tjh.dev
commits
(cherry picked from commit 9a3e8699976bd673f9f4eee64e254ccb7a1fadce)
(cherry picked from commit f15d286aaca6f7bd9f246c72978992ea8bb73e63)
(cherry picked from commit 545ba18df2ca2077d6c1a69e02648ad88dd5d968)
[Backport release-21.05] nixos/acme: don't use --reuse-key
Reusing the same private/public key on renewal has two issues:
- some providers don't accept to sign the same public key
again (Buypass Go SSL)
- keeping the same private key forever partly defeats the purpose of
renewing the certificate often
Therefore, let's remove this option. People wanting to keep the same
key can set extraLegoRenewFlags to `[ --reuse-key ]` to keep the
previous behavior. Alternatively, we could put this as an option whose
default value is true.
(cherry picked from commit 632c8e1d54e299f656aa677f25552e1127f12849)
[21.05] Staging next
[Backport release-21.05] weechatScripts.wee-slack: 2.7.0 -> 2.8.0
[Backport release-21.05] tilt: 0.18.10 -> 0.20.5
[Backport release-21.05] morph: 1.5.0 -> 1.6.0
[Backport release-21.05] tailscale: 1.8.5 -> 1.8.6
[Backport release-21.05] fioctl: 0.16 -> 0.17
https://github.com/wee-slack/wee-slack/releases/tag/v2.8.0
(cherry picked from commit d7de7087fcc62b0c571825d5aa3d096c277c1d41)
[Backport release-21.05] radare2: add patch for CVE-2021-32613
Closes #124670
See also https://nvd.nist.gov/vuln/detail/CVE-2021-32613
(cherry picked from commit 16ce96934052e728445e57e5c9b1242dbfa836bd)
[Backport release-21.05] v2ray: 4.38.3 -> 4.39.2
[Backport release-21.05] libxlsxwriter: 1.0.5 -> 1.0.6
[Backport release-21.05] postgresqlPackages.pg_partman: 4.4.1 -> 4.5.1
addressing CVE-2021-33204
(cherry picked from commit 29b5264841b5c82a5bf81f335b306c3a10229849)
[Backport release-21.05] ungoogled-chromium: 90.0.4430.212 -> 91.0.4472.77
https://github.com/jmcnamara/libxlsxwriter/releases/tag/RELEASE_1.0.6
(cherry picked from commit 5d873fde2352061fa487e7c4b73c0d1f840c77c2)
(cherry picked from commit c6f22908106542da243ec48eaa1b1f8d89b66b75)
(cherry picked from commit 57f67a8ec02025cd4e562bbfb9f0f6924e755544)
[21.05] python3Packages.hdbscan: disable another flaky test
https://github.com/DBCDK/morph/releases/tag/v1.6.0
(cherry picked from commit 03465e588bf3ac86b30af3473b4f254305d9f61b)
(cherry picked from commit 005f0008a777d84885cca6a031988322d3100e1d)
(cherry picked from commit 6c638ee6b10e7b9f567601068a195f45740805fc)
[Backport release-21.05] neomutt: add patch for CVE-2021-32055
no upstream release yet
(cherry picked from commit edcde75b989c69d566b8da67db2fa7351ca3c191)
(cherry picked from commit 2aa7662279727652dd326d5e7fc2a9aa50a73eef)
[Backport release-21.05] betterdiscordctl: 1.7.1 -> 2.0.0
Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
(cherry picked from commit 660c4a822c1631016060ab3420ae467dabaa508e)
[Backport release-21.05] mblaze: fix mcom to use file utility.
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit 1e777e5ef02c89594bb1d2b772417df0ee176dcf)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit e9d4b68fdc43af8e85868ae589eda51ce088c3e8)
(cherry picked from commit 6dde14306092e81b58fc9b2b9082d138ab311cd8)
[Backport release-21.05] sageWithDoc: fix documentation symlinks
(cherry picked from commit cff04883e8c21fe614dad85a96b3da93909eb8c8)
Not needed after f42aa7e1 ('cc-wrapper: set FC when langFortran is on')
(cherry picked from commit b72b3c557170013601ceffd8c94a40764d34d302)
Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
[Backport release-21.05] schismtracker: fix darwin build
[Backport release-21.05] python3Packages.drf-jwt: 1.19.0 -> 1.19.1
https://github.com/Styria-Digital/django-rest-framework-jwt/blob/1.19.1/CHANGELOG.md
(cherry picked from commit ffa6f1573c1080e390bb6252f955b6cebbd20619)
(cherry picked from commit e649cfc1e955936ca8e4d9af3e9dadb088d9f404)
[Backport release-21.05] icinga2: 2.12.3 -> 2.12.4
[Backport release-21.05] ocamlPackages.tyxml: 4.4.0 → 4.5.0
[Backport release-21.05] halide: Fix build
(cherry picked from commit ba677b14dd937dc00723dc13dfa2f53c934db392)
(cherry picked from commit 2c7d2ce295296553451a7839513427f63377e92e)
[Backport release-21.05] b3sum: 0.3.7 -> 0.3.8
[Backport release-21.05] bjumblr: 1.4.2 -> 1.6.6
[Backport release-21.05] corerad: 0.3.0 -> 0.3.1
[Backport release-21.05] tellico: 3.4 -> 3.4.1
(cherry picked from commit 3fcd7a46dc4576f65c7bcd13ee12a71a456df904)
Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com>
(cherry picked from commit 964fc7cfef94bd598d816979a4ca1a42d9753d23)
iptables is currently defined in `all-packages.nix` to be
iptables-compat. That package does however not contain `ethertypes`.
Only `iptables-nftables-compat` contains this file so the symlink
dangles.
(cherry picked from commit 2eeecef3fc70e35b2f4c6d8424e4c726c140e330)
[Backport release-21.05] python3Packages.smhi-pkg: 1.0.14 -> 1.0.15
[Backport release-21.05] catgirl: 1.7 -> 1.8
[Backport release-21.05] Gxplugins-Lv2: 0.8 -> 0.9
Reusing the same private/public key on renewal has two issues:
- some providers don't accept to sign the same public key
again (Buypass Go SSL)
- keeping the same private key forever partly defeats the purpose of
renewing the certificate often
Therefore, let's remove this option. People wanting to keep the same
key can set extraLegoRenewFlags to `[ --reuse-key ]` to keep the
previous behavior. Alternatively, we could put this as an option whose
default value is true.
(cherry picked from commit 632c8e1d54e299f656aa677f25552e1127f12849)