about summary refs log tree commit diff
path: root/pkgs/tools
AgeCommit message (Collapse)AuthorFilesLines
4 daysopenssh_{hpn,gssapi}: add backported security fix patchesEmily1-0/+4
Fixes a critical security bug allowing remote code execution as root: <https://www.openssh.com/txt/release-9.8> This may be CVE-2024-6387 (currently embargoed): <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> Thanks to upstream and Sam James <sam@gentoo.org> for the backport: <https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338> Please don’t use these packages on the open internet if you care a lot about security. (cherry picked from commit e21559153b81b0de896f735893796bb9042a54d4)
4 daysopenssh: add backported security fix patchesEmily3-1/+40
Fixes a critical security bug allowing remote code execution as root: <https://www.openssh.com/txt/release-9.8> This may be CVE-2024-6387 (currently embargoed): <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> Thanks to upstream and Sam James <sam@gentoo.org> for the backport: <https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338>
8 daysnetbird: 0.27.10 -> 0.28.3R. Ryantm1-3/+3
(cherry picked from commit 27fdb4ca2cacfddff59147701295168193e1b862)
8 daysnixVersions: bump patch releasesValentin Gagarin1-4/+4
(cherry picked from commit 144ac0d7fc16609847d957d53a715d393caaeef2)
13 daysnixVersions.nix_2_18: 2.18.1 -> 2.18.3Alois Wohlschlager2-385/+2
Diff: https://github.com/NixOS/nix/compare/2.18.1...2.18.3 The patch for CVE-2024-27297 can be dropped since it's included upstream. The regression that prevented the upgrade to 2.18.2 so far is fixed too.
2024-06-03Merge pull request #315929 from NixOS/backport-315550-to-release-23.11Nick Cao1-3/+3
[Backport release-23.11] netbird: 0.27.7 -> 0.27.10
2024-05-31Merge pull request #315906 from NixOS/backport-296536-to-release-23.11Aleksana1-2/+2
[Backport release-23.11] vips: 8.15.1 -> 8.15.2
2024-05-30netbird: 0.27.7 -> 0.27.10R. Ryantm1-3/+3
(cherry picked from commit b769f587e137f3abcd60dc23d8d6a6fda2f1e60c)
2024-05-30vips: 8.15.1 -> 8.15.2R. Ryantm1-2/+2
(cherry picked from commit e588cd4ec273d4081bb2d36d55740668b1677902)
2024-05-26cve-bin-tool: apply patch to avoid a patch traversal when opening a tar fileThomas Gerbet1-0/+13
https://www.openwall.com/lists/oss-security/2024/05/26/1 Also applied the fix to download CVE data from curl datasources. The issue prevented me to properly test the change. Upgrading to 3.2.1 required more work.
2024-05-25Merge pull request #314431 from NixOS/backport-272640-to-release-23.11Nick Cao1-1/+1
[Backport release-23.11] bzip2: update patch URL
2024-05-25Merge pull request #303083 from NixOS/backport-301840-to-release-23.11Aleksana2-14/+14
[Backport release-23.11] curl-impersonate: 0.5.4 -> 0.6.1
2024-05-24bzip2: update patch URLArtem Leshchev1-1/+1
For some reason ftp.suse.com refuses connections via IPv6 on HTTPS, which breaks download from IPv6-only network. This commit changes protocol to FTP, which works fine via IPv6 and which is consistent with other mention of this domain in nixpkgs. (cherry picked from commit ab3f8547cbddc167abe1be7092d3a531d7e9f28c)
2024-05-24Merge pull request #314035 from NixOS/backport-277810-to-release-23.11Nick Cao1-2/+2
[Backport release-23.11] vips: 8.15.0 -> 8.15.1
2024-05-23vips: 8.15.0 -> 8.15.1R. Ryantm1-2/+2
(cherry picked from commit fd86d9400fd63aa95ec0432b972d0a00a9381372)
2024-05-23fluent-bit: 2.2.2 -> 2.2.3Franz Pletz1-2/+2
https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/
2024-05-23fluent-bit: 2.2.1 -> 2.2.2R. Ryantm1-2/+2
(cherry picked from commit f6ebc9b47890b5c23ed2d7445ea39f9181fc52af)
2024-05-23fluent-bit: 2.2.0 -> 2.2.1R. Ryantm1-2/+2
(cherry picked from commit 3cad12f665f6b9afb18ea0e96ca3652fc6a98077)
2024-05-22tinyproxy: 1.11.1 -> 1.11.2 (#313675)github-actions[bot]1-11/+2
Fixes CVE-2023-49606 and CVE-2023-40533. https://github.com/tinyproxy/tinyproxy/releases/tag/1.11.2 Reporter advisories: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1902 (cherry picked from commit bcd0c6a3ca932310ba35ecacc14d9c56b803ff3f) Co-authored-by: Thomas Gerbet <thomas@gerbet.me>
2024-05-20mpack: patch CVE-2011-4919Tomo2-1/+24
More information available here: https://www.openwall.com/lists/oss-security/2011/12/31/1 The original patch is by Sebastian Pipping and is available here: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f We copy the patch in-tree, as the original source of the patch did not have the "raw" diff made available. Closes #90905 (cherry picked from commit 0184e92fa5d70df75f5824f96c0f77d158d46f31)
2024-05-16netbird-ui: 0.27.5 -> 0.27.7R. Ryantm1-2/+2
(cherry picked from commit d1dc3aa5d9a43e582767f40f616f49849f5c7830)
2024-05-13Merge pull request #311130 from risicle/ris-clamav-1.2.3-r23.11Weijia Wang1-2/+2
[23.11] clamav: 1.2.2 -> 1.2.3
2024-05-12Merge pull request #283552 from NixOS/backport-283433-to-release-23.11Pol Dellaiera1-3/+3
[Backport release-23.11] fzf: 0.45.0 -> 0.46.0
2024-05-12clamav: 1.2.2 -> 1.2.3Robert Scott1-2/+2
addressing CVE-2024-20380
2024-05-11netbird-ui: 0.27.4 -> 0.27.5R. Ryantm1-2/+2
(cherry picked from commit 7356175c3cdb1648becd4ed63257a4601554cd79)
2024-05-08beets: fix broken aarch64 build due to missing plugin testManuel Frischknecht1-0/+1
The `absubmit` plugin for beets has no respective plugin test that is named after the default plugin test schema defined in `common.nix` [1], so not explicitly declaring that the plugin has *no tests* (i.e. the respective test list is empty), `mkPlugin` will try to disable the non-existant test `test/test_absubmit.py`), breaking beet's build. [1]: https://github.com/NixOS/nixpkgs/blob/c7916a507b6657f82a42741790a86e66f7783480/pkgs/tools/audio/beets/common.nix#L39 (cherry picked from commit 6fcd9c7e933d12f0295653174dd64aeb2ed5b60d)
2024-05-07Merge pull request #308310 from matthiasbeyer/backport-308144-to-release-23.11Matthias Beyer1-4/+4
[Backport release 23.11]: mdbook-pagetoc: 0.1.7 -> 0.2.0
2024-05-03tpm2-tools: 5.6 -> 5.7 (#308811)github-actions[bot]1-10/+2
Cherry picked from commit bb9e8704fe7adbc0759112b75acf642f2d1a1a61 Co-authored-by: Tom Fitzhenry <tom@tom-fitzhenry.me.uk>
2024-05-02sudo-rs: 0.2.1 -> 0.2.2 (#308581)github-actions[bot]1-3/+3
Fixes a crash in sudo-rs' syslog code Cherry picked from commit 61046902b55b161c72295ff61a816cc8f372da99 Co-authored-by: R. Ryantm <ryantm-bot@ryantm.com>
2024-05-02mdbook-pagetoc: 0.1.9 -> 0.2.0R. Ryantm1-3/+3
(cherry picked from commit 4c97fdfc13a11145cd2e9813526b08b31cc50323) Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2024-05-02mdbook-pagetoc: Add myself as maintainerMatthias Beyer1-1/+1
Signed-off-by: Matthias Beyer <mail@beyermatthias.de> (cherry picked from commit dee865434d45e5c5cd09ce8198b6049beda52845) Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2024-05-02mdbook-pagetoc: 0.1.8 -> 0.1.9R. Ryantm1-3/+3
(cherry picked from commit 1f72e3773f2ac94270b8ee3ad67636c0198fb75e) Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2024-05-02mdbook-pagetoc: 0.1.7 -> 0.1.8R. Ryantm1-3/+3
(cherry picked from commit e5ee263c70272e8752409f91f6647472f9c75bf7) Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2024-05-02Merge pull request #308459 from NixOS/backport-308042-to-release-23.11Nick Cao1-3/+3
[Backport release-23.11] netbird-ui: 0.27.3 -> 0.27.4
2024-05-02Merge pull request #308489 from matthiasbeyer/backport-308457-to-release-23.11Matthias Beyer1-3/+3
[Backport release 23.11]: zellij: 0.39.2 -> 0.40.1
2024-05-02zellij: 0.40.0 -> 0.40.1Matthias Beyer1-3/+3
Signed-off-by: Matthias Beyer <mail@beyermatthias.de> (cherry picked from commit 8a19b4996de8e7b9b32a1db15015e44f88400427) Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2024-05-02zellij: 0.39.2 -> 0.40.0Matthias Beyer1-3/+3
Signed-off-by: Matthias Beyer <mail@beyermatthias.de> (cherry picked from commit 398f02763a59e584f2814fbcec94e2c344fbab51) Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2024-05-02netbird-ui: 0.27.3 -> 0.27.4R. Ryantm1-3/+3
(cherry picked from commit f856f53b908763a725ea0ccf2c84963367a7469f)
2024-04-30calamares-nixos-extensions: 0.3.14 -> 0.3.15Victor Fuentes1-2/+2
(cherry picked from commit 9e68e6520ce36c526ad1a901214aace62e15d446)
2024-04-30calamares: 3.2.62 -> 3.3.3Victor Fuentes6-39/+40
(cherry picked from commit c7145973608e786a2be803aa581d01c1afd5cfc4)
2024-04-28nixVersions.nix_2_3: 2.3.17 -> 2.3.18PerchunPak2-378/+2
Changes: https://github.com/NixOS/nix/compare/2.3.17...2.3.18 (cherry picked from commit cbb8cd19a0c004beb7b6ade537a533b32b30d87c)
2024-04-28Merge pull request #304291 from NixOS/backport-301842-to-release-23.11Weijia Wang1-2/+2
[Backport release-23.11] opensc: 0.25.0 -> 0.25.1
2024-04-27agebox: update vulnerable dependencyPaul Meyer1-2/+11
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> (cherry picked from commit 8f5c4cf5eb969a7f048503a21ca6ffdd1b8c7c3d)
2024-04-25mcaselector: add missing wrapGAppsHook (#306545) [Backport release-23.11]github-actions[bot]1-2/+6
* mcaselector: add wrapGAppsHook (cherry picked from commit 7dfacd893582e4eff8fe00461a25b2c5996d7e71) * mcaselector: don't wrap executable twice (cherry picked from commit 4bcdfaccf4c1bbd0a0fdb6f89ce80e596ea3e22b) * mcaselector: correctly escape bash variable (cherry picked from commit 0cf87e49b4a2b0af644b9e958c746383d4b041a3) --------- Co-authored-by: LeixB <abone9999@gmail.com> Co-authored-by: Aleksana <alexander.huang.y@gmail.com>
2024-04-24fdupes: 2.2.1 -> 2.3.0e1mo1-7/+22
> Changes from 2.2.1 to 2.3.0: > > - Add --cache option to speed up file comparisons. > - Use nanosecond precision for file times, if available. > - Fix compilation issue on OpenBSD. > - Other changes like fixing typos, wording, etc. Changelog: https://github.com/adrianlopezroche/fdupes/releases/tag/v2.3.0 (cherry picked from commit 3044597bf9eda5f79759b79695e7111e7ca37cd9)
2024-04-22vault, vault-bin: add CVE-2024-2660 to the knownVulnerabilitiesThomas Gerbet2-0/+2
Ideally we would upgrade but in this specific instance the fixed versions (and the patch for the issue) have been relicensed under the Business Source License which is unfree. Tagging the packages with `knownVulnerabilities` seems to be our least worse solution. If someone care enough I'm guessing the unfree versions could be backported under a different names in 23.11.
2024-04-20Merge #301159: opencryptoki: 3.20.0 -> 3.23.0Vladimír Čunát1-2/+6
...into release-23.11
2024-04-19libreswan: 4.12 -> 4.15Leona Maroni1-2/+2
https://download.libreswan.org/CHANGES fixes CVE-2024-2357, CVE-2024-3652 (cherry picked from commit eee733a88de54288798d59e05c198edc77120924)
2024-04-19Merge pull request #302279 from matthiasbeyer/backport-301610-to-release-23.11Matthias Beyer1-3/+3
[Backport release 23.11]: dl-librescore: 0.34.47 -> 0.35.7
2024-04-17vpsfree-client: 0.17.1 -> 0.18.0Jakub Skokan3-75/+121
(cherry picked from commit 777e5f1deb649674ac94df0f907c0fa81188dd9d)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 14:39:56 +0000