nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-19 18:44:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
636,355 Commits 197 Branches 125 Tags 7.8 GiB
44cd53a4de
Commit Graph

636355 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Masum Reza
59a210b624
[Backport release-24.05] minidjvu: mark as vulnerable (#351644) 2024-10-27 23:40:52 +05:30
Austin Horstman
e8ab03fe9c
teams-for-linux: electron 30 -> electron 32 
Looks like upstream bumped electron version, already.

(cherry picked from commit 0cf4af9081)
 2024-10-27 13:10:41 -05:00
Austin Horstman
e2bb6f8275
teams-for-linux: 1.11.0 -> 1.11.2 
(cherry picked from commit bce77b92c6)
 2024-10-27 13:04:14 -05:00
R. Ryantm
0afbe27458
teams-for-linux: 1.10.2 -> 1.11.0 
(cherry picked from commit c29703dd92)
 2024-10-27 13:04:06 -05:00
R. Ryantm
a2a75b055d
teams-for-linux: 1.9.6 -> 1.10.2 
(cherry picked from commit 183a96374e)
 2024-10-27 13:03:52 -05:00
R. Ryantm
afdc6d0e20
teams-for-linux: 1.9.5 -> 1.9.6 
(cherry picked from commit 4d4bf95a91)
 2024-10-27 13:03:42 -05:00
emilylange
4fbfb6e847 ungoogled-chromium: 130.0.6723.58-1 -> 130.0.6723.69-1 
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html

This update includes 3 security fixes.

CVEs:
CVE-2024-10229 CVE-2024-10230 CVE-2024-10231

(cherry picked from commit db9d29e7f1)
 2024-10-27 17:59:46 +00:00
emilylange
418ec1405a chromium,chromedriver: 130.0.6723.58 -> 130.0.6723.69 
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html

This update includes 3 security fixes.

CVEs:
CVE-2024-10229 CVE-2024-10230 CVE-2024-10231

(cherry picked from commit 925537f0d4)
 2024-10-27 17:59:46 +00:00
Emily
5e34aff468
[Backport release-24.05] webcord-vencord: switch to electron_31 (#351674) 2024-10-27 14:35:14 +00:00
NotAShelf
9d53405a77 pkgs/top-level/all-packages.nix 
webcord-vencord: switch to electron_31

Unfortunately Electron 32 is not supported - this is annoying, but we have always remained behind the regular Webcord package due to Electron issues, so nothing new.

(cherry picked from commit 77ff1fded3)
 2024-10-27 14:25:03 +00:00
Emily
7a09e52da2
[release-24.05] grafana-loki: 3.1.1 -> 3.1.2 (#351254) 2024-10-27 14:36:06 +01:00
Artturin
f2c2d34ad0
[Backport release-24.05] skypeforlinux: 8.130.0.205 -> 8.131.0.202 (#351554) 2024-10-27 14:34:40 +02:00
Tomo
926a76fac7 minidjvu: mark as vulnerable 
See https://github.com/NixOS/nixpkgs/issues/90896

(cherry picked from commit a0c6ffc324)
 2024-10-27 12:30:16 +00:00
wxt
4dc13f35ef qq: 3.2.12-2024.9.27 -> 3.2.13-2024.10.23 
(cherry picked from commit 8e1ad7ddb5)
 2024-10-27 10:35:16 +00:00
wxt
8a2ee5a3c2 qq: nixfmt 
(cherry picked from commit 2f3847af4f)
 2024-10-27 10:35:16 +00:00
K900
e31c26bb54
[24.05] Backport kernel changes from #350757 (#351145) 2024-10-27 13:10:42 +03:00
Pavol Rusnak
87143242b5
[24.05] tor: 0.4.8.11 -> 0.4.8.13 (#351594) 2024-10-27 09:39:01 +01:00
PapayaJackal
dd370d3d0d
tor: 0.4.8.12 -> 0.4.8.13 
(cherry picked from commit 81a8d9c892)
 2024-10-27 09:19:36 +01:00
R. Ryantm
d9e04231de
tor: 0.4.8.11 -> 0.4.8.12 
(cherry picked from commit cbd745cdf0)
 2024-10-27 09:19:24 +01:00
Tomo
46c4646393
[24.05] python3Packages.js2py: remove usage in other packages (#351479) 
Backport of https://github.com/NixOS/nixpkgs/pull/349550
 2024-10-26 23:33:40 -07:00
Martin Joerg
72ab48edeb skypeforlinux: 8.130.0.205 -> 8.131.0.202 
(cherry picked from commit 3b7509c608)
 2024-10-27 03:30:37 +00:00
Samuel Tardieu
be9562c758 [24.05] python3Packages.js2py: remove usage in other packages 
unmaintained and insecure: https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape

(cherry picked from commit 0f79dd4197)
 2024-10-27 02:14:18 +01:00
Ramses
cd3e8833d7
[Backport release-24.05] legcord: 1.0.1 -> 1.0.2 (#350123) 2024-10-26 22:11:06 +02:00
Philip Taron
7376799566
Fix codeowners backport (#351472) 2024-10-26 08:58:05 -07:00
Silvan Mosberger
9c45f83174 ci/OWNERS: Remove removed path 
Was removed in 7e73ead5d0, but only
started failing once it actually started getting checked with https://github.com/NixOS/nixpkgs/pull/348642
 2024-10-26 17:37:00 +02:00
Yorick
d89c30c07c
[release-24.05] Workflows security fix (#351461) 2024-10-26 17:02:56 +02:00
Silvan Mosberger
56e9a30c12 ci/OWNERS: Fix path of codeowners.yml 
After https://github.com/NixOS/nixpkgs/pull/351446

(cherry picked from commit cd691f8864)
 2024-10-26 16:56:01 +02:00
Silvan Mosberger
b246490d8c workflows: Rename after security fixes 
In the previous two commits, security issues with these workflows were
fixed. In order for these to not be exploitable for PRs to branches that
don't have the fixes yet (including read-only branches like
nixos-unstable), these workflows are renamed, so that the old ones can
be turned off manually via GitHub interface.

Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
(cherry picked from commit 5bbbc3a30b)
 2024-10-26 16:54:44 +02:00
Silvan Mosberger
ccc38ebba1 workflows: Fix security issues 
read-all permissions gives access to e.g. security-events, which these
don't need, and can easily lead to leaks

Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
(cherry picked from commit 6b8ce4aedf)
 2024-10-26 16:54:36 +02:00
Silvan Mosberger
5691625565 workflows/codeowners: Fix security issue 
Co-Authored-By: 13x1 <tori@disroot.org>
Co-Authored-By: basti564 <e3e@disroot.org>
(cherry picked from commit 59aee1ca5d)
 2024-10-26 16:54:23 +02:00
Masum Reza
d1a6e5865d
[Backport release-24.05] maintainers: update Atemu's emails (#351442) 2024-10-26 19:15:05 +05:30
Atemu
86b4df8737 maintainers: update Atemu's emails 
(cherry picked from commit c83ce5bab4)
 2024-10-26 13:37:52 +00:00
Nick Cao
bd7619e84a
[Backport release-24.05] arc-browser: 1.65.0-54911 -> 1.66.0-55166 (#351319) 2024-10-26 09:03:12 -04:00
DontEatOreo
cce85d9d8c arc-browser: 1.65.0-54911 -> 1.66.0-55166 
Changelog: https://arc.net/e/00D675DF-0127-4340-9396-9616BEB71E57
(cherry picked from commit 1582530fed)
 2024-10-26 00:54:09 +00:00
Martin Weinelt
3addd49211
[Backport release-24.05] discourse: 3.2.5 -> 3.3.2 (#351230) 2024-10-26 01:26:52 +02:00
Masum Reza
c02f982a97
[Backport release-24.05] brave: 1.70.123 -> 1.71.118; move to by-name (#351238) 2024-10-26 00:43:41 +05:30
emilylange
264f4139ba
grafana-loki: 3.1.1 -> 3.1.2 
https://github.com/grafana/loki/releases/tag/v3.1.2

diff: https://github.com/grafana/loki/compare/v3.1.1...v3.1.2
 2024-10-25 21:11:40 +02:00
Sean Buckley
37aa9c6a88 brave: 1.70.123 -> 1.71.118 
https://community.brave.com/t/release-channel-1-71-118/576979
(cherry picked from commit 9922167c89)
 2024-10-25 17:40:41 +00:00
Sean Buckley
0a19a4690e brave: move to by-name 
(cherry picked from commit 177d045fb3)
 2024-10-25 17:40:41 +00:00
Thomas Gerbet
1c26873c2e
[Backport release-24.05] wireshark: 4.2.7 -> 4.2.8 (#351199) 2024-10-25 19:33:23 +02:00
Leona Maroni
de20c77eaa discourse.plugins: update 
(cherry picked from commit 2b0b37048c)
 2024-10-25 16:53:18 +00:00
Leona Maroni
f01bb94314 discourse-mail-receiver: 4.0.7 -> 4.1.0 
(cherry picked from commit d642a421cb)
 2024-10-25 16:53:18 +00:00
Leona Maroni
6bcdcaf38e discourse: 3.2.5 -> 3.3.2 
https://meta.discourse.org/t/3-3-0-major-release/316353
https://meta.discourse.org/t/3-3-1-bug-fix-release/322330
https://meta.discourse.org/t/3-3-2-security-and-maintenance-release/329341
(cherry picked from commit 6a5e0f7dac)
 2024-10-25 16:53:18 +00:00
DontEatOreo
feacc947d3
vencord: add maintainer donteatoreo 
(cherry picked from commit 71fc5743a8)
 2024-10-25 19:40:53 +03:00
DontEatOreo
ea2703dfdc
vencord: 1.10.4 -> 1.10.5 
Diff: https://github.com/Vendicated/Vencord/compare/v1.10.4...v1.10.5
(cherry picked from commit be43e12f91)
 2024-10-25 19:40:52 +03:00
R. Ryantm
e3bf33fafd
vencord: 1.10.3 -> 1.10.4 
(cherry picked from commit dced718864)
 2024-10-25 19:40:52 +03:00
R. Ryantm
fccd26faae
vencord: 1.10.2 -> 1.10.3 
(cherry picked from commit b87c518e5c)
 2024-10-25 19:40:52 +03:00
Martin Weinelt
79029a3a2c
[24.05] betterbird: mark as insecure (#351206) 2024-10-25 18:02:01 +02:00
eyjhb
9e431b5728 wireshark: 4.2.7 -> 4.2.8 
(cherry picked from commit e46b49de21)
 2024-10-25 15:30:43 +00:00
Emily
1dd950babb betterbird: mark as insecure 
There are a large number of CVEs marked as being relevant to
the version of Thunderbird this is based on, but as many Firefox
vulnerabilities are not practically exploitable in Thunderbird due
to lack of untrusted JS execution, I’ve chosen to only reference
the one that should unambiguously be exploitable via Thunderbird’s
built‐in PDF reader to allow injected code. This of course means
that it is likely that other JS‐related vulnerabilities present in
this version may be practically exploitable too.
 2024-10-25 15:54:18 +01:00