chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-11 02:10:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
809,928 Commits 241 Branches 113 Tags
nixos-25.05
Commit Graph

809928 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fernando Rodrigues
f6fd7105b5 xen: patch with XSA-473 
This patch only affects ARM, but it's better than setting ARM as knownVulnerabilities.

Arm issues with page refcounting

There are two issues related to the mapping of pages belonging to other
domains: For one, an assertion is wrong there, where the case actually
needs handling.  A NULL pointer de-reference could result on a release
build.  This is CVE-2025-58144.

And then the P2M lock isn't held until a page reference was actually
obtained (or the attempt to do so has failed).  Otherwise the page can
not only change type, but even ownership in between, thus allowing
domain boundaries to be violated.  This is CVE-2025-58145.

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>

(cherry picked from commit 15968113a2)
 2025-09-09 22:59:06 +10:00
Fernando Rodrigues
fbc146f31e xen: patch with XSA-472 
Mutiple vulnerabilities in the Viridian interface

There are multiple issues related to the handling and accessing of guest
memory pages in the viridian code:

 1. A NULL pointer dereference in the updating of the reference TSC area.
    This is CVE-2025-27466.

 2. A NULL pointer dereference by assuming the SIM page is mapped when
    a synthetic timer message has to be delivered.  This is
    CVE-2025-58142.

 3. A race in the mapping of the reference TSC page, where a guest can
    get Xen to free a page while still present in the guest physical to
    machine (p2m) page tables.  This is CVE-2025-58143.

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>

(cherry picked from commit 2648215258)
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
 2025-09-09 22:59:06 +10:00
Niklas Korz
f8bded8df5 [release-25.05] renovate: fix build failure by pinning to nodejs_20 (#440849) 2025-09-09 13:11:57 +02:00
Emily
b6c90bad11 [Backport release-25.05] ungoogled-chromium: 139.0.7258.154-1 -> 140.0.7339.80-1 (#441432) 2025-09-09 13:09:23 +02:00
emilylange
04a51d3037 ungoogled-chromium: 139.0.7258.154-1 -> 140.0.7339.80-1 
https://developer.chrome.com/blog/new-in-chrome-140

https://developer.chrome.com/release-notes/140

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html

CVEs:
CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867

(cherry picked from commit 00ef480b67)
 2025-09-09 11:01:31 +00:00
Weijia Wang
798120a86b [Backport release-25.05] firebird_3: 3.0.12 -> 3.0.13 (#441419) 2025-09-09 12:41:08 +02:00
Weijia Wang
339d627826 firebird_3: 3.0.12 -> 3.0.13 
(cherry picked from commit 6c9f81f034)
 2025-09-09 11:56:51 +02:00
jopejoe1
d179d77c13 [release-25.05] pgadmin: 9.3 -> 9.8 (#441037) 2025-09-09 11:09:30 +02:00
Sandro
d2b0de5297 [Backport release-25.05] yt-dlp: 2025.08.27 -> 2025.09.05 (#441278) 2025-09-09 11:06:58 +02:00
Wolfgang Walther
8a6eff30b3 [25.05] ci/eval/README.md: adjust wording (#441405) 2025-09-09 08:10:05 +00:00
Ben Siraphob
8bb3b72d53 ci/eval/README.md: adjust wording 
(cherry picked from commit 807ce4b7b3)
 2025-09-09 10:06:12 +02:00
Wolfgang Walther
62c3302639 [Backport release-25.05] ci/github-script/labels: keep "needs reviewer" if only automated reviews (#441401) 2025-09-09 07:53:33 +00:00
Ryan Omasta
ebe9db6538 ci/github-script/labels: keep "needs reviewer" if only automated reviews 
(cherry picked from commit 32373aff1c)
 2025-09-09 07:49:29 +00:00
Yohann Boniface
be057f1650 [Backport release-25.05] lmstudio: 0.3.24.6 -> 0.3.25.2 (#440808) 2025-09-08 23:48:33 +02:00
JuliusFreudenberger
674734f597 teleport_16: 16.5.14 -> 16.5.15 
Changelog: https://github.com/gravitational/teleport/releases/tag/v16.5.15
Diff: https://github.com/gravitational/teleport/compare/v16.5.14...v16.5.15
(cherry picked from commit 266a75ebbb)
 2025-09-08 22:21:25 +02:00
JuliusFreudenberger
d32c25ef77 teleport_17: 17.7.0 -> 17.7.3 
Changelogs: https://github.com/gravitational/teleport/releases/tag/v17.7.1 https://github.com/gravitational/teleport/releases/tag/v17.7.2 https://github.com/gravitational/teleport/releases/tag/v17.7.3
Diff: https://github.com/gravitational/teleport/compare/v17.7.0...v17.7.3
(cherry picked from commit e171fab899)
 2025-09-08 22:21:24 +02:00
JuliusFreudenberger
c5f31425ce teleport_18: 18.1.1 -> 18.2.0 
Changelogs: https://github.com/gravitational/teleport/releases/tag/v18.1.2 https://github.com/gravitational/teleport/releases/tag/v18.1.3 https://github.com/gravitational/teleport/releases/tag/v18.1.4 https://github.com/gravitational/teleport/releases/tag/v18.1.5 https://github.com/gravitational/teleport/releases/tag/v18.1.6 https://github.com/gravitational/teleport/releases/tag/v18.1.7 https://github.com/gravitational/teleport/releases/tag/v18.1.8 https://github.com/gravitational/teleport/releases/tag/v18.2.0
Diff: https://github.com/gravitational/teleport/compare/v18.1.1...v18.2.0
(cherry picked from commit 2c32d07791)
 2025-09-08 22:21:24 +02:00
JuliusFreudenberger
f1982a4b8c teleport: rename references to rdp library to librdpclient.h 
The file was renamed upstream, so the patch and import have to be
updated respectively.

(cherry picked from commit b2570e4cb3)
 2025-09-08 22:21:24 +02:00
JuliusFreudenberger
48e58b28b4 teleport_17: 17.5.4 -> 17.7.0 
Changelogs: https://github.com/gravitational/teleport/releases/tag/v17.5.5 https://github.com/gravitational/teleport/releases/tag/v17.5.6 https://github.com/gravitational/teleport/releases/tag/v17.6.0 https://github.com/gravitational/teleport/releases/tag/v17.7.0
Diff: https://github.com/gravitational/teleport/compare/v17.5.4...v17.7.0

Also add fix for error: "ERROR: mkdir /homeless-shelter: permission denied"

(cherry picked from commit 475e7fd75d)
 2025-09-08 22:21:24 +02:00
JuliusFreudenberger
6dc0ee4377 teleport_16: 16.5.13 -> 16.5.14 
Changelog: https://github.com/gravitational/teleport/releases/tag/v16.5.14
Diff: https://github.com/gravitational/teleport/compare/v16.5.13...v16.5.14
(cherry picked from commit 5fdc599923)
 2025-09-08 22:21:23 +02:00
JuliusFreudenberger
21037c0b4c teleport_18: init at 18.1.1 
(cherry picked from commit f073e6214c)
 2025-09-08 22:21:19 +02:00
JuliusFreudenberger
25ef88b40f wasm-bindgen-cli_0_2_99: init at 0.2.99 
This is needed for teleport_18

(cherry picked from commit c6d1d4dd2c)
 2025-09-08 22:21:19 +02:00
JuliusFreudenberger
1fcc12742d teleport: migrate to new buildTeleport 
This facilitates using different Go and wasm-bindgen-cli versions more
easily, which will be needed for the new teleport_18 version.

(cherry picked from commit 2dee29888f)
 2025-09-08 22:21:18 +02:00
Jost Alemann
e21d8c3452 yt-dlp: 2025.08.27 -> 2025.09.05 
Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.09.05
Diff: https://github.com/yt-dlp/yt-dlp/compare/2025.08.27...2025.09.05
(cherry picked from commit b78fbae8c0)
 2025-09-08 19:01:09 +00:00
dish
49a25608bf [Backport release-25.05] ed-odyssey-materials-helper: 2.243 -> 2.247 (#441169) 2025-09-08 11:33:02 -04:00
dish
d51e10f7df [Backport release-25.05] nodejs_20: 20.19.4 -> 20.19.5 (#441167) 2025-09-08 11:32:09 -04:00
dish
0afd8f9b73 [Backport release-25.05] anytype: 0.46.5 -> 0.49.2 (#441083) 2025-09-08 11:31:59 -04:00
Tristan Ross
9d1fa9fa26 llvmPackages_git: 22.0.0-unstable-2025-08-31 -> 22.0.0-unstable-2025-09-07 
(cherry picked from commit e7a609e865)
 2025-09-08 16:25:49 +02:00
Wolfgang Walther
bb0a103961 [Backport release-25.05] postgresqlPackages.pg_cron: 1.6.6 -> 1.6.7 (#441209) 2025-09-08 14:20:16 +00:00
Wolfgang Walther
efbec81d72 [Backport release-25.05] ci: have eval.full return the report as displayed in CI (#441214) 2025-09-08 14:12:00 +00:00
Philip Taron
2fbedb9402 ci: have eval.full return the report as displayed in CI 
Update the README.md to document what gets returned.
We might in the future split these up into other attrsets but I don't see a usecase for that at the moment.

(cherry picked from commit 07916fc3fd)
 2025-09-08 14:09:00 +00:00
R. Ryantm
4c4752e9a3 postgresqlPackages.pg_cron: 1.6.6 -> 1.6.7 
(cherry picked from commit c83177793e)
 2025-09-08 13:54:56 +00:00
Pavol Rusnak
f11c2a7b61 [25.05] ollama: 0.11.4 -> 0.11.10 (#441208) 2025-09-08 15:44:41 +02:00
liberodark
447bde708a ollama: 0.11.7 -> 0.11.10 
(cherry picked from commit 75a44cc7fe)
 2025-09-08 15:27:01 +02:00
R. Ryantm
5fffc52108 ollama: 0.11.4 -> 0.11.7 
(cherry picked from commit 9fe3a2ac3a)
 2025-09-08 15:26:51 +02:00
Philip Taron
ea475b35ac [Backport release-25.05] build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#441200) 2025-09-08 14:39:23 +02:00
dependabot[bot]
36c667d9f4 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](60a0d83039...ed597411d8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 4ea8216576)
 2025-09-08 12:36:31 +00:00
Philip Taron
2cb3193f33 [Backport release-25.05] build(deps): bump actions/labeler from 5.0.0 to 6.0.1 (#441199) 2025-09-08 14:36:19 +02:00
dependabot[bot]
0fbe222634 build(deps): bump actions/labeler from 5.0.0 to 6.0.1 
Bumps [actions/labeler](https://github.com/actions/labeler) from 5.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](8558fd7429...634933edcd)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit d64ece988b)
 2025-09-08 12:33:13 +00:00
Philip Taron
2c2adc7602 [Backport release-25.05] build(deps): bump cachix/install-nix-action from 31.6.0 to 31.6.1 (#441195) 2025-09-08 14:31:56 +02:00
dependabot[bot]
ec3f65fdfd build(deps): bump cachix/install-nix-action from 31.6.0 to 31.6.1 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 31.6.0 to 31.6.1.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md)
- [Commits](56a7bb7b56...7be5dee142)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-version: 31.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit c4fd1f6500)
 2025-09-08 12:23:32 +00:00
R. Ryantm
7f9216ca72 thunderbird-140-unwrapped: 140.2.0esr -> 140.2.1esr 
(cherry picked from commit d1331163ff)
 2025-09-08 12:12:08 +00:00
R. Ryantm
3932819b0a ed-odyssey-materials-helper: 2.243 -> 2.247 
(cherry picked from commit a45a586b96)
 2025-09-08 10:42:19 +00:00
pennae
0b4e022748 [Backport release-25.05] lixPackageSets.lix_2_93: 2.93.2 -> 2.93.3 (#440880) 2025-09-08 12:38:04 +02:00
Antoine du Hamel
b9c56653a4 nodejs_20: 20.19.4 -> 20.19.5 
(cherry picked from commit 1e8be648a2)
 2025-09-08 10:31:04 +00:00
R. Ryantm
8d928d1ca5 linuxKernel.kernels.linux_zen: 6.16.3 -> 6.16.5 
(cherry picked from commit a034c0d3b8)
 2025-09-08 11:29:01 +02:00
Florian Klink
16721e9cba [Backport release-25.05] paretosecurity: 0.3.2 -> 0.3.3 (#440947) 2025-09-08 08:13:58 +02:00
Maximilian Bosch
7d7d436071 Merge: [Backport release-25.05] nixos/nextcloud: Pass OC_PASS and NC_PASS environment variables to nextcloud-occ (#440004) 2025-09-08 07:45:33 +02:00
Kira Bruneau
bc8fcb1887 anytype: mark as broken on darwin 
(cherry picked from commit 518b5ba83d)
 2025-09-08 01:01:40 +00:00
Michal Koutenský
3fb3c0acb3 anytype: 0.46.5 -> 0.49.2 
0001-fix-single-instance-detection-when-not-packaged.patch is now included upstream

(cherry picked from commit 327eae33cd)
 2025-09-08 01:01:39 +00:00