Age | Commit message (Collapse) | Author | Files | Lines |
|
(cherry picked from commit 4fdfcf9c4dda0a1bf4cd1210e4cb27c40f2521b8)
|
|
(cherry picked from commit 5c0cfdcf575b2022af74c94f4789339fd97b6f21)
|
|
(cherry picked from commit 97e43dad5bb81d59de43db872512eb9120e96f0f)
|
|
(cherry picked from commit c7f89ecf3bd8e624cf174f427ecec8c6c2be5846)
|
|
(cherry picked from commit aba81ce08407f4eeef7471f451397ae2135a9435)
|
|
Manual backport of #319262.
Upstream changelog: https://code.videolan.org/videolan/vlc/-/blob/dd8bfdbabe8ae3974ca3864ad3125879f523e3a2/NEWS
Fixes https://www.videolan.org/security/sb-vlc3021.html (VideoLAN-SB-VLC-3021).
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html
This update includes 21 security fixes.
CVEs:
CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834
CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839
CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844
CVE-2024-5845 CVE-2024-5846 CVE-2024-5847
(cherry picked from commit c1c5e1ca4570a9504c5f77f1f4a059bfe8da82f8)
|
|
|
|
[Backport release-23.11] prometheus-knot-exporter: 3.3.5 -> 3.3.6
|
|
(cherry picked from commit 9de38ffd8ec88eed4229bd2d2ff1765cde42661c)
|
|
|
|
[23.11] brave: 1.66.115 -> 1.66.118
|
|
(cherry picked from commit 827fad6fceefd644f8803d4adb35ae46616b0cf4)
Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
|
|
https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.4-ee/CHANGELOG.md
Fixes CVE-2024-1495
Fixes CVE-2024-1963
Fixes CVE-2024-4201
Fixes CVE-2024-5469
|
|
[Backport release-23.11] chromedriver,chromium: 125.0.6422.141 -> 126.0.6478.55, rebase patches, extend tarball exclude
|
|
(cherry picked from commit 5e57e65ce4295a22fa7c36cf99e5233586773383)
|
|
https://gitlab.nic.cz/knot/knot-dns/-/releases/v3.3.6
(cherry picked from commit e67116cda691a38f5c4f8cc20069e2223288f460)
|
|
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html
This update includes 21 security fixes.
CVEs:
CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834
CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839
CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844
CVE-2024-5845 CVE-2024-5846 CVE-2024-5847
(cherry picked from commit 4942c64484400fe046785efe3b95cc45c2c8fb41)
|
|
Note that we can't just update previous patches in place, as that would
prevent electron-source and ungoogled-chrome (< M126) from building.
(cherry picked from commit 7f36179f17f5893535a055d1246714b86790baf7)
|
|
Starting with M126, the upstream release tarball includes two full
Debian sysroots to compile chromium with:
~~~shell
$ du -sh build/linux/debian_bullseye_*
835M build/linux/debian_bullseye_amd64-sysroot
739M build/linux/debian_bullseye_i386-sysroot
~~~
But they are huge and we don't need them.
In order to stay below the current 3 GB tarball size limit that is
dictated by hydra.nixos.org's max-output-limit, we add them to our
exclude patterns.
This is a no-op for < M126.
(cherry picked from commit bda04d27a0c0a482d3506d74f367f96155392e66)
|
|
(cherry picked from commit 7daf0986f20b4cea8bcfe2c265189f93df7107a8)
|
|
[Backport release-23.11] vimPlugins/copilot-vim: specify license (unfree)
|
|
[Backport release-23.11] matrix-conduit: 0.6.0 -> 0.7.0
|
|
|
|
From [the license][1]:
> GitHub Copilot is offered under the GitHub Terms of Service.
> Copyright (C) 2023 GitHub, Inc. - All Rights Reserved.
[1]: https://github.com/github/copilot.vim/blob/5b19fb001d7f31c4c7c5556d7a97b243bd29f45f/LICENSE.md
(cherry picked from commit 58ff8a126c5de1f23663fa07b5942d16c5940c7f)
|
|
[Backport release-23.11] Linux kernel updates 2024-06-12
|
|
(cherry picked from commit 51c2144ca72d4e30c151e7acd1796e47694c4334)
|
|
(cherry picked from commit de7df0d3eb38ca2926d04a73e90b1b73ec850ea7)
|
|
(cherry picked from commit d1d700300084c462b3aaf67a7c66c79fa0db2c66)
|
|
(cherry picked from commit ee6d6317b4f678720dd300734815eecc6fb6c70c)
|
|
Backport (the rest of) #315121 to release-23.11
|
|
(cherry picked from commit a21294b60b45847b27b227e5d5876e71e3a00d72)
|
|
(cherry picked from commit e192371fb05ff4f9ed9729610d1b01f581ef03f4)
|
|
(cherry picked from commit 979e6398aaa178d2542dbd856b2283bc38aad4f3)
|
|
(cherry picked from commit 3fb6880a9949dba1c40ef5811568e260bea1c1ba)
|
|
We assume RISC-V uses an uncompressed kernel in
lib/systems/platforms.nix. Since this is the first Linux version to
support either xz or zstd compressed kernels on RISC-V, we can't
change platforms.nix to match the other platforms without breaking
builds of older kernel versions, so let's just preserve the old
behaviour.
We could in future decide to use gzip-compressed kernels on RISC-V,
which is supported going back further.
(cherry picked from commit 9f18414c6b7daa5b83210984bfb124e4f7c3340e)
|
|
[Backport release-23.11] python3Packages.pyinfra: 2.8 -> 2.9.2
|
|
...into release-23.11
|
|
...into release-23.11
|
|
...into release-23.11
|
|
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.3
(cherry picked from commit 2dc0bf5786f1fcc0445013249c48f207312b7c8d)
|
|
|
|
...into release-23.11
|
|
(cherry picked from commit 1385946a930b9887ad5495687d1ad7b9573b52b7)
|
|
[23.11] phpPackages.composer: 2.7.6 -> 2.7.7
|
|
Fixes CVE-2024-35241 and CVE-2024-35242.
Changes:
https://github.com/composer/composer/releases/tag/2.7.7
|
|
[Backport release-23.11] php81: restore patch for libxml2 on darwin
|
|
(cherry picked from commit b09b1844d3f85758719619352556d5c3bbca5e0b)
|
|
[Backport release-23.11] linux-firmware: 20240513 -> 20240610
|