While this might look harmless at first glance, it does however cause issues with our ETag patch. The alias directive gets broken up by nginx like this: *2 http script copy: "/home/" *2 http script capture: "foo" *2 http script copy: "/public_html/" *2 http script capture: "bar.txt" In our patch however, we use realpath(3) to get the canonicalised path from ngx_http_core_loc_conf_s.root, which returns the *configured* value from the root or alias directive. So in the example above, realpath(3) boils down to the following syscalls: lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory) During my review[1] of the initial patch, I didn't actually notice that what we're doing here is returning NGX_ERROR if the realpath(3) call fails, which in turn causes an HTTP 500 error. Since our patch actually made the canonicalisation (and thus additional syscalls) necessary, we really shouldn't introduce an additional error so let's - at least for now - silently skip return value if realpath(3) has failed. However since we're using the unaltered root from the config we have another issue, consider this root: /nix/store/...-abcde/$1 Calling realpath(3) on this path will fail (except if there's a file called "$1" of course), so even this fix is not enough because it results in the ETag not being set to the store path hash. While this is very ugly and we should fix this very soon, it's not as serious as getting HTTP 500 errors for serving static files. I added a small NixOS VM test, which uses the example above as a regression test. It seems that my memory is failing these days, since apparently I *knew* about this issue since digging for existing issues in nixpkgs, I found this similar pull request which I even reviewed: NixOS#66532 However, since the comments weren't addressed and the author hasn't responded to the pull request, I decided to keep this very commit and do a follow-up pull request. [1]: NixOS#48337 Signed-off-by: aszlig <[email protected]> Reported-by: @devhell Acked-by: @7c6f434c Acked-by: @yorickvP Merges: NixOS#80671 Fixes: NixOS#66532 (cherry picked from commit e1d63ad)
Configuration menu - View commit details
-
Copy full SHA for 598a9cb - Browse repository at this point
Copy the full SHA 598a9cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 28dd9c3 - Browse repository at this point
Copy the full SHA 28dd9c3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 95d7551 - Browse repository at this point
Copy the full SHA 95d7551View commit details -
Configuration menu - View commit details
-
Copy full SHA for 54e8994 - Browse repository at this point
Copy the full SHA 54e8994View commit details
Commits on Mar 29, 2020
-
Merge pull request NixOS#83602 from scaredmushroom/tor-browser-bundle…
…-bin_release-19.09 [19.09] tor-browser-bundle-bin: 9.0.5 -> 9.0.7
Configuration menu - View commit details
-
Copy full SHA for ace3bb3 - Browse repository at this point
Copy the full SHA ace3bb3View commit details -
Configuration menu - View commit details
-
Copy full SHA for ac678d9 - Browse repository at this point
Copy the full SHA ac678d9View commit details -
Configuration menu - View commit details
-
Copy full SHA for e8f5908 - Browse repository at this point
Copy the full SHA e8f5908View commit details -
Merge NixOS#83013: exiv2: patch CVE-2019-20421
(cherry picked from commit 6d28c18)
Configuration menu - View commit details
-
Copy full SHA for 1bf2637 - Browse repository at this point
Copy the full SHA 1bf2637View commit details -
Update the checkum and the version (cherry picked from commit fa5fc49) Reason: Browser must be kept up-to-date
Configuration menu - View commit details
-
Copy full SHA for e7ad715 - Browse repository at this point
Copy the full SHA e7ad715View commit details -
make-tarball.nix: Strip source directory from packages.json
NixOS/nixos-homepage#372 (cherry picked from commit 4e554ad)
Configuration menu - View commit details
-
Copy full SHA for c7363c2 - Browse repository at this point
Copy the full SHA c7363c2View commit details -
python3Packages.twisted: fix CVE-2020-10109
Co-authored-by: worldofpeace <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2015db3 - Browse repository at this point
Copy the full SHA 2015db3View commit details -
Configuration menu - View commit details
-
Copy full SHA for a8639df - Browse repository at this point
Copy the full SHA a8639dfView commit details
Commits on Mar 30, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 856dbd1 - Browse repository at this point
Copy the full SHA 856dbd1View commit details -
Merge pull request NixOS#83026 from wmertens/nodejs-backport
Nodejs 12 backport from master
Configuration menu - View commit details
-
Copy full SHA for ce73818 - Browse repository at this point
Copy the full SHA ce73818View commit details -
mattermost-desktop: fix filechooser causing crash
(cherry picked from commit 645a6fd)
Configuration menu - View commit details
-
Copy full SHA for 58dec78 - Browse repository at this point
Copy the full SHA 58dec78View commit details -
mattermost-desktop: version 4.2.3 -> 4.3.1
(cherry picked from commit f41b8aa)
Configuration menu - View commit details
-
Copy full SHA for 6d445f8 - Browse repository at this point
Copy the full SHA 6d445f8View commit details
Commits on Mar 31, 2020
-
This reverts commit 36cbcdc. This reverts commit c3a9111. Rationale for revert: 6.7.0-beta1 introduced a breaking change[1] which seems to break at least one popular grafana integration. [1] https://github.com/grafana/grafana/blob/master/CHANGELOG.md#670-beta1-2020-03-12
Configuration menu - View commit details
-
Copy full SHA for 85d879e - Browse repository at this point
Copy the full SHA 85d879eView commit details
Commits on Apr 1, 2020
-
Merge pull request NixOS#83516 from Ma27/synapse-19.09
[19.09] matrix-synapse: 1.11.1 -> 1.12.0
Configuration menu - View commit details
-
Copy full SHA for d011e47 - Browse repository at this point
Copy the full SHA d011e47View commit details -
Changelog: https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-5-8-released/ (cherry picked from commit 99b09d6)
Configuration menu - View commit details
-
Copy full SHA for 6011c05 - Browse repository at this point
Copy the full SHA 6011c05View commit details -
Changelog: https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-6-6-released/ (cherry picked from commit b312ecf)
Configuration menu - View commit details
-
Copy full SHA for deb8fd1 - Browse repository at this point
Copy the full SHA deb8fd1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 926c763 - Browse repository at this point
Copy the full SHA 926c763View commit details
Commits on Apr 2, 2020
-
chromium: fix webrtc interaction with pulseaudio
The webrtc code suffered from a race condition when used with Pulseaudio. This lead to audio input breaking every couple of minutes during a webrtc session. (cherry picked from commit 81b18c3)
Configuration menu - View commit details
-
Copy full SHA for 190fbfd - Browse repository at this point
Copy the full SHA 190fbfdView commit details -
chromium: I accidentally added the webrtc patch into the wrong section
(cherry picked from commit b3c2908)
Configuration menu - View commit details
-
Copy full SHA for 5ae092f - Browse repository at this point
Copy the full SHA 5ae092fView commit details -
chromium: 80.0.3987.149 -> 80.0.3987.162
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html This update includes 8 security fixes. CVEs: CVE-2020-6450 CVE-2020-6451 CVE-2020-6452 (cherry picked from commit 6b7528c)
Configuration menu - View commit details
-
Copy full SHA for 96614c2 - Browse repository at this point
Copy the full SHA 96614c2View commit details -
Configuration menu - View commit details
-
Copy full SHA for c221bb2 - Browse repository at this point
Copy the full SHA c221bb2View commit details -
Configuration menu - View commit details
-
Copy full SHA for c5ad5d0 - Browse repository at this point
Copy the full SHA c5ad5d0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7d82b77 - Browse repository at this point
Copy the full SHA 7d82b77View commit details -
Configuration menu - View commit details
-
Copy full SHA for c95a98e - Browse repository at this point
Copy the full SHA c95a98eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ee9cef - Browse repository at this point
Copy the full SHA 0ee9cefView commit details
Commits on Apr 3, 2020
-
chromium: 80.0.3987.162 -> 80.0.3987.163
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop.html Note: This update contains only two fixes [0]. The fix that reverts a feature which caused a crash spike on 80.0.3987.162 [1] seems important for us (though the commit doesn't provide any data on the crash spike). [0]: https://chromium.googlesource.com/chromium/src/+log/80.0.3987.162..80.0.3987.163?pretty=fuller [1]: https://chromium.googlesource.com/chromium/src/+/fc11c43603c05a9ef77430a6b4081a01969d2bf4 (cherry picked from commit cbd13f3)
Configuration menu - View commit details
-
Copy full SHA for 1ca8a06 - Browse repository at this point
Copy the full SHA 1ca8a06View commit details -
Merge pull request NixOS#84107 from primeos/chromium-backport
[19.09] chromium: 80.0.3987.149 -> 80.0.3987.163 (backport)
Configuration menu - View commit details
-
Copy full SHA for 6ce362a - Browse repository at this point
Copy the full SHA 6ce362aView commit details
Commits on Apr 4, 2020
-
linuxPackages.wireguard: 0.0.20200318 -> 1.0.20200401
https://lists.zx2c4.com/pipermail/wireguard/2020-April/005237.html Resolves NixOS#84009 (cherry picked from commit b503b2c)
Configuration menu - View commit details
-
Copy full SHA for 7a429e7 - Browse repository at this point
Copy the full SHA 7a429e7View commit details -
Configuration menu - View commit details
-
Copy full SHA for f7f1d53 - Browse repository at this point
Copy the full SHA f7f1d53View commit details -
Configuration menu - View commit details
-
Copy full SHA for a90f68b - Browse repository at this point
Copy the full SHA a90f68bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3c0b770 - Browse repository at this point
Copy the full SHA 3c0b770View commit details -
Configuration menu - View commit details
-
Copy full SHA for ca1ee17 - Browse repository at this point
Copy the full SHA ca1ee17View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2d0be77 - Browse repository at this point
Copy the full SHA 2d0be77View commit details -
(cherry picked from commit f26b2af)
Configuration menu - View commit details
-
Copy full SHA for b3e1b81 - Browse repository at this point
Copy the full SHA b3e1b81View commit details -
Merge pull request NixOS#84251 from andir/19.09/firefox
[19.09] firefox{,-bin}: 74.0 -> 74.0.1, firefox-esr: 68.6.0esr -> 68.6.1esr
Configuration menu - View commit details
-
Copy full SHA for e10c65c - Browse repository at this point
Copy the full SHA e10c65cView commit details
Commits on Apr 5, 2020
-
Merge NixOS#84273: gnutls: 3.6.11.1 -> 3.6.13 [security]
... into staging. Fixes CVE-2020-11501. (cherry picked from commit f91b34e) These bumps combined still seem quite safe in terms of regression likelihood.
Configuration menu - View commit details
-
Copy full SHA for c1ef04e - Browse repository at this point
Copy the full SHA c1ef04eView commit details
Commits on Apr 6, 2020
-
wire-desktop: mac 3.15.3621 -> 3.16.3630
(cherry picked from commit 39c5e1c)
Configuration menu - View commit details
-
Copy full SHA for 30b05e1 - Browse repository at this point
Copy the full SHA 30b05e1View commit details -
Merge pull request NixOS#84496 from toonn/release-19.09
[19.09] wire-desktop: mac 3.15.3621 -> 3.16.3630
Configuration menu - View commit details
-
Copy full SHA for f86271a - Browse repository at this point
Copy the full SHA f86271aView commit details
Commits on Apr 7, 2020
-
Update the checksum and the version of Brave package. (cherry picked from commit 7a80ead) Reason: Browsers must be kept up-to-date
Configuration menu - View commit details
-
Copy full SHA for 528b5b6 - Browse repository at this point
Copy the full SHA 528b5b6View commit details -
Adding this as a new attribute as software is likely going to break when we switch the default from the 1.7 branch to 1.8. (cherry picked from commit 1859b5a)
Configuration menu - View commit details
-
Copy full SHA for 832d4e9 - Browse repository at this point
Copy the full SHA 832d4e9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 70bca49 - Browse repository at this point
Copy the full SHA 70bca49View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ffd59a - Browse repository at this point
Copy the full SHA 0ffd59aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5f4b02f - Browse repository at this point
Copy the full SHA 5f4b02fView commit details -
firefox-esr-68: 68.6.1esr -> 68.7.0esr
(cherry picked from commit f56ea6c)
Configuration menu - View commit details
-
Copy full SHA for 0280d88 - Browse repository at this point
Copy the full SHA 0280d88View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9dda51b - Browse repository at this point
Copy the full SHA 9dda51bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 08a7e09 - Browse repository at this point
Copy the full SHA 08a7e09View commit details -
firefox-devedition-bin: 75.0b12 -> 76.0b1
(cherry picked from commit 79fb589)
Configuration menu - View commit details
-
Copy full SHA for aaffe07 - Browse repository at this point
Copy the full SHA aaffe07View commit details -
Merge pull request NixOS#84590 from andir/19.09/firefox
[19.09] firefox: 74.0.1 -> 75.0
Configuration menu - View commit details
-
Copy full SHA for 16d0add - Browse repository at this point
Copy the full SHA 16d0addView commit details
Commits on Apr 8, 2020
-
Configuration menu - View commit details
-
Copy full SHA for be180f6 - Browse repository at this point
Copy the full SHA be180f6View commit details -
chromium: Ignore unknown warning options
This can e.g. save around 150k lines of unnecessary log messages which take up around 66% of the total lines (based on a log of 80.0.3987.100): 29527 warning: unknown warning option '-Wno-bitwise-conditional-parentheses'; did you mean '-Wno-bitwise-op-parentheses'? [-Wunknown-warning-option] 29527 warning: unknown warning option '-Wno-builtin-assume-aligned-alignment' [-Wunknown-warning-option] 29527 warning: unknown warning option '-Wno-deprecated-copy'; did you mean '-Wno-deprecated'? [-Wunknown-warning-option] 29527 warning: unknown warning option '-Wno-final-dtor-non-final-class'; did you mean '-Wno-abstract-final-class'? [-Wunknown-warning-option] 29527 warning: unknown warning option '-Wno-implicit-int-float-conversion'; did you mean '-Wno-implicit-float-conversion'? [-Wunknown-warning-option] (cherry picked from commit 9f39148)
Configuration menu - View commit details
-
Copy full SHA for 82de063 - Browse repository at this point
Copy the full SHA 82de063View commit details -
chromiumDev: Remove a patch that is already applied
This fixes the patch phase. I missed this problem in NixOS#83956. (cherry picked from commit 36c7123)
Configuration menu - View commit details
-
Copy full SHA for 631a5ef - Browse repository at this point
Copy the full SHA 631a5efView commit details -
This patch was also backported to M81 [0][1]. [0]: https://chromium-review.googlesource.com/c/chromium/src/+/2091896 [1]: chromium/chromium@bbf0fad (cherry picked from commit ff3bc51)
Configuration menu - View commit details
-
Copy full SHA for dd0d0e6 - Browse repository at this point
Copy the full SHA dd0d0e6View commit details -
chromium: 80.0.3987.163 -> 81.0.4044.92
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html This update includes 32 security fixes. CVEs: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 (cherry picked from commit da832dd)
Configuration menu - View commit details
-
Copy full SHA for 7c60e5c - Browse repository at this point
Copy the full SHA 7c60e5cView commit details -
Merge pull request NixOS#84708 from primeos/signal-desktop-backport
[19.09] signal-desktop: 1.32.3 -> 1.33.0 (backport)
Configuration menu - View commit details
-
Copy full SHA for 35cfc19 - Browse repository at this point
Copy the full SHA 35cfc19View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6a8c4f7 - Browse repository at this point
Copy the full SHA 6a8c4f7View commit details -
Merge pull request NixOS#84709 from primeos/chromium-backport
[19.09] chromium: 80.0.3987.163 -> 81.0.4044.92 (backport)
Configuration menu - View commit details
-
Copy full SHA for 7770f3a - Browse repository at this point
Copy the full SHA 7770f3aView commit details -
vocal: add missing glib-networking
otherwise https is disabled (cherry picked from commit b9b8388)
Configuration menu - View commit details
-
Copy full SHA for 77b9000 - Browse repository at this point
Copy the full SHA 77b9000View commit details
Commits on Apr 9, 2020
-
Merge pull request NixOS#84294 from aanderse/httpd-19.09
apacheHttpd: 2.4.41 -> 2.4.43 [19.09]
Configuration menu - View commit details
-
Copy full SHA for 52577ba - Browse repository at this point
Copy the full SHA 52577baView commit details -
linuxPackagesFor: wireguard: noop for kernel >= 5.6
(cherry picked from commit 27ca6c2) Rationale for backport: it's explicitly supported to build a kernel with a custom tree. When using a 5.6 tree in a system configuration, eval will break since `wireguard` is still evaluated and throws an assertion-error on 5.6 or greater.
Configuration menu - View commit details
-
Copy full SHA for 60c4ddb - Browse repository at this point
Copy the full SHA 60c4ddbView commit details
Commits on Apr 10, 2020
-
tor-browser-bundle-bin: 9.0.7 -> 9.0.9
https://blog.torproject.org/new-release-tor-browser-909 https://blog.torproject.org/new-release-tor-browser-908 (cherry picked from commit 85e4f2d)
Configuration menu - View commit details
-
Copy full SHA for ebf64ea - Browse repository at this point
Copy the full SHA ebf64eaView commit details -
Merge pull request NixOS#84892 from andriokha/tor-browser-bundle-bin-…
…9.0.9-release-19.09 [19.09] tor-browser-bundle-bin: 9.0.7 -> 9.0.9
Configuration menu - View commit details
-
Copy full SHA for 02f2241 - Browse repository at this point
Copy the full SHA 02f2241View commit details
Commits on Apr 11, 2020
-
Merge NixOS#84773: thunderbird*: 68.6.0 -> 68.7.0 (security)
Configuration menu - View commit details
-
Copy full SHA for 99a27f4 - Browse repository at this point
Copy the full SHA 99a27f4View commit details
Commits on Apr 12, 2020
-
Merge NixOS#83022: simutrans: 120.2.2 -> 120.4.1 (unbreak)
(cherry picked from commit e7ca19f)
Configuration menu - View commit details
-
Copy full SHA for 839cd8d - Browse repository at this point
Copy the full SHA 839cd8dView commit details -
Merge pull request NixOS#84536 from JeffLabonte/19.09-brave_1.5.115_t…
…o_1.5.123 brave: 1.5.115 -> 1.5.123
Configuration menu - View commit details
-
Copy full SHA for 5fa2612 - Browse repository at this point
Copy the full SHA 5fa2612View commit details
Commits on Apr 13, 2020
-
Configuration menu - View commit details
-
Copy full SHA for f35e61d - Browse repository at this point
Copy the full SHA f35e61dView commit details -
Configuration menu - View commit details
-
Copy full SHA for f52196c - Browse repository at this point
Copy the full SHA f52196cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 81ca80c - Browse repository at this point
Copy the full SHA 81ca80cView commit details -
Configuration menu - View commit details
-
Copy full SHA for fec536f - Browse repository at this point
Copy the full SHA fec536fView commit details -
Configuration menu - View commit details
-
Copy full SHA for ee95a68 - Browse repository at this point
Copy the full SHA ee95a68View commit details
Commits on Apr 14, 2020
-
luminance-hdr: use Qt5's mkDerivation
(cherry picked from commit b233a19)
Configuration menu - View commit details
-
Copy full SHA for f6c1d3b - Browse repository at this point
Copy the full SHA f6c1d3bView commit details
Commits on Apr 15, 2020
-
Merge pull request NixOS#79772 from wamserma/fix-aspell-CVEs-backport
[19.09] aspell: 0.60.6.1 -> 0.60.8
Configuration menu - View commit details
-
Copy full SHA for b67bc34 - Browse repository at this point
Copy the full SHA b67bc34View commit details
Commits on Apr 16, 2020
-
Configuration menu - View commit details
-
Copy full SHA for dd46307 - Browse repository at this point
Copy the full SHA dd46307View commit details -
git: 2.23.1 -> 2.23.2 (CVE-2020-5260)
It's only the security fix, nothing else. /cc roundup NixOS#75974. https://github.com/git/git/blob/v2.23.2/Documentation/RelNotes/2.23.2.txt https://github.com/git/git/blob/v2.23.2/Documentation/RelNotes/2.17.4.txt
Configuration menu - View commit details
-
Copy full SHA for 4f86f06 - Browse repository at this point
Copy the full SHA 4f86f06View commit details -
[19.09] flashplayer: 32.0.0.330 -> 32.0.0.363
(cherry picked from commit ac374d4) Backported 32.0.0.363 to release 19.09 for important bug fixes. Also needed because old upstream release is no longer available.
Configuration menu - View commit details
-
Copy full SHA for 6f5b979 - Browse repository at this point
Copy the full SHA 6f5b979View commit details -
chromium: 81.0.4044.92 -> 81.0.4044.113
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html This update includes 1 security fix. CVEs: CVE-2020-6457 (cherry picked from commit ef2c3ab)
Configuration menu - View commit details
-
Copy full SHA for 9cb226c - Browse repository at this point
Copy the full SHA 9cb226cView commit details -
Merge pull request NixOS#85409 from tollb/flashplayer-32.0.0.363-rele…
…ase-19.09 [19.09] flashplayer: 32.0.0.330 -> 32.0.0.363
Configuration menu - View commit details
-
Copy full SHA for 9eeef58 - Browse repository at this point
Copy the full SHA 9eeef58View commit details
Commits on Apr 17, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 648a695 - Browse repository at this point
Copy the full SHA 648a695View commit details -
Merge pull request NixOS#85405 from primeos/chromium-backport
[19.09] chromium: 81.0.4044.92 -> 81.0.4044.113 (backport)
Configuration menu - View commit details
-
Copy full SHA for 27c9e08 - Browse repository at this point
Copy the full SHA 27c9e08View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6c9572a - Browse repository at this point
Copy the full SHA 6c9572aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 36586a9 - Browse repository at this point
Copy the full SHA 36586a9View commit details -
Merge pull request NixOS#85429 from zaninime/backport-nexus
[19.09] nexus: 3.18.1-01 -> 3.22.0-02 (backport)
Configuration menu - View commit details
-
Copy full SHA for fed820b - Browse repository at this point
Copy the full SHA fed820bView commit details
Commits on Apr 18, 2020
-
Signed-off-by: Markus S. Wamser <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3bd563f - Browse repository at this point
Copy the full SHA 3bd563fView commit details
Commits on Apr 19, 2020
-
Configuration menu - View commit details
-
Copy full SHA for fdd75ab - Browse repository at this point
Copy the full SHA fdd75abView commit details -
Backport of Yggdrasil, NixOS module, and tests.
Configuration menu - View commit details
-
Copy full SHA for 9237a09 - Browse repository at this point
Copy the full SHA 9237a09View commit details
Commits on Apr 22, 2020
-
chromium{Beta,Dev}: M81 -> M83 -> M84
(cherry picked from commit cb5c0a4) Note: Only M81 is supported on 19.09. This is mainly to cherry-pick stable channel updates and avoid an insecure chromiumBeta.
Configuration menu - View commit details
-
Copy full SHA for dff7016 - Browse repository at this point
Copy the full SHA dff7016View commit details -
Configuration menu - View commit details
-
Copy full SHA for c0439ba - Browse repository at this point
Copy the full SHA c0439baView commit details -
chromium: 81.0.4044.113 -> 81.0.4044.122
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html This update includes 8 security fixes. CVEs: CVE-2020-6459 CVE-2020-6460 CVE-2020-645 (cherry picked from commit a2df977)
Configuration menu - View commit details
-
Copy full SHA for e45440a - Browse repository at this point
Copy the full SHA e45440aView commit details -
Merge pull request NixOS#85760 from primeos/chromium-backport
[19.09] chromium: 81.0.4044.113 -> 81.0.4044.122 (backport)
Configuration menu - View commit details
-
Copy full SHA for 5a3490d - Browse repository at this point
Copy the full SHA 5a3490dView commit details -
Configuration menu - View commit details
-
Copy full SHA for a9750db - Browse repository at this point
Copy the full SHA a9750dbView commit details -
Configuration menu - View commit details
-
Copy full SHA for cae3ac8 - Browse repository at this point
Copy the full SHA cae3ac8View commit details -
enyo-doom: use qt5's mkDerivation
(cherry picked from commit 83102fc)
Configuration menu - View commit details
-
Copy full SHA for 336ef08 - Browse repository at this point
Copy the full SHA 336ef08View commit details -
Configuration menu - View commit details
-
Copy full SHA for fef4a36 - Browse repository at this point
Copy the full SHA fef4a36View commit details -
Configuration menu - View commit details
-
Copy full SHA for a508612 - Browse repository at this point
Copy the full SHA a508612View commit details -
calaos_installer: use qt5's mkDerivation
(cherry picked from commit 5858162)
Configuration menu - View commit details
-
Copy full SHA for 640e0d4 - Browse repository at this point
Copy the full SHA 640e0d4View commit details -
Configuration menu - View commit details
-
Copy full SHA for afc608d - Browse repository at this point
Copy the full SHA afc608dView commit details -
valentina: use qt5's mkDerivation
(cherry picked from commit 01de13a)
Configuration menu - View commit details
-
Copy full SHA for 52ee2d5 - Browse repository at this point
Copy the full SHA 52ee2d5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 163b434 - Browse repository at this point
Copy the full SHA 163b434View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8f63757 - Browse repository at this point
Copy the full SHA 8f63757View commit details -
Configuration menu - View commit details
-
Copy full SHA for 754a796 - Browse repository at this point
Copy the full SHA 754a796View commit details -
qstopmotion: use qt5's mkDerivation
(cherry picked from commit e036261)
Configuration menu - View commit details
-
Copy full SHA for c988766 - Browse repository at this point
Copy the full SHA c988766View commit details -
qmediathekview: use qt5's mkDerivation
(cherry picked from commit 5f70a20)
Configuration menu - View commit details
-
Copy full SHA for fa24ad0 - Browse repository at this point
Copy the full SHA fa24ad0View commit details -
qcomicbook: use qt5's mkDerivation
(cherry picked from commit 2986699)
Configuration menu - View commit details
-
Copy full SHA for 9b1849a - Browse repository at this point
Copy the full SHA 9b1849aView commit details -
phototonic: use qt5's mkDerivation
(cherry picked from commit 606a15d)
Configuration menu - View commit details
-
Copy full SHA for 24490a6 - Browse repository at this point
Copy the full SHA 24490a6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 02635e3 - Browse repository at this point
Copy the full SHA 02635e3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 51e4700 - Browse repository at this point
Copy the full SHA 51e4700View commit details -
mindforger: use qt5's mkDerivation
(cherry picked from commit 22af8e8)
Configuration menu - View commit details
-
Copy full SHA for c601b3e - Browse repository at this point
Copy the full SHA c601b3eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 7a6c6ba - Browse repository at this point
Copy the full SHA 7a6c6baView commit details -
Wrap Qt program manually, remove makeWrapper from nativeBuildInputs. (cherry picked from commit 98f1266)
Configuration menu - View commit details
-
Copy full SHA for 183bb76 - Browse repository at this point
Copy the full SHA 183bb76View commit details -
awesomebump: use qt5's mkDerivation
Wrap Qt program manually, remove makeWrapper from nativeBuildInputs. (cherry picked from commit a0a076b)
Configuration menu - View commit details
-
Copy full SHA for 77e281f - Browse repository at this point
Copy the full SHA 77e281fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1cbdf95 - Browse repository at this point
Copy the full SHA 1cbdf95View commit details -
qt-box-editor: use qt5's mkDerivation
(cherry picked from commit cc8d121)
Configuration menu - View commit details
-
Copy full SHA for ef7e187 - Browse repository at this point
Copy the full SHA ef7e187View commit details -
Configuration menu - View commit details
-
Copy full SHA for 64301c0 - Browse repository at this point
Copy the full SHA 64301c0View commit details -
pro-office-calculator: use qt5's mkDerivation
(cherry picked from commit ec92227)
Configuration menu - View commit details
-
Copy full SHA for 641f664 - Browse repository at this point
Copy the full SHA 641f664View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0dd1ea1 - Browse repository at this point
Copy the full SHA 0dd1ea1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7d215ac - Browse repository at this point
Copy the full SHA 7d215acView commit details -
firebird-emu: use qt5's mkDerivation
(cherry picked from commit 65050cd)
Configuration menu - View commit details
-
Copy full SHA for 8c7b082 - Browse repository at this point
Copy the full SHA 8c7b082View commit details -
colord-kde: use qt5's mkDerivation
(cherry picked from commit 2e8962b)
Configuration menu - View commit details
-
Copy full SHA for 2ebfd55 - Browse repository at this point
Copy the full SHA 2ebfd55View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0b8156d - Browse repository at this point
Copy the full SHA 0b8156dView commit details -
Configuration menu - View commit details
-
Copy full SHA for dacd7f3 - Browse repository at this point
Copy the full SHA dacd7f3View commit details -
Configuration menu - View commit details
-
Copy full SHA for f37435d - Browse repository at this point
Copy the full SHA f37435dView commit details
Commits on Apr 23, 2020
-
Merge pull request NixOS#85818 from mweinelt/19.09/openssl/cve-2020-1967
[19.09] openssl: patch CVE-2020-1967
Configuration menu - View commit details
-
Copy full SHA for 04273c3 - Browse repository at this point
Copy the full SHA 04273c3View commit details -
Merge staging-19.09 into release-19.09
Build security updates on release branch so *-small channel is updated as soon as possible.
Configuration menu - View commit details
-
Copy full SHA for 9642f12 - Browse repository at this point
Copy the full SHA 9642f12View commit details
Commits on Apr 25, 2020
-
Configuration menu - View commit details
-
Copy full SHA for bfee698 - Browse repository at this point
Copy the full SHA bfee698View commit details -
gnome3.mutter328: backports from gnome-3-28
(cherry picked from commit d0419f9)
Configuration menu - View commit details
-
Copy full SHA for c4799f0 - Browse repository at this point
Copy the full SHA c4799f0View commit details -
hostapd: apply patch for CVE-2019-16275
AP mode PMF disconnection protection bypass Published: September 11, 2019 Identifiers: - CVE-2019-16275 Latest version available from: https://w1.fi/security/2019-7/ Vulnerability hostapd (and wpa_supplicant when controlling AP mode) did not perform sufficient source address validation for some received Management frames and this could result in ending up sending a frame that caused associated stations to incorrectly believe they were disconnected from the network even if management frame protection (also known as PMF) was negotiated for the association. This could be considered to be a denial of service vulnerability since PMF is supposed to protect from this type of issues. It should be noted that if PMF is not enabled, there would be no protocol level protection against this type of denial service attacks. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network. Vulnerable versions/configurations All hostapd and wpa_supplicants versions with PMF support (CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with PMF being enabled (optional or required). In addition, this would be applicable only when using user space based MLME/SME in AP mode, i.e., when hostapd (or wpa_supplicant when controlling AP mode) would process authentication and association management frames. This condition would be applicable mainly with drivers that use mac80211. Possible mitigation steps - Merge the following commit to wpa_supplicant/hostapd and rebuild: AP: Silently ignore management frame from unexpected source address This patch is available from https://w1.fi/security/2019-7/ - Update to wpa_supplicant/hostapd v2.10 or newer, once available (cherry picked from commit 3e9f3a3)
Configuration menu - View commit details
-
Copy full SHA for 54a3772 - Browse repository at this point
Copy the full SHA 54a3772View commit details -
Merge pull request NixOS#86001 from mweinelt/19.09/hostapd/cve-2019-1…
…6275 [19.09] hostapd: apply patch for CVE-2019-16275
Configuration menu - View commit details
-
Copy full SHA for 39a1ac5 - Browse repository at this point
Copy the full SHA 39a1ac5View commit details -
Merge pull request NixOS#85805 from mmilata/qt5-mkDerivation-stdenv-1…
…9.09 [19.09] Use qt5's mkDerivation in packages that otherwise crash
Configuration menu - View commit details
-
Copy full SHA for e6d222f - Browse repository at this point
Copy the full SHA e6d222fView commit details
Commits on Apr 26, 2020
-
Kyndig on IRC noticed that building `ninja` from source would fail due to a patch 404'ing (because the repo appears to no longer exist). Fetch from upstream instead. (cherry picked from commit 91d4e9a) cc NixOS#85742
Configuration menu - View commit details
-
Copy full SHA for 4a0df0c - Browse repository at this point
Copy the full SHA 4a0df0cView commit details
Commits on Apr 28, 2020
-
nixos/gitlab: Fix services.gitlab.enableStartTLSAuto
'toString false' results in an empty string, which, in this context, is a syntax error. Use boolToString instead. Fixes NixOS#86160 (cherry picked from commit c0a838d)
Configuration menu - View commit details
-
Copy full SHA for f907dc9 - Browse repository at this point
Copy the full SHA f907dc9View commit details -
Merge pull request NixOS#86191 from talyz/release-19.09
nixos/gitlab: Fix services.gitlab.enableStartTLSAuto
Configuration menu - View commit details
-
Copy full SHA for 9ffae2a - Browse repository at this point
Copy the full SHA 9ffae2aView commit details -
See https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ for details. (cherry picked from commit d190292)
Configuration menu - View commit details
-
Copy full SHA for 7b9f3c8 - Browse repository at this point
Copy the full SHA 7b9f3c8View commit details -
gitlab: support passing --rev to the
update-all
scriptWhile it's already possible to invoke `update-data` with the `--rev` argument, one still needs to run all later phases manually. Fix this, by having `update-all` also accept a `--rev` argument, and pass it down to `update-data`. Also, make the help text a bit more usable, by suggesting the usual versioning scheme used these times. (cherry picked from commit 191c2c6)
Configuration menu - View commit details
-
Copy full SHA for 57df0aa - Browse repository at this point
Copy the full SHA 57df0aaView commit details -
gitlab-workhorse: 8.21.1 -> 8.21.2
(cherry picked from commit f7ddd30)
Configuration menu - View commit details
-
Copy full SHA for 767ca36 - Browse repository at this point
Copy the full SHA 767ca36View commit details -
Configuration menu - View commit details
-
Copy full SHA for 68169a7 - Browse repository at this point
Copy the full SHA 68169a7View commit details -
gitlab: update.py: invoke bundle lock manually
`bundix -l` doesn't work, as it treats bundler's warning about upgrading the lockfile version as an error, so invoke `bundle lock` manually. (cherry picked from commit 4c26ab4)
Configuration menu - View commit details
-
Copy full SHA for a7ceb25 - Browse repository at this point
Copy the full SHA a7ceb25View commit details
Commits on Apr 29, 2020
-
chromium: 81.0.4044.122 -> 81.0.4044.129
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html This update includes 2 security fixes. CVEs: CVE-2020-6462 CVE-2020-6461 (cherry picked from commit db4aece)
Configuration menu - View commit details
-
Copy full SHA for 4b39bb8 - Browse repository at this point
Copy the full SHA 4b39bb8View commit details -
coturn: apply patch for CVE-2020-6061/6062
Fixes: CVE-2020-6061, CVE-2020-6062 An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. (cherry picked from commit 704a018)
Configuration menu - View commit details
-
Copy full SHA for ac3ed15 - Browse repository at this point
Copy the full SHA ac3ed15View commit details -
Merge pull request NixOS#86271 from mweinelt/19.09/coturn/CVE-2020-6061…
…+6062 [19.09] coturn: apply patch for CVE-2020-6061/6062
Configuration menu - View commit details
-
Copy full SHA for 1d06d40 - Browse repository at this point
Copy the full SHA 1d06d40View commit details -
monotone: openssl in botan is not needed, so drop to avoid old openssl
(cherry picked from commit 4644776)
Configuration menu - View commit details
-
Copy full SHA for e27493e - Browse repository at this point
Copy the full SHA e27493eView commit details -
Merge pull request NixOS#86340 from 7c6f434c/monotone-no-botan-openss…
…l-19.09 monotone: openssl in botan is not needed, so drop to avoid old openssl
Configuration menu - View commit details
-
Copy full SHA for 511766d - Browse repository at this point
Copy the full SHA 511766dView commit details -
https://github.com/roundcube/roundcubemail/releases/tag/1.3.11 This contains some important security fixes, hence the package-bump.
Configuration menu - View commit details
-
Copy full SHA for 87819f9 - Browse repository at this point
Copy the full SHA 87819f9View commit details
Commits on Apr 30, 2020
-
Merge pull request NixOS#86297 from primeos/chromium-backport
[19.09] chromium: 81.0.4044.122 -> 81.0.4044.129 (backport)
Configuration menu - View commit details
-
Copy full SHA for 322fd89 - Browse repository at this point
Copy the full SHA 322fd89View commit details
Commits on May 1, 2020
-
(cherry picked from commit 9eb6dc7)
Configuration menu - View commit details
-
Copy full SHA for 24d07de - Browse repository at this point
Copy the full SHA 24d07deView commit details -
(cherry picked from commit fdd0d0d)
Configuration menu - View commit details
-
Copy full SHA for a73c7cb - Browse repository at this point
Copy the full SHA a73c7cbView commit details -
Merge pull request NixOS#86461 from talyz/19.09-gitlab-12.8.10
[19.09] gitlab: 12.8.9 -> 12.8.10
Configuration menu - View commit details
-
Copy full SHA for 85f3b47 - Browse repository at this point
Copy the full SHA 85f3b47View commit details
Commits on May 3, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 7da8a5a - Browse repository at this point
Copy the full SHA 7da8a5aView commit details -
Merge pull request NixOS#86651 from Flakebi/salt-19.09
[19.09] salt: 2019.2.0 -> 2019.2.4
Configuration menu - View commit details
-
Copy full SHA for 4f820be - Browse repository at this point
Copy the full SHA 4f820beView commit details
Commits on May 4, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 0fa8e3c - Browse repository at this point
Copy the full SHA 0fa8e3cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 72212cb - Browse repository at this point
Copy the full SHA 72212cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 26316a2 - Browse repository at this point
Copy the full SHA 26316a2View commit details -
firefox-esr-68: 68.7.0esr -> 68.8.0esr
(cherry picked from commit f3cc8dc)
Configuration menu - View commit details
-
Copy full SHA for 8f570a3 - Browse repository at this point
Copy the full SHA 8f570a3View commit details
Commits on May 5, 2020
-
Merge pull request NixOS#86811 from andir/19.09/firefox76
[19.09] firefox: 75.0 -> 76.0
Configuration menu - View commit details
-
Copy full SHA for 3f1f251 - Browse repository at this point
Copy the full SHA 3f1f251View commit details
Commits on May 6, 2020
-
chromium: 81.0.4044.129 -> 81.0.4044.138
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html This update includes 3 security fixes. CVEs: CVE-2020-6831 CVE-2020-6464 (cherry picked from commit dec3d5f)
Configuration menu - View commit details
-
Copy full SHA for b79f64b - Browse repository at this point
Copy the full SHA b79f64bView commit details -
Merge pull request NixOS#87078 from primeos/chromium-backport
chromium: 81.0.4044.129 -> 81.0.4044.138
Configuration menu - View commit details
-
Copy full SHA for 278db00 - Browse repository at this point
Copy the full SHA 278db00View commit details
Commits on May 10, 2020
-
Merge NixOS#87066: thunderbird*: 68.7.0 -> 68.8.0 (security)
https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/ (cherry picked from commit 10134fc) Re-tested both briefly on 19.09.
Configuration menu - View commit details
-
Copy full SHA for 5967390 - Browse repository at this point
Copy the full SHA 5967390View commit details
Commits on May 11, 2020
-
monero: fix rcp.restricted option
According to https://monerodocs.org/interacting/monerod-reference/#node-rpc-api the correct option is restricted-rpc, not restrict-rpc. (cherry picked from commit e7ab236)
Configuration menu - View commit details
-
Copy full SHA for d858110 - Browse repository at this point
Copy the full SHA d858110View commit details
Commits on May 13, 2020
-
firefox: Add patch to fix AES GCM IV bit size
Regression introduced by bce5268. The bit size of the initialisation vector for AES GCM has been introduced in NSS version 3.52 in the CK_GCM_PARMS struct via the ulIvBits field. Unfortunately, Firefox 68.8.0 and 76.0 do not set this field and thus it gets initialised to zero, which in turn causes IV generation to fail. I found out about this because WebRTC stopped working after updating to NSS 3.52 and so I started bisecting. Since there wasn't an obvious error in Firefox hinting towards NSS but instead just the video stream ended up as a "null" stream, I didn't suspect the NSS update to be the culprit at first. So I verified a few times and then also started bisecting the actual commit in NSS that caused the issue. This turned out to be the problematic change: https://phabricator.services.mozilla.com/D63241 > One notable change was caused by an inconsistancy between the spec and > the released headers in PKCS#11 v2.40. CK_GCM_PARAMS had an extra > field in the header that was not in the spec. OASIS considers the > header file to be normative, so PKCS#11 v3.0 resolved the issue in > favor of the header file definition. Since the test I've used[1] was a bit flaky, I still didn't believe the result of the bisect to be accurate, but after running the test several times leading same results I dug through the above change line by line to get more clues. It fortunately didn't take that long to stumble upon the ulIvBits change (which is actually documented in the NSS 3.52 release notes[4], but I managed to blatantly ignore it for some reason) and started checking the Firefox source tree for changes regarding that field. Initialisation of that new field has been introduced[2] in preparation for the 76 release, but subsequently got reverted[3] prior to the release, because Firefox 76 is expected to be shipped with NSS 3.51, which didn't have the ulIvBits field. The patch I'm adding here is just a reintroduction of that change, because we're using NSS 3.52. Not initialising that field will break WebRTC and WebCrypto, which I think the former seems to gain in popularity these days ;-) Tested the change against the mentioned VM test[1] and also by testing manually using Jitsi Meet and Nextcloud Talk. [1]: https://github.com/aszlig/avonc/tree/884315838b6f0ebb32b/tests/talk [2]: https://hg.mozilla.org/mozilla-central/rev/3ed30e6b6de1 [3]: https://hg.mozilla.org/mozilla-central/rev/665137da70ee [4]: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52_release_notes Signed-off-by: aszlig <[email protected]> (cherry picked from commit 8fb4997 & moved to packages.nix)
Configuration menu - View commit details
-
Copy full SHA for 9cefaf9 - Browse repository at this point
Copy the full SHA 9cefaf9View commit details
Commits on May 14, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 810e561 - Browse repository at this point
Copy the full SHA 810e561View commit details -
Merge pull request NixOS#87772 from andir/19.09/firefox
[19.09] firefox: Add patch to fix AES GCM IV bit size
Configuration menu - View commit details
-
Copy full SHA for 31dcaa5 - Browse repository at this point
Copy the full SHA 31dcaa5View commit details
Commits on May 20, 2020
-
Since M81 won't receive any updates anymore and there are known vulnerabilities we should mark it as insecure so that users are aware of the risks. Updating Chromium to M83 is unfortunately too challenging for 19.09, but as of today we've already covered the one month period of security updates for "oldstable" and both 20.03 and nixos-unstable contain recent versions (i.e. users should either update to the current stable release or install Chromium from a different channel). nixos-unstable PR for M83: NixOS#88206
Configuration menu - View commit details
-
Copy full SHA for 69e4ae5 - Browse repository at this point
Copy the full SHA 69e4ae5View commit details -
Merge pull request NixOS#88368 from primeos/chromium-eol
[19.09] chromium: Mark as insecure
Configuration menu - View commit details
-
Copy full SHA for 2efedf8 - Browse repository at this point
Copy the full SHA 2efedf8View commit details