Age | Commit message (Collapse) | Author | Files | Lines |
|
[23.11] brave: 1.66.115 -> 1.66.118
|
|
(cherry picked from commit 827fad6fceefd644f8803d4adb35ae46616b0cf4)
Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
|
|
[Backport release-23.11] chromedriver,chromium: 125.0.6422.141 -> 126.0.6478.55, rebase patches, extend tarball exclude
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html
This update includes 21 security fixes.
CVEs:
CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834
CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839
CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844
CVE-2024-5845 CVE-2024-5846 CVE-2024-5847
(cherry picked from commit 4942c64484400fe046785efe3b95cc45c2c8fb41)
|
|
Note that we can't just update previous patches in place, as that would
prevent electron-source and ungoogled-chrome (< M126) from building.
(cherry picked from commit 7f36179f17f5893535a055d1246714b86790baf7)
|
|
Starting with M126, the upstream release tarball includes two full
Debian sysroots to compile chromium with:
~~~shell
$ du -sh build/linux/debian_bullseye_*
835M build/linux/debian_bullseye_amd64-sysroot
739M build/linux/debian_bullseye_i386-sysroot
~~~
But they are huge and we don't need them.
In order to stay below the current 3 GB tarball size limit that is
dictated by hydra.nixos.org's max-output-limit, we add them to our
exclude patterns.
This is a no-op for < M126.
(cherry picked from commit bda04d27a0c0a482d3506d74f367f96155392e66)
|
|
(cherry picked from commit 7daf0986f20b4cea8bcfe2c265189f93df7107a8)
|
|
[Backport release-23.11] vimPlugins/copilot-vim: specify license (unfree)
|
|
[Backport release-23.11] matrix-conduit: 0.6.0 -> 0.7.0
|
|
|
|
From [the license][1]:
> GitHub Copilot is offered under the GitHub Terms of Service.
> Copyright (C) 2023 GitHub, Inc. - All Rights Reserved.
[1]: https://github.com/github/copilot.vim/blob/5b19fb001d7f31c4c7c5556d7a97b243bd29f45f/LICENSE.md
(cherry picked from commit 58ff8a126c5de1f23663fa07b5942d16c5940c7f)
|
|
[Backport release-23.11] Linux kernel updates 2024-06-12
|
|
(cherry picked from commit 51c2144ca72d4e30c151e7acd1796e47694c4334)
|
|
(cherry picked from commit de7df0d3eb38ca2926d04a73e90b1b73ec850ea7)
|
|
(cherry picked from commit d1d700300084c462b3aaf67a7c66c79fa0db2c66)
|
|
(cherry picked from commit ee6d6317b4f678720dd300734815eecc6fb6c70c)
|
|
Backport (the rest of) #315121 to release-23.11
|
|
(cherry picked from commit a21294b60b45847b27b227e5d5876e71e3a00d72)
|
|
(cherry picked from commit e192371fb05ff4f9ed9729610d1b01f581ef03f4)
|
|
(cherry picked from commit 979e6398aaa178d2542dbd856b2283bc38aad4f3)
|
|
(cherry picked from commit 3fb6880a9949dba1c40ef5811568e260bea1c1ba)
|
|
We assume RISC-V uses an uncompressed kernel in
lib/systems/platforms.nix. Since this is the first Linux version to
support either xz or zstd compressed kernels on RISC-V, we can't
change platforms.nix to match the other platforms without breaking
builds of older kernel versions, so let's just preserve the old
behaviour.
We could in future decide to use gzip-compressed kernels on RISC-V,
which is supported going back further.
(cherry picked from commit 9f18414c6b7daa5b83210984bfb124e4f7c3340e)
|
|
[Backport release-23.11] python3Packages.pyinfra: 2.8 -> 2.9.2
|
|
...into release-23.11
|
|
...into release-23.11
|
|
...into release-23.11
|
|
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.3
(cherry picked from commit 2dc0bf5786f1fcc0445013249c48f207312b7c8d)
|
|
...into release-23.11
|
|
(cherry picked from commit 1385946a930b9887ad5495687d1ad7b9573b52b7)
|
|
[23.11] phpPackages.composer: 2.7.6 -> 2.7.7
|
|
Fixes CVE-2024-35241 and CVE-2024-35242.
Changes:
https://github.com/composer/composer/releases/tag/2.7.7
|
|
[Backport release-23.11] php81: restore patch for libxml2 on darwin
|
|
(cherry picked from commit b09b1844d3f85758719619352556d5c3bbca5e0b)
|
|
[Backport release-23.11] linux-firmware: 20240513 -> 20240610
|
|
(cherry picked from commit 34e518edbc43d15299102c5c3f30139a7413bb7b)
|
|
[Backport release-23.11] Firefox: 126.0.1 -> 127.0; 115.11.0esr -> 115.12.0esr
|
|
https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/
(cherry picked from commit d2f9ffa0277cd9327d96d360266eddd164fcb1f6)
|
|
https://www.mozilla.org/en-US/firefox/127.0/releasenotes/
(cherry picked from commit fa42b9a12aa6b3f7dcf14c1eccab121f4efca706)
|
|
https://www.mozilla.org/en-US/firefox/127.0/releasenotes/
(cherry picked from commit 9763258b5e57b10464bbf94877dd62c8ca44258c)
|
|
[Backport release-23.11] nss_latest: 3.100 -> 3.101
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_101.rst
(cherry picked from commit a69f5dad544ce8a63a95cdc09d6a6d50d2372933)
|
|
frr: 9.0.2 -> 9.0.3
|
|
Currently no published release notes available.
CVEs fixed:
- CVE-2024-31948
- CVE-2024-31949
- CVE-2024-31950
- CVE-2024-31951
Some notable fixes:
- isisd: fix heap-after-free with prefix sid
- ospfd: Solved crash in RI parsing with OSPF TE
- ospfd: Correct Opaque LSA Extended parser
- ospf6d: Prevent heap-buffer-overflow with unknown type
- pimd: fix crash when mixing ssm/any-source joins
Signed-off-by: Markus Theil <theil.markus@gmail.com>
|
|
https://community.brave.com/t/release-channel-1-66-118/551342
|
|
[Backport release-23.11] xmedcon: 0.23.0 -> 0.24.0
|
|
(cherry picked from commit e10b8c551f4979a96ee47c153e762b59cfc58d08)
|
|
[Backport release-23.11] nextcloud29: 29.0.1 -> 29.0.2
|
|
[Backport release-23.11] python313: 3.13.0b1 -> 3.13.0b2
|
|
[Backport release-23.11] yandex-browser: mark knownVulnerabilities
|
|
(cherry picked from commit c07f1e94c675ac2c2b7223e6476e80a085f103a4)
|