* remove irrlichtmt input. Minetest's irrlicht fork has been moved into
the minetest repo and is now statically linked.
* remove mesa from buildInputs for darwin. Otherwise startup fails with
"OpenGL driver version is not 1.2 or better." and "Shaders are enabled
but GLSL is not supported by the driver.". Presumably that happens
because minetest tries to use an incomplete OpenGL driver from mesa
instead of the drivers provided by macOS.
* remove withTouchSupport arg, as the upstream CMake option has been
removed. Touch support should now always be enabled.
* make minetest-touch an alias for minetestclient
* remove unused args
Re-roll of https://github.com/NixOS/nixpkgs/pull/328907, but this time
adding the patch from ArchLinux, which keeps both EGL and GLX code paths
active.
Remove overrides where EGL was explicitly requested previously, as well
as the glew-egl package variant.
Add an alias for glew-egl, in case there's any users of this outside
of nixpkgs.
As far as I can tell, the name of the software is "rustic". Every
other distro calls it "rustic". [1] The crate is presumably called
"rustic-rs" because "rustic" is already taken on crates.io, which is
not a problem in Nixpkgs.
I've added "rustic-rs" as an alias, so the old name will continue
working.
[1]: https://repology.org/project/rustic/versions
This package was marked as vulnerable in
<https://github.com/NixOS/nixpkgs/pull/255959>, almost a year ago and
over a year after the project was archived upstream. The package and
module are unusable without bypassing a security warning in 23.05,
23.11, and 24.05.
Given that the package is intended as an organizer for
potentially‐untrusted media files, the vulnerability is critical and
leads to remote code execution, and there is basically no prospect
of upstream releasing a fix, remove the package and module entirely
for 24.11.
This was a major version behind and using outdated or insecure packages
like sqlalchemy-migrate and Qt WebKit. It hadn’t seen any attention
since it was added in 2020. If anyone wants to step up to update it
to the latest version and maintain it, that would be great!
xen-light was dropped in favour of xen and xen-slim
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
Reviewed-by: Matei Dibu <contact@mateidibu.dev>
it's been unmaintained for several years now, so there's no reason to
continue maintaining it at this point. Users should migrate to compose
v2, which is maintained in-tree as just docker-compose
Upstream Changes:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* MACsec
- add support for GCM-AES-256 cipher suite
- remove incorrect EAP Session-Id length constraint
- add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
- support BSS color updates
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
- discard unencrypted EAPOL frames in additional cases
- use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
- extend support for secure ranging
- allow PASN implementation to be used with external programs for
Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible, but PMKSA
caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
to improve security for still unfortunately common invalid
configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
- in addition, verify SSID after key setup when beacon protection is
used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions
Changelog:
http://w1.fi/cgit/hostap/tree/wpa_supplicant/ChangeLog?id=d945ddd368085f255e68328f2d3b020ceea359af
Signed-off-by: Markus Theil <theil.markus@gmail.com>
The last oficial release of rapidjson is 8 years old, development has
continued without releases since then. The old version is affected
by CVE-2024-38517.
https://www.opencve.io/cve/CVE-2024-38517
