tjh.dev
commits
[22.11] mutagen: 0.16.0 -> 0.16.6, mutagen-compose: 0.16.2 -> 0.16.5 & add patch for CVE-2023-30844
[22.11] Linux kernel updates 2023-06-28
[Backport release-22.11] brave: 1.52.126 -> 1.52.129
[Backport release-22.11] chromium: 114.0.5735.133 -> 114.0.5735.198
(cherry picked from commit 0b4e493e58bf92b9784f5c0d562489364d0733e7)
Closes #240017
(cherry picked from commit f193e0b8207e36fb3c6cc647fd441c11c6d22b98)
(cherry picked from commit 325188d713c6a45049e472a9f860ce76f6878358)
(cherry picked from commit 469e88115c85de122a921281bae77734766d1337)
(cherry picked from commit 8af3229fca60ba300aae88c8e195523a05f0827a)
(cherry picked from commit 8346a0e03c962a52625b9c89ecd673464877cfb7)
(cherry picked from commit 15cf6dd4e39e83887f452dcc9f5ff14a90aa4db0)
(cherry picked from commit ead6ae067d94f0994dcaa7853d95aab1128f36f1)
(cherry picked from commit bd33b62b991bb9517c049f2d2ae8d14020033f70)
(cherry picked from commit c94a1a1f2708c9c5d289d64664e70e3b4903ae8b)
(cherry picked from commit 5c5284f1a247b9c60434635268a94dab022d3c79)
(cherry picked from commit 540219fde7a27f67988de9b1d7ff08301b0cf73b)
(cherry picked from commit 624ea64be10ab8bc7ca81612b7cd4be5192e6130)
(cherry picked from commit 52f402477b6964b113ac30bd121aaadb7f1a321c)
(cherry picked from commit 2e27cec09322fc5e79c514adc2a32c22d4913e3b)
(cherry picked from commit 9abe1bb6824bf6d70f03ed91d8e6003c52f6457b)
[Backport release-22.11] imagemagick: 7.1.1-11 -> 7.1.1-12
Diff: https://github.com/ImageMagick/ImageMagick/compare/7.1.1-11...7.1.1-12
(cherry picked from commit e0334495f78fd862cbb6985b25b41dd197bb462c)
https://gitlab.com/gitlab-org/gitlab/-/blob/v15.11.10-ee/CHANGELOG.md
[Backport release-22.11] python3Packages.scikit-optimize: mark broken
This library has not been updated since Oct 12, 2021 and has not kept up with numpy updates.
(cherry picked from commit 172f721a57b5235b828d1f4cfee546ce3ecc7627)
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
This update includes 4 security fixes.
CVEs:
CVE-2023-3420 CVE-2023-3421 CVE-2023-3422
(cherry picked from commit dd96e7a2d7d438938011f38788c649278eaed2c3)
https://community.brave.com/t/release-channel-1-52-129/494007/1
(cherry picked from commit c1ecfffb818e213c8008db82c27ee079ceebd0c5)
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
This update includes 4 security fixes.
CVEs:
CVE-2023-3420 CVE-2023-3421 CVE-2023-3422
(cherry picked from commit 251bcbf1a2763c835d3bd1b94aa20cb38b39ad9e)
This is a dependency of the [next version](https://github.com/rnpgp/rnp/releases/tag/v0.17.0)
of [rnp](https://github.com/NixOS/nixpkgs/blob/a04b45f10eddb02352574d95c7d0a76bfbfc11dc/pkgs/tools/security/rnp/default.nix#L17).
(cherry picked from commit d8c6a48180ef9ad587149eac65e554cf773b302b)
Co-authored-by: Jeffrey Lau <jeffrey.lau@ribose.com>
(cherry picked from commit 06707cf89660ce60e45344d353c552fff1a0e709)
[Backport release-22.11] linux_xanmod, linux_xanmod_latest: 2023-06-25
[22.11] vault, vault-bin: 1.12.5 -> 1.12.7
(cherry picked from commit 986c78a3819e020c139ca4e11bfd29ecd61a7318)
(cherry picked from commit 3364233f46fd5b87b6a9bbf1fdb45d902a93c6ac)
[Backport release-22.11] knot-dns: 3.2.7 -> 3.2.8
https://gitlab.nic.cz/knot/knot-dns/-/releases/v3.2.8
(cherry picked from commit 8870371562828a4f18bdda5b559fcdbeeede6a3e)
[Backport release-22.11] tor-browser-bundle-bin: 12.0.7 -> 12.5
Fixes CVE-2023-2121
Advisory: https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814
Changelog:
https://github.com/hashicorp/vault/blob/v1.12.7/CHANGELOG.md
Fixes CVE-2023-2121
Advisory: https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814
Changelog:
https://github.com/hashicorp/vault/blob/v1.12.7/CHANGELOG.md
[Backport release-22.11] nextcloud: 25.0.7 -> 25.0.8, 26.0.2 -> 26.0.3
(cherry picked from commit 7d7547e38ab38269800ef188c7033b31d07ddcd9)
ChangeLog: https://nextcloud.com/changelog/#26-0-3
ChangeLog: https://nextcloud.com/changelog/#25-0-8
(cherry picked from commit 0b39fed16340bf85686542326efceb77e023af3f)
By default, LIBRARIES includes both $(LIB_SH) (the shared library),
and $(LIB_ST) (the static library).
(cherry picked from commit d6660fa81bb6c14c2b6565ccada1b459ae25d9df)
[Backport release-22.11] Linux kernel updates 2023-06-21
ChangeLog: https://github.com/grafana/grafana/releases/tag/v9.4.13
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/?pg=graf&plcmt=top-promo-banner
[Backport release-22.11] knot-resolver: respect doInstallCheck even in wrapper
The main point is to avoid it when cross-compiling.
(cherry picked from commit 962e2323a2d9e0d61b9c26e0a1fbef26028ebe1a)
(cherry picked from commit 786896e22900d7b5c4904997365333e83865defc)
(cherry picked from commit 5fcaa94255cc52c0039a16253ab5663301c5ee25)
(cherry picked from commit 1b038dbb7a74ec550b91233ed22f7df2a8400a98)
(cherry picked from commit a90ca2ad2b521f759ba8d7a5af79ad1395639071)
(cherry picked from commit bf2aa164604966cc2c22bf607c5e224dfb2dda7a)
(cherry picked from commit 00b1db98acc7238f37b6bb4889ecca20853fd001)
(cherry picked from commit 9b063660201564e0e27f5b6bcfc1e038eabfc8af)
(cherry picked from commit 0557763fc6faa87b00469cab51a8667f9d5016be)
[22.11] mutagen: 0.16.0 -> 0.16.6, mutagen-compose: 0.16.2 -> 0.16.5 & add patch for CVE-2023-30844
This is a dependency of the [next version](https://github.com/rnpgp/rnp/releases/tag/v0.17.0)
of [rnp](https://github.com/NixOS/nixpkgs/blob/a04b45f10eddb02352574d95c7d0a76bfbfc11dc/pkgs/tools/security/rnp/default.nix#L17).
(cherry picked from commit d8c6a48180ef9ad587149eac65e554cf773b302b)
Co-authored-by: Jeffrey Lau <jeffrey.lau@ribose.com>