Silvan Mosberger
9c45f83174
ci/OWNERS: Remove removed path
...
Was removed in 7e73ead5d0
, but only
started failing once it actually started getting checked with https://github.com/NixOS/nixpkgs/pull/348642
2024-10-26 17:37:00 +02:00
Yorick
d89c30c07c
[release-24.05] Workflows security fix ( #351461 )
2024-10-26 17:02:56 +02:00
Silvan Mosberger
56e9a30c12
ci/OWNERS: Fix path of codeowners.yml
...
After https://github.com/NixOS/nixpkgs/pull/351446
(cherry picked from commit cd691f8864
)
2024-10-26 16:56:01 +02:00
Silvan Mosberger
b246490d8c
workflows: Rename after security fixes
...
In the previous two commits, security issues with these workflows were
fixed. In order for these to not be exploitable for PRs to branches that
don't have the fixes yet (including read-only branches like
nixos-unstable), these workflows are renamed, so that the old ones can
be turned off manually via GitHub interface.
Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
(cherry picked from commit 5bbbc3a30b
)
2024-10-26 16:54:44 +02:00
Silvan Mosberger
ccc38ebba1
workflows: Fix security issues
...
read-all permissions gives access to e.g. security-events, which these
don't need, and can easily lead to leaks
Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
(cherry picked from commit 6b8ce4aedf
)
2024-10-26 16:54:36 +02:00
Silvan Mosberger
5691625565
workflows/codeowners: Fix security issue
...
Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
(cherry picked from commit 59aee1ca5d
)
2024-10-26 16:54:23 +02:00
Masum Reza
d1a6e5865d
[Backport release-24.05] maintainers: update Atemu's emails ( #351442 )
2024-10-26 19:15:05 +05:30
Atemu
86b4df8737
maintainers: update Atemu's emails
...
(cherry picked from commit c83ce5bab4
)
2024-10-26 13:37:52 +00:00
Nick Cao
bd7619e84a
[Backport release-24.05] arc-browser: 1.65.0-54911 -> 1.66.0-55166 ( #351319 )
2024-10-26 09:03:12 -04:00
DontEatOreo
cce85d9d8c
arc-browser: 1.65.0-54911 -> 1.66.0-55166
...
Changelog: https://arc.net/e/00D675DF-0127-4340-9396-9616BEB71E57
(cherry picked from commit 1582530fed
)
2024-10-26 00:54:09 +00:00
Martin Weinelt
3addd49211
[Backport release-24.05] discourse: 3.2.5 -> 3.3.2 ( #351230 )
2024-10-26 01:26:52 +02:00
Masum Reza
c02f982a97
[Backport release-24.05] brave: 1.70.123 -> 1.71.118; move to by-name ( #351238 )
2024-10-26 00:43:41 +05:30
emilylange
264f4139ba
grafana-loki: 3.1.1 -> 3.1.2
...
https://github.com/grafana/loki/releases/tag/v3.1.2
diff: https://github.com/grafana/loki/compare/v3.1.1...v3.1.2
2024-10-25 21:11:40 +02:00
Sean Buckley
37aa9c6a88
brave: 1.70.123 -> 1.71.118
...
https://community.brave.com/t/release-channel-1-71-118/576979
(cherry picked from commit 9922167c89
)
2024-10-25 17:40:41 +00:00
Sean Buckley
0a19a4690e
brave: move to by-name
...
(cherry picked from commit 177d045fb3
)
2024-10-25 17:40:41 +00:00
Thomas Gerbet
1c26873c2e
[Backport release-24.05] wireshark: 4.2.7 -> 4.2.8 ( #351199 )
2024-10-25 19:33:23 +02:00
Leona Maroni
de20c77eaa
discourse.plugins: update
...
(cherry picked from commit 2b0b37048c
)
2024-10-25 16:53:18 +00:00
Leona Maroni
f01bb94314
discourse-mail-receiver: 4.0.7 -> 4.1.0
...
(cherry picked from commit d642a421cb
)
2024-10-25 16:53:18 +00:00
Leona Maroni
6bcdcaf38e
discourse: 3.2.5 -> 3.3.2
...
https://meta.discourse.org/t/3-3-0-major-release/316353
https://meta.discourse.org/t/3-3-1-bug-fix-release/322330
https://meta.discourse.org/t/3-3-2-security-and-maintenance-release/329341
(cherry picked from commit 6a5e0f7dac
)
2024-10-25 16:53:18 +00:00
DontEatOreo
feacc947d3
vencord: add maintainer donteatoreo
...
(cherry picked from commit 71fc5743a8
)
2024-10-25 19:40:53 +03:00
DontEatOreo
ea2703dfdc
vencord: 1.10.4 -> 1.10.5
...
Diff: https://github.com/Vendicated/Vencord/compare/v1.10.4...v1.10.5
(cherry picked from commit be43e12f91
)
2024-10-25 19:40:52 +03:00
R. Ryantm
e3bf33fafd
vencord: 1.10.3 -> 1.10.4
...
(cherry picked from commit dced718864
)
2024-10-25 19:40:52 +03:00
R. Ryantm
fccd26faae
vencord: 1.10.2 -> 1.10.3
...
(cherry picked from commit b87c518e5c
)
2024-10-25 19:40:52 +03:00
Martin Weinelt
79029a3a2c
[24.05] betterbird: mark as insecure ( #351206 )
2024-10-25 18:02:01 +02:00
eyjhb
9e431b5728
wireshark: 4.2.7 -> 4.2.8
...
(cherry picked from commit e46b49de21
)
2024-10-25 15:30:43 +00:00
Emily
1dd950babb
betterbird: mark as insecure
...
There are a large number of CVEs marked as being relevant to
the version of Thunderbird this is based on, but as many Firefox
vulnerabilities are not practically exploitable in Thunderbird due
to lack of untrusted JS execution, I’ve chosen to only reference
the one that should unambiguously be exploitable via Thunderbird’s
built‐in PDF reader to allow injected code. This of course means
that it is likely that other JS‐related vulnerabilities present in
this version may be practically exploitable too.
2024-10-25 15:54:18 +01:00
Nick Cao
0c8b562898
[Backport release-24.05] arc-browser: 1.63.1-54714 -> 1.65.0-54911, format with nixfmt-rfc-style, quote paths, remove set -euo pipefail
( #351019 )
2024-10-25 08:38:44 -04:00
Felix Schröter
0aebcbc2da
[Backport release-24.05] tor-browser: 13.5.7 -> 14.0 ( #351136 )
2024-10-25 12:38:21 +00:00
Nikolay Korotkiy
66c95ae53a
[24.05] libhv: 1.3.2 → 1.3.3 ( #350690 )
2024-10-25 16:04:07 +04:00
Maximilian Bosch
d697b56423
linux_hardened: hacky build fix
...
Closes #350681
The netfilter patch doesn't apply on the hardened branch. It will
(hopefully) be upstream anyways soon, so let's just ignore it here to
unbreak hardened for everyone else.
(cherry picked from commit db1e1ed861
)
2024-10-25 12:57:27 +02:00
Maximilian Bosch
181d5bd00e
linux_6_10: remove, eol
...
(cherry picked from commit 9b08aa08ad
)
2024-10-25 12:57:25 +02:00
K900
e566ec60a1
linux: switch netfilter fix to lore patch URL
...
Expected to be more stable.
(cherry picked from commit dd50f99e26
)
2024-10-25 12:56:54 +02:00
Maximilian Bosch
45e5197248
Merge: [24.05] grafana: 10.4.10 -> 10.4.11 ( #350807 )
2024-10-25 12:22:24 +02:00
Felix Schröter
8188ea1b50
tor-browser: 13.5.7 -> 14.0
...
https://blog.torproject.org/new-release-tor-browser-140/
Add --no-clobber-old-sections to patchelf to fix segfault.
Also switches from manual patchelf usage to autoPatchelf to make this fix
work for all binaries.
Fixups for obfs & snowflake were removed, as they are no longer required.
(cherry picked from commit 17f4b88d01
)
2024-10-25 10:21:50 +00:00
Ramses
50286248f2
[Backport release-24.05] Add couchbase-shell ( #349989 )
2024-10-24 23:34:56 +02:00
github-actions[bot]
664f617382
[Backport release-24.05] discord: bump all versions ( #350972 )
...
* pkgsCross.x86_64-darwin.discord: 0.0.322 -> 0.0.323
(cherry picked from commit 4069a0ec94
)
* pkgsCross.x86_64-darwin.discord-ptb: 0.0.141 -> 0.0.142
(cherry picked from commit 702a31c225
)
* pkgsCross.x86_64-darwin.discord-canary: 0.0.612 -> 0.0.617
(cherry picked from commit 8df675f222
)
* pkgsCross.x86_64-darwin.discord-development: 0.0.53 -> 0.0.55
(cherry picked from commit f48b8cf528
)
* discord: 0.0.71 -> 0.0.72
(cherry picked from commit 6961be0954
)
* discord-ptb: 0.0.111 -> 0.0.112
(cherry picked from commit 1aef2aa1ad
)
* discord-canary: 0.0.503 -> 0.0.508
(cherry picked from commit 13d7fe4a4e
)
* discord-development: 0.0.30 -> 0.0.32
(cherry picked from commit c608c2a26c
)
---------
Co-authored-by: DontEatOreo <57304299+DontEatOreo@users.noreply.github.com>
2024-10-25 00:29:55 +03:00
DontEatOreo
9d2777cf4c
arc-browser: remove set -euo pipefail
...
`writeShellApplication` already sets `errexit`, `nounset`, and
`pipefail` by default
Refs: https://nixos.org/manual/nixpkgs/stable/#trivial-builder-writeShellApplication
(cherry picked from commit 42fbc7de66
)
2024-10-24 20:28:01 +00:00
DontEatOreo
056905ca46
arc-browser: quote paths
...
(cherry picked from commit bbf17bf314
)
2024-10-24 20:28:01 +00:00
DontEatOreo
3210a923e1
arc-browser: format with nixfmt-rfc-style
...
(cherry picked from commit ef9880fdd6
)
2024-10-24 20:28:00 +00:00
DontEatOreo
6ca2882162
arc-browser: 1.63.1-54714 -> 1.65.0-54911
...
Changelog: https://arc.net/e/9381EB14-7838-48AB-941B-82CB5CF94627
(cherry picked from commit 1c2e39c955
)
2024-10-24 20:28:00 +00:00
teutat3s
a7c2804aa9
nixos/sway: workaround idle inhibit not working
...
in Firefox
Source:
https://www.reddit.com/r/swaywm/comments/1dqud2a/how_to_get_firefox_to_inhibit_idle_when_watching/
> Firefox supports the Wayaland inhibit protocol, but it attempts to use the DBus interfaces first. However, the gtk portal has an issue where it returns success even though the wlr portal/sway doesn't have an implementation for the inhibit method, see #465 .
(cherry picked from commit 7e7a06994f
)
2024-10-24 14:18:59 +00:00
Johannes Jöns
fcf8b7cbc3
[Backport release-24.05] firefox-{beta,devedition}{-bin}-unwrapped: 132.0b{5,6} -> 132.0b9 ( #350644 )
2024-10-24 12:29:38 +00:00
Emery Hemingway
9504eb416d
preserves-tools: 4.994.0 -> 4.996.1
...
Add installation of shell completion files.
(cherry picked from commit 8307a29969
)
2024-10-24 11:48:26 +00:00
Masum Reza
bb700ab74c
[Backport release 24.05] soundsource: 5.6.3 -> 5.7.1 ( #349276 )
2024-10-24 17:12:28 +05:30
Atemu
00c24c1734
[Backport release-24.05] linux_xanmod, linux_xanmod_latest: 2024-10-22 ( #350856 )
2024-10-24 11:31:55 +02:00
Shawn8901
3d2815b769
linux_xanmod_latest: 6.11.4 -> 6.11.5
...
(cherry picked from commit a8bf0fdde5
)
2024-10-24 05:50:00 +00:00
Shawn8901
6d3de63da9
linux_xanmod: 6.6.57 -> 6.6.58
...
(cherry picked from commit 6772b7f1ab
)
2024-10-24 05:50:00 +00:00
Jörg Thalheim
f4602b7ed5
[release-24.05] Mass pings be gone ( #348642 )
2024-10-24 06:01:58 +02:00
Emily Trau
dcac30de80
[Backport release-24.05] detect-it-easy: init at 3.09 ( #350560 )
2024-10-24 13:01:34 +11:00
Maximilian Bosch
533e7ad28c
grafana: 10.4.10 -> 10.4.11
...
ChangeLog: https://github.com/grafana/grafana/releases/tag/v10.4.11
2024-10-24 01:07:36 +02:00