tjh.dev
commits
(cherry picked from commit 782505f3aa54b9cef55eca7b16dc44f3400a1669)
(cherry picked from commit fca8041221aadd5d10d512c0bc0e2d974f7845d1)
(cherry picked from commit e114e22e45e9a8c9c6720675aa1108d4f5186cae)
(cherry picked from commit 42768554f88cb0e50d16fdc0f72d8cd0e6abf416)
https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5
Fixes: CVE-2025-61911, CVE-2025-61912
(cherry picked from commit 8619190cc709019cfcd9d56e341d626e17768bbe)
(cherry picked from commit 9f4f753fec3ac31cc019f67a234f349a47b6db85)
(cherry picked from commit 06d40e889f6b16d014965d3c803f846975df99ac)
Fixes CVE-2025-58246 and CVE-2025-58674.
https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
(cherry picked from commit cfdb6c1284f95e29bda18b985ca4b2131dc53a67)
We were relying on `composerNoScripts = false` to make sure post-install
command `assets:install` is run. `assets:install` copies assets from
`vendor/` directory into `public/` directory, placing it in appropriate
places.
However, with commit 80bb9aec24 ("kimai: switch to buildComposerProject2
and tag"), we switched to `buildComposerProject2` which has moved
`composer install` step to `composerVendor` derivation. By design,
`composerVendor` ignores anything that happens outside `vendor/`, so
the assets was not copied into final derivation.
So stop relying on `composerNoScripts = false` and run `assets:install`
ourselves in `postInstall` step. A side effect of this is that there is
another post-install step being skipped (`cache:clear`). However we
simply handle caches outside of the derivation (it's handled in the
module), so that's not a problem.
Fixes: https://github.com/NixOS/nixpkgs/issues/442208
(cherry picked from commit 1422ed88014e9a43d262fa5c3ff5a925d135c030)
(cherry picked from commit b0df84143c66d36e9d6dc917b195db7ff10c107d)
(cherry picked from commit 597c2c6fa5646d18b4ce4f7e0ffa7a6f75141e82)
(cherry picked from commit 5e1770aef6e8ab1d1c2a499d2a7579d66b096c99)
(cherry picked from commit 4163a8e661cf48528bec5351a2fa8796eb22199f)
(cherry picked from commit 95bf4c036d558cbfc957e447fb01c88f9a49d778)
Release notes: https://github.com/keycloak/keycloak/releases/tag/26.3.3
Full changelog: https://github.com/keycloak/keycloak/compare/26.3.2...26.3.3
(cherry picked from commit e61a31f1bbc8177c194d3cdfda17c3a93af4489c)
(cherry picked from commit 70ed84324e3b1e5e1eca06034c99c8b432f32b8b)
Release notes:
- https://github.com/keycloak/keycloak/releases/tag/26.3.0
- https://github.com/keycloak/keycloak/releases/tag/26.3.1
Full list of changes: https://github.com/keycloak/keycloak/compare/26.2.5...26.3.1
(cherry picked from commit c3d25e49019df195eeb3fc6a62c6fe0b9dfbf4bd)
(cherry picked from commit 5d16ecbf0e9d587f51862826c981f90b9baf5e64)
(cherry picked from commit 88c5e8e63d334a703b8867179088c9be8d8baa32)
(cherry picked from commit 24212ab73ea725eae604cdec8f10bede24cb5ccd)
(cherry picked from commit ece099c7216a3d6b77296c81e61f25573df7c069)
(cherry picked from commit d4db692989c7c638d33ef79a94ab68513c30887f)
(cherry picked from commit 8085a5ad4b789be9839c7e85a488906015102418)
(cherry picked from commit cd90ef358f5110d305e441973c9cb7a7f6db5511)
https://github.com/simplex-chat/simplex-chat/releases/tag/v6.3.7
Signed-off-by: misilelab <misileminecord@gmail.com>
(cherry picked from commit 43c979cf2af43c1df8a1fb2cfe614d3c7b2fa369)
(cherry picked from commit d66efbca0acf014295439558f901fad3c33e37b2)
https://github.com/simplex-chat/simplex-chat/releases/tag/v6.3.5
Signed-off-by: misilelab <misileminecord@gmail.com>
(cherry picked from commit 521035633b94b7120f12fef8f571ab35d2d71eb0)
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_9.html
This update resolves a privacy concern around passing urls to AI Mode, though
unlikely to have affected ungoogled-chromium.
See https://chromium-review.googlesource.com/c/chromium/src/+/7023081
(cherry picked from commit af72a1f177ba1e7cb42bb1cc7454e0bfa477d98c)
(cherry picked from commit 370dd52af4e9a0c6a8fcdc6ce8081e0e14f5da5f)
https://github.com/simplex-chat/simplex-chat/releases/tag/v6.3.4
Signed-off-by: misilelab <misileminecord@gmail.com>
(cherry picked from commit a11eec51b56c3318abff15ef8d557e8127014b6b)
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_9.html
This update resolves a privacy concern around passing urls to AI Mode.
See https://chromium-review.googlesource.com/c/chromium/src/+/7023081
(cherry picked from commit 2ff9177fd5a2216bd25daac988fef9e61939ba79)
https://nvidia.custhelp.com/app/answers/detail/a_id/5703/~/security-bulletin%3A-nvidia-gpu-display-drivers---october-2025
Addresses CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Release notes: https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.127.0
Full changelog: https://github.com/VictoriaMetrics/VictoriaMetrics/compare/v1.126.0...v1.127.0
(cherry picked from commit 37ca1da7600b7634ea7d715244bcda18340c0ecf)
Release notes: https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.126.0
Full changelog: https://github.com/VictoriaMetrics/VictoriaMetrics/compare/v1.125.1...v1.126.0
(cherry picked from commit c8a31e68b3b7ca9aac72cde2aceaaec64fc5f056)
(cherry picked from commit 9a38b160a050bca52d0a2c5a717116c1e60ade6f)
Release notes: https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.125.0
Full changelog: https://github.com/VictoriaMetrics/VictoriaMetrics/compare/v1.124.0...v1.125.0
(cherry picked from commit 07500b883b4f829e617dbffeb590e41906b32a69)
Release notes: https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.124.0
Full changelog: https://github.com/VictoriaMetrics/VictoriaMetrics/compare/v1.123.0...v1.124.0
(cherry picked from commit 30db5ac53228dace25ce1a55ca179dc608eabbac)
(cherry picked from commit 2e547a5f13af40ac74ff4b66808402c9ff472ee3)
Release notes: https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.0
Full changelog: https://github.com/VictoriaMetrics/VictoriaMetrics/compare/v1.121.0...v1.122.0
(cherry picked from commit ecf78c8165d1cc5c860e9b9d2b85eba98f6775ae)
We were relying on `composerNoScripts = false` to make sure post-install
command `assets:install` is run. `assets:install` copies assets from
`vendor/` directory into `public/` directory, placing it in appropriate
places.
However, with commit 80bb9aec24 ("kimai: switch to buildComposerProject2
and tag"), we switched to `buildComposerProject2` which has moved
`composer install` step to `composerVendor` derivation. By design,
`composerVendor` ignores anything that happens outside `vendor/`, so
the assets was not copied into final derivation.
So stop relying on `composerNoScripts = false` and run `assets:install`
ourselves in `postInstall` step. A side effect of this is that there is
another post-install step being skipped (`cache:clear`). However we
simply handle caches outside of the derivation (it's handled in the
module), so that's not a problem.
Fixes: https://github.com/NixOS/nixpkgs/issues/442208
(cherry picked from commit 1422ed88014e9a43d262fa5c3ff5a925d135c030)
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_9.html
This update resolves a privacy concern around passing urls to AI Mode, though
unlikely to have affected ungoogled-chromium.
See https://chromium-review.googlesource.com/c/chromium/src/+/7023081
(cherry picked from commit af72a1f177ba1e7cb42bb1cc7454e0bfa477d98c)