Age | Commit message (Collapse) | Author | Files | Lines |
|
nix run nixpkgs#silver-searcher -- -G '\.nix$' -0l 'description.*".*\.";' pkgs \
| xargs -0 nix run nixpkgs#gnused -- -i '' -Ee 's/(description.*)\.";/\1";/'
|
|
|
|
|
|
|
|
It's time again, I guess :>
Main motivation is to stop being pinged about software that I maintained
for work now that I'm about to switch jobs. There's no point in pinging
me to review/test updates or to debug issues in e.g. the Atlassian stack
or on mailman since I use neither personally.
But there's also a bunch of other stuff that I stopped using personally. While
at it I realized that I'm still maintainer of a few tests & modules related to
packages I stopped maintaining in the past already.
|
|
No release notes for 9.11.1 so far.
For 9.11.0: https://confluence.atlassian.com/jirasoftware/issues-resolved-in-9-11-0-1282244702.html
However, the 9.6 series hat its last release in January 2023[1], so
going to the latest 9.x release with recent patch-level releases.
[1] https://www.atlassian.com/de/software/jira/update
|
|
Fixes CVE-2023-22512.
ChangeLog: https://confluence.atlassian.com/doc/issues-resolved-in-7-19-14-1289421565.html
|
|
Upgrade to the latest patchlevel of the 7.19 LTS release. Most notably
it contains fixes for the following security bulletins from Atlassian:
* https://confluence.atlassian.com/security/security-bulletin-august-15-2023-1276870882.html
(upgrade of bundled Apache Tomcat to fix CVE-2023-24998).
* https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
(fixes CVE-2023-22508, an RCE in Confluence >=6.1 <8.2)
Additionally, each release contains several additional bugfixes and
security fixes:
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-12-1272383421.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-11-1255451908.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-10-1252328199.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-9-1236440851.html
(also fixes CVE-2023-22504 which allows users with read-only access to
a page to upload attachments)
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-8-1229036579.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-7-1224638578.html
(also fixes CVE-2023-22503 an information disclosure of label &
attachment names)
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-6-1207191110.html
|
|
|
|
Changes:
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-5-1189802683.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-4-1189480226.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-3-1182925647.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-2-1168852726.html
|
|
|
|
atlassian-confluence: 7.18.1 -> 7.19.1
|
|
atlassian-bamboo: 8.1.4 -> 8.2.6
|
|
|
|
|
|
|
|
Only packages I'm not able to maintain anymore as of today. Mostly
because I'm haven't been using them in a while.
|
|
nixos/crowd: store openid password securely
|
|
|
|
Basically the same as the JIRA change[1], but I figured that we can
actually implement that in a backwards compatible manner.
[1] https://github.com/NixOS/nixpkgs/pull/181715
|
|
CVE-2022-26136, CVE-2022-26137
|
|
Nix store
The option `services.jira.sso.applicationPassword` has been replaced by
`applicationPasswordFile` that needs to be readable by the `jira`-user
or group.
The new `crowd.properties` is created on startup in `~jira` and the
secret is injected into it using `replace-secret`.
|
|
includes fix for CVE-2022-26135
https://confluence.atlassian.com/jira/jira-server-security-advisory-29nd-june-2022-1142430667.html
https://confluence.atlassian.com/jirasoftware/issues-resolved-in-8-22-4-1141486890.html
|
|
these are the easily identifiable cases and will not be comprehensive
|
|
|
|
atlassian-confluence: 7.14.1 -> 7.17.1
|
|
|
|
|
|
|
|
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
atlassian-jira: 8.14.0 -> 8.14.1
|
|
|
|
|
|
|
|
|
|
Part of: https://github.com/NixOS/nixpkgs/issues/108938
meta = with stdenv.lib;
is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.
This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.
The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
|
|
|
|
|
|
atlassian-crowd: 4.0.2 -> 4.2.0
|
|
https://confluence.atlassian.com/crowd/crowd-4-1-release-notes-1004960631.html
https://confluence.atlassian.com/crowd/crowd-4-2-release-notes-1019381976.html
|
|
https://confluence.atlassian.com/doc/issues-resolved-in-7-8-1-1027114676.html
|