tjh.dev
commits
remove tests/TreeGatewayTest.py because it does not return.
apparently
def wait(self):
"""wait for task/thread termination"""
# can be blocked indefinitely if StreamWorker doesn't complete
self.task.join()
does apply in nix sandbox
fixes #315146
(cherry picked from commit c217dc9717e9250e5cd05139e2dee3c8fa150e49)
Fixes a critical security bug allowing remote code execution as root:
<https://www.openssh.com/txt/release-9.8>
This may be CVE-2024-6387 (currently embargoed):
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387>
Thanks to upstream and Sam James <sam@gentoo.org> for the backport:
<https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338>
Please don’t use these packages on the open internet if you care
a lot about security.
(cherry picked from commit e21559153b81b0de896f735893796bb9042a54d4)
[23.11] openssh: add backported security fix patches
Fixes a critical security bug allowing remote code execution as root:
<https://www.openssh.com/txt/release-9.8>
This may be CVE-2024-6387 (currently embargoed):
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387>
Thanks to upstream and Sam James <sam@gentoo.org> for the backport:
<https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338>
[Backport release-23.11] mysql80: 8.0.36 -> 8.0.37
[Backport release-23.11] apptainer: 1.2.5 -> 1.3.2
[23.11] freeipa: 4.11.1 -> 4.11.2
[23.11] grafana: 10.2.7 -> 10.2.8
Changes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-37.html
Fixes:
* CVE-2024-21047
* CVE-2024-21069
* CVE-2024-21060
* CVE-2024-21087
* CVE-2024-20998
* CVE-2024-21009
* CVE-2024-21054
* CVE-2024-21062
* CVE-2024-21102
* CVE-2024-21096
* CVE-2024-21008
* CVE-2024-21013
* CVE-2024-21000
https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixMSQL
(cherry picked from commit 9b648599eaff67fd4d7045e22fa85f7656777eff)
[Backport release-23.11] netbird: 0.27.10 -> 0.28.3
(cherry picked from commit 7dfa379b930f604e6c5da312124f6ec12e3a943c)
ChangeLog: https://github.com/grafana/grafana/releases/tag/v10.2.8
[23.11] nixos/limesurvey: drop default encryption key and nonce
(cherry picked from commit daa81ecb2e752df8fb88d6b6ce9dd4f37a172ef7)
[Backport release-23.11] Discord updates
discord: 0.0.56 -> 0.0.58
discord-ptb: 0.0.90 -> 0.0.92
discord-canary: 0.0.431 -> 0.0.438
discord-development: 0.0.19 -> 0.0.21
pkgsCross.aarch64-darwin.discord: 0.0.307 -> 0.0.309
pkgsCross.aarch64-darwin.discord-ptb: 0.0.119 -> 0.0.121
pkgsCross.aarch64-darwin.discord-canary: 0.0.531 -> 0.0.547
pkgsCross.aarch64-darwin.discord-development: 0.0.41 -> 0.0.43
(cherry picked from commit 76551701c130bd08fb6722cdd9b95d75bd021634)
[Backport release-23.11] discord-canary: 0.0.422 -> 0.0.431
(cherry picked from commit b8877d07e8a2068b2f8718550b39ba2cc41eef1c)
(cherry picked from commit 27fdb4ca2cacfddff59147701295168193e1b862)
nixVersions: bump patch releases
(cherry picked from commit 144ac0d7fc16609847d957d53a715d393caaeef2)
[Backport release-23.11] knot-dns: 3.3.6 -> 3.3.7
https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.5-ee/CHANGELOG.md
Fixes CVE-2024-1493
Fixes CVE-2024-1816
Fixes CVE-2024-2177
Fixes CVE-2024-2191
Fixes CVE-2024-3115
Fixes CVE-2024-3959
Fixes CVE-2024-4011
Fixes CVE-2024-4025
Fixes CVE-2024-4557
Fixes CVE-2024-4901
Fixes CVE-2024-4994
Fixes CVE-2024-5430
Fixes CVE-2024-5655
Fixes CVE-2024-6323
(cherry picked from commit aff7eed4e7a1eddce866312da4f131b4b8af4066)
nixVersions.nix_2_18: 2.18.1 -> 2.18.3
[Backport release-23.11] Kernel updates for 2024-06-27
(cherry picked from commit f6c43dab739c8bcce80577c80cefeaea031c7a4f)
(cherry picked from commit 660b0f4554497f7fc79b3a25a694327cd8800a8b)
(cherry picked from commit afcbbf9e95f9b91f77a6dd5eb999e68bdea4f089)
(cherry picked from commit 5f53abdb3f1f043371786891d0d54c1577cce07f)
(cherry picked from commit acca00bf2c0eccf9a7153cf9140eb972a3bc9054)
(cherry picked from commit 07f6b665d1be6192f776fd878fce758544a77976)
[Backport release-23.11] Linux kernels 2024-06-18
(cherry picked from commit a36965d8f041679216a0b188c7418e3e78797c74)
(cherry picked from commit cf524d2185bdbb71fa99730092455ff7423caaa8)
[Backport release-23.11] linux_testing: 6.10-rc2 -> 6.10-rc3
(cherry picked from commit c0079b0d8a3362e175515253a4aae05a9a66f9b2)
[Backport release-23.11] linux_testing: 6.10-rc1 -> 6.10-rc2
(cherry picked from commit 3655cb233f8982001c8bf0f78960a60321e7636b)
[23.11] nextcloud: 27.1.10 -> 27.1.11, 28.0.6 -> 28.0.7, 29.0.2 -> 29.0.3
[Backport release-23.11] ungoogled-chromium: 126.0.6478.114-1 -> 126.0.6478.126-1
https://gitlab.nic.cz/knot/knot-dns/-/releases/v3.3.7
(cherry picked from commit 1622a46318041a0cce995a1eea6976396af0556c)
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html
This update includes 5 security fixes.
CVEs:
CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293
(cherry picked from commit f424ca5c4fa297ba784f41ec8bd3ba63c3e61076)
[Backport release-23.11] chromedriver: 126.0.6478.61 -> 126.0.6478.126, chromium: 126.0.6478.61 -> 126.0.6478.126
[Backport release-23.11] Firefox: 127.0.1 -> 127.0.2
https://www.mozilla.org/en-US/firefox/127.0.2/releasenotes/
(cherry picked from commit 8934e6d34f6f748155d0616980439fc71a4acf70)
https://www.mozilla.org/en-US/firefox/127.0.2/releasenotes/
(cherry picked from commit 783f56274fca369c1455393d58690f9d2f106628)
The hkp protocol keeps erroring out with "server indicated failure".
(cherry picked from commit 29224f6778817f6dd9cb03fd04f02e37bbd8dbe1)
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html
This update includes 5 security fixes.
CVEs:
CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293
(cherry picked from commit 010fac78763b8b92bad3e298767b24421f694e0c)
(cherry picked from commit 46ca3de28a91ea4a74f9a62af55f7bff49443c07)
[Backport release-23.11] ungoogled-chromium: 126.0.6478.61-1 -> 126.0.6478.114-1
(cherry picked from commit 2fc78cf1461382cee8dc3f16d73ce56d5752a8c6)
ChangeLog: https://github.com/nextcloud/server/releases/tag/v27.1.11
Will be EOL by the end of the month, hence marking it as such.
(cherry picked from commit 01fb487f76773614254381d8bc0576c8051b4044)
(cherry picked from commit 70d8f4cf1e9fc6eded6eeffd2ad9796ae7c657f4)
(cherry picked from commit 04b0d035f8ec778e7d9b9e663d80255958c91239)
ChangeLog: https://github.com/nextcloud/server/releases/tag/v29.0.3
(cherry picked from commit 9b1cfa27a00a9d200facc2dd2e791c14366664f9)
ChangeLog: https://github.com/nextcloud/server/releases/tag/v28.0.7
(cherry picked from commit 8feb916c8d417eed04d4a9e21bca9c23d2c5dc2d)
[23.11] python3Packages.amaranth-soc: fix fetchFromGitHub hash stability
[Backport release-23.11] palemoon-bin: 33.1.1 -> 33.2.0
Fixes CVE-2024-2698 and CVE-2024-3183.
Changes:
https://www.freeipa.org/release-notes/4-11-2.html
(cherry picked from commit bd2722f46d467a268ee7090ea0180dabcc8047c1)
remove tests/TreeGatewayTest.py because it does not return.
apparently
def wait(self):
"""wait for task/thread termination"""
# can be blocked indefinitely if StreamWorker doesn't complete
self.task.join()
does apply in nix sandbox
fixes #315146
(cherry picked from commit c217dc9717e9250e5cd05139e2dee3c8fa150e49)
Fixes a critical security bug allowing remote code execution as root:
<https://www.openssh.com/txt/release-9.8>
This may be CVE-2024-6387 (currently embargoed):
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387>
Thanks to upstream and Sam James <sam@gentoo.org> for the backport:
<https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338>
Please don’t use these packages on the open internet if you care
a lot about security.
(cherry picked from commit e21559153b81b0de896f735893796bb9042a54d4)
Fixes a critical security bug allowing remote code execution as root:
<https://www.openssh.com/txt/release-9.8>
This may be CVE-2024-6387 (currently embargoed):
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387>
Thanks to upstream and Sam James <sam@gentoo.org> for the backport:
<https://github.com/gentoo/gentoo/commit/1633ef45475afb9eea04e9cf27021c9d994af338>
Changes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-37.html
Fixes:
* CVE-2024-21047
* CVE-2024-21069
* CVE-2024-21060
* CVE-2024-21087
* CVE-2024-20998
* CVE-2024-21009
* CVE-2024-21054
* CVE-2024-21062
* CVE-2024-21102
* CVE-2024-21096
* CVE-2024-21008
* CVE-2024-21013
* CVE-2024-21000
https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixMSQL
(cherry picked from commit 9b648599eaff67fd4d7045e22fa85f7656777eff)
discord: 0.0.56 -> 0.0.58
discord-ptb: 0.0.90 -> 0.0.92
discord-canary: 0.0.431 -> 0.0.438
discord-development: 0.0.19 -> 0.0.21
pkgsCross.aarch64-darwin.discord: 0.0.307 -> 0.0.309
pkgsCross.aarch64-darwin.discord-ptb: 0.0.119 -> 0.0.121
pkgsCross.aarch64-darwin.discord-canary: 0.0.531 -> 0.0.547
pkgsCross.aarch64-darwin.discord-development: 0.0.41 -> 0.0.43
(cherry picked from commit 76551701c130bd08fb6722cdd9b95d75bd021634)
https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.5-ee/CHANGELOG.md
Fixes CVE-2024-1493
Fixes CVE-2024-1816
Fixes CVE-2024-2177
Fixes CVE-2024-2191
Fixes CVE-2024-3115
Fixes CVE-2024-3959
Fixes CVE-2024-4011
Fixes CVE-2024-4025
Fixes CVE-2024-4557
Fixes CVE-2024-4901
Fixes CVE-2024-4994
Fixes CVE-2024-5430
Fixes CVE-2024-5655
Fixes CVE-2024-6323
(cherry picked from commit aff7eed4e7a1eddce866312da4f131b4b8af4066)