Commit Graph

636229 Commits

Author SHA1 Message Date
Adam C. Stephens
1a45f6a33c
[Backport release-24.05] forgejo: 7.0.9 -> 7.0.10 (#351932) 2024-10-29 12:29:27 -04:00
Marie Ramlow
d0f1128dfe forgejo: 7.0.9 -> 7.0.10
(cherry picked from commit 0e158f7f9d)
2024-10-29 14:10:43 +01:00
Sefa Eyeoglu
6aa8749b51
[Backport release-24.05] envision: init at 0-unstable-2024-06-23 (#339599) 2024-10-29 09:13:26 +01:00
Christina Sørensen
827dd72e6f
[Backport release-24.05] guix: backport build user takeover commits (#351910) 2024-10-29 07:58:22 +01:00
Luke Granger-Brown
a196affc89
[Backport release-24.05] factorio 1.1.107 -> 1.1.110 (#350682) 2024-10-29 05:35:15 +00:00
Sandro
91a2191a5a
[Backport release-24.05] mozillavpn: 2.24.0 → 2.24.1, add updateScript (#346510) 2024-10-29 02:34:10 +01:00
Nick Cao
dd6d18bf8d
[Backport release-24.05] stats: 2.11.14 -> 2.11.16 (#351878) 2024-10-28 15:12:37 -04:00
Masum Reza
64b80bfb31
[Backport release-24.05] google-chrome: 130.0.6723.{58,59} -> 130.0.6723.{69,70} (#351926) 2024-10-28 23:17:05 +05:30
Thomas Gerbet
b580496414 google-chrome: 130.0.6723.{58,59} -> 130.0.6723.{69,70}
Fixes CVE-2024-10229, CVE-2024-10230 and CVE-2024-10231.
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html

(cherry picked from commit ed24e9e893)
2024-10-28 16:16:41 +00:00
Hendrik Sokolowski
92ad245496 sysstat: add iostat as mainProgram
(cherry picked from commit f251273e41)
2024-10-28 17:10:18 +01:00
Hendrik Sokolowski
9fe0825aff sysstat: adopt
(cherry picked from commit 3db1263401)
2024-10-28 17:10:18 +01:00
Hendrik Sokolowski
1aa3b5d751 maintainers: add hensoko
(cherry picked from commit f40c74785c)
2024-10-28 17:10:18 +01:00
Pavol Rusnak
6e45ae4299
[24.05] micropython: 1.22.2 -> 1.24.0 (#351871) 2024-10-28 17:02:51 +01:00
Christina Sørensen
0ab5170991 guix: build user takeover patch
guix has recently announced a security vulnerability that allows
local users to gain priveleges of build users, and further manipulate
output of any build (including with setguid).

This commit fixes the issue by backporting the remediation commits pushed to
guix main to 1.4.0 as a patch.

Users will still have to reboot and follow other remediation steps as
described in the guix blogpost.

Refs: https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
(cherry picked from commit 633a3b8f19)
2024-10-28 15:57:06 +01:00
Christina Sørensen
4fbe49d384 guix: format with rfc-style
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
(cherry picked from commit 42fee36c0b)
2024-10-28 15:56:10 +01:00
DontEatOreo
fea7bbc03b stats: 2.11.14 -> 2.11.16
Changelog: https://github.com/exelban/stats/releases/tag/v2.11.16
Diff: https://github.com/exelban/stats/compare/v2.11.14...v2.11.16
(cherry picked from commit d41e41bed3)
2024-10-28 13:15:39 +00:00
Aleksana
d30a86d3f0
[24.05] furmark: add an icon (#344948) 2024-10-28 20:59:50 +08:00
Jordan Williams
e9e07262f4
micropython: 1.23.0 -> 1.24.0
(cherry picked from commit ece2d90480)
2024-10-28 12:58:05 +01:00
R. Ryantm
184cc0e6ba
micropython: 1.22.2 -> 1.23.0
(cherry picked from commit 9784118a2f)
2024-10-28 12:52:21 +01:00
teutat3s
bf4de27fa4 element-desktop: 1.11.81 -> 1.11.82
https://github.com/element-hq/element-desktop/releases/tag/v1.11.82
(cherry picked from commit 8991fdb136)
2024-10-28 08:37:21 +01:00
Artturin
9b9516e15a
[Backport release-24.05] pyhton3Packages.databricks-sql-connector: Fix broken (#331732) 2024-10-28 07:05:32 +02:00
Artturin
87fc112445
[Backport release-24.05] qq: 3.2.12-2024.9.27 -> 3.2.13-2024.10.23 (#351621) 2024-10-28 06:50:06 +02:00
Emily
e17a214fdb
[Backport release-24.05] {ungoogled-,}chromium,chromedriver: 130.0.6723.58 -> 130.0.6723.69 (#351722) 2024-10-28 03:19:43 +01:00
Masum Reza
ef498e16f8
[Backport release-24.05] nixos/sway: workaround idle inhibit not working in Firefox (#350955) 2024-10-28 03:25:05 +05:30
Sefa Eyeoglu
576ee82325
[Backport release 24.05] vencord: 1.10.2 -> 1.10.5 (#351216) 2024-10-27 21:19:00 +01:00
Emily
2473202c97
[Backport release-24.05] teams-for-linux: 1.9.5 -> 1.11.2; electron 30 -> 32 (#351714) 2024-10-27 19:42:17 +00:00
Masum Reza
59a210b624
[Backport release-24.05] minidjvu: mark as vulnerable (#351644) 2024-10-27 23:40:52 +05:30
Austin Horstman
e8ab03fe9c
teams-for-linux: electron 30 -> electron 32
Looks like upstream bumped electron version, already.

(cherry picked from commit 0cf4af9081)
2024-10-27 13:10:41 -05:00
Austin Horstman
e2bb6f8275
teams-for-linux: 1.11.0 -> 1.11.2
(cherry picked from commit bce77b92c6)
2024-10-27 13:04:14 -05:00
R. Ryantm
0afbe27458
teams-for-linux: 1.10.2 -> 1.11.0
(cherry picked from commit c29703dd92)
2024-10-27 13:04:06 -05:00
R. Ryantm
a2a75b055d
teams-for-linux: 1.9.6 -> 1.10.2
(cherry picked from commit 183a96374e)
2024-10-27 13:03:52 -05:00
R. Ryantm
afdc6d0e20
teams-for-linux: 1.9.5 -> 1.9.6
(cherry picked from commit 4d4bf95a91)
2024-10-27 13:03:42 -05:00
emilylange
4fbfb6e847 ungoogled-chromium: 130.0.6723.58-1 -> 130.0.6723.69-1
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html

This update includes 3 security fixes.

CVEs:
CVE-2024-10229 CVE-2024-10230 CVE-2024-10231

(cherry picked from commit db9d29e7f1)
2024-10-27 17:59:46 +00:00
emilylange
418ec1405a chromium,chromedriver: 130.0.6723.58 -> 130.0.6723.69
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html

This update includes 3 security fixes.

CVEs:
CVE-2024-10229 CVE-2024-10230 CVE-2024-10231

(cherry picked from commit 925537f0d4)
2024-10-27 17:59:46 +00:00
Emily
5e34aff468
[Backport release-24.05] webcord-vencord: switch to electron_31 (#351674) 2024-10-27 14:35:14 +00:00
NotAShelf
9d53405a77 pkgs/top-level/all-packages.nix
webcord-vencord: switch to electron_31

Unfortunately Electron 32 is not supported - this is annoying, but we have always remained behind the regular Webcord package due to Electron issues, so nothing new.

(cherry picked from commit 77ff1fded3)
2024-10-27 14:25:03 +00:00
Emily
7a09e52da2
[release-24.05] grafana-loki: 3.1.1 -> 3.1.2 (#351254) 2024-10-27 14:36:06 +01:00
Artturin
f2c2d34ad0
[Backport release-24.05] skypeforlinux: 8.130.0.205 -> 8.131.0.202 (#351554) 2024-10-27 14:34:40 +02:00
Tomo
926a76fac7 minidjvu: mark as vulnerable
See https://github.com/NixOS/nixpkgs/issues/90896

(cherry picked from commit a0c6ffc324)
2024-10-27 12:30:16 +00:00
wxt
4dc13f35ef qq: 3.2.12-2024.9.27 -> 3.2.13-2024.10.23
(cherry picked from commit 8e1ad7ddb5)
2024-10-27 10:35:16 +00:00
wxt
8a2ee5a3c2 qq: nixfmt
(cherry picked from commit 2f3847af4f)
2024-10-27 10:35:16 +00:00
K900
e31c26bb54
[24.05] Backport kernel changes from #350757 (#351145) 2024-10-27 13:10:42 +03:00
Pavol Rusnak
87143242b5
[24.05] tor: 0.4.8.11 -> 0.4.8.13 (#351594) 2024-10-27 09:39:01 +01:00
PapayaJackal
dd370d3d0d
tor: 0.4.8.12 -> 0.4.8.13
(cherry picked from commit 81a8d9c892)
2024-10-27 09:19:36 +01:00
R. Ryantm
d9e04231de
tor: 0.4.8.11 -> 0.4.8.12
(cherry picked from commit cbd745cdf0)
2024-10-27 09:19:24 +01:00
Tomo
46c4646393
[24.05] python3Packages.js2py: remove usage in other packages (#351479)
Backport of https://github.com/NixOS/nixpkgs/pull/349550
2024-10-26 23:33:40 -07:00
Martin Joerg
72ab48edeb skypeforlinux: 8.130.0.205 -> 8.131.0.202
(cherry picked from commit 3b7509c608)
2024-10-27 03:30:37 +00:00
Samuel Tardieu
be9562c758 [24.05] python3Packages.js2py: remove usage in other packages
unmaintained and insecure: https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape

(cherry picked from commit 0f79dd4197)
2024-10-27 02:14:18 +01:00
Ramses
cd3e8833d7
[Backport release-24.05] legcord: 1.0.1 -> 1.0.2 (#350123) 2024-10-26 22:11:06 +02:00
Philip Taron
7376799566
Fix codeowners backport (#351472) 2024-10-26 08:58:05 -07:00