The pybrial package is a bit awkward. It doesn't have its own top-level
attribute, since it has a cyclic dependency with sage. That's one of the
reasons why it rarely gets updated. Its distributed along with brial, so
its best to keep the versions synchronized. The easiest way to do this
is to just re-use the source of brial.
* vym: 2.6.11 -> 2.7.1
* vym: install man page
* vym: fix /usr paths and move data from $out/vym
* Change version to 2.7.0
There was some concern that the release tarball 2.7.1 actually contains an in-development snapshot rather than a full release. The consensus seems to be that 2.7.0 should be used instead.
anydesk moves tar archives of older versions into a sub folder linux-generic, which breaks this package. Use two URLs to take care of both recent and older versions.
This is a large scale rework of the package, here's a change summary:
* Organized inputs (1/line, except conditionals)
* Introduced alsaSupport, pulseaudioSupport, waylandSupport
* enableGTK3 -> gtk3Support
* enableCalendar -> calendarSupport
* Organized buildInputs, nativeBuildInputs (1/line)
* Corrected native/buildInputs separation
* Ported over fixes/changes from Firefox
* Enabled sound, webp, vpx, rust-SIMD, necko-wifi
* Removed manual wrapping
* Lifted makeDesktopItem out of string section, into Nix
* Correctly set bindgen options
* Added lovesegfault as maintainer
* New url which uses https
This is non-authoritative, look at the diff for further info.
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.
When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.
The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.
CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory
closes#75506.
