Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

staging-next-24.11 iteration 3 - 2025-01-20 #375351

Open
wants to merge 60 commits into
base: release-24.11
Choose a base branch
from
Open

staging-next-24.11 iteration 3 - 2025-01-20 #375351

wants to merge 60 commits into from
+1,710 −1,020

Conversation

vcunat
Copy link
Member

@vcunat vcunat commented Jan 20, 2025

trofi and others added 30 commits December 29, 2024 15:40
@trofi @dyfrgi
hwdata: 0.388 -> 0.389
c9ac79b 
Changes: vcrhonek/hwdata@v0.388...v0.389
@trofi @dyfrgi
hwdata: 0.389 -> 0.390
3e46711 
Changes: vcrhonek/hwdata@v0.389...v0.390
@github-actions
Merge staging-next-24.11 into staging-24.11
847659d
@github-actions
Merge staging-next-24.11 into staging-24.11
1067713
@wolfgangwalther
[24.11] hwdata: 0.388 -> 0.390 (#369230)
1c1a467
@github-actions
Merge staging-next-24.11 into staging-24.11
a573370
@github-actions
Merge staging-next-24.11 into staging-24.11
92e065c
@github-actions
Merge staging-next-24.11 into staging-24.11
f261d9c
@mweinelt
Merge remote-tracking branch 'origin/staging-next-24.11' into staging…
0ab8b9c 
…-24.11
@mweinelt
Reapply "[Backport release-24.11] atf: 0.21-unstable-2021-09-01 -> 0.22"
956dd6c 
This reverts commit 88cfc31.
@github-actions
Merge staging-next-24.11 into staging-24.11
a34bcd7
@wineee @github-actions
qt6.qtwayland: backport fix for qtwayland compositor
ec6d330 
(cherry picked from commit 98cca0e)
@github-actions
Merge staging-next-24.11 into staging-24.11
a8641a3
@github-actions
Merge staging-next-24.11 into staging-24.11
e15bbb0
@TomaSajt @JohnRTitor
rustPlatform.fetchCargoVendor: support lockfile v4 escaping
5fdc683 
(cherry picked from commit 1db27e9)
@TomaSajt @JohnRTitor
rustPlatform.importCargoLock: support lockfile v4 escaping
79442c0 
(cherry picked from commit 0bfdb03)
@github-actions
Merge release-24.11 into staging-next-24.11
def507b
@github-actions
Merge staging-next-24.11 into staging-24.11
eb82a2f
@github-actions
Merge release-24.11 into staging-next-24.11
50c0ebf
@github-actions
Merge staging-next-24.11 into staging-24.11
b43949a
@github-actions
Merge release-24.11 into staging-next-24.11
c245834
@github-actions
Merge staging-next-24.11 into staging-24.11
4924726
@github-actions
Merge release-24.11 into staging-next-24.11
a139fd9
@github-actions
Merge staging-next-24.11 into staging-24.11
96db105
@katexochen
buildGoModule: fix GO_NO_VENDOR_CHECKS for v1.23+
414218b 
There was an additional check added for vendor/modules.txt
when loading packages, see
golang/go@38ee0c7#diff-61fb6e44eac25bd4d6a8a64b3f38ee8a41faaefd1ef481170a011ecfc0f7c76bR344
The new version of the patch tries to also disable these checks.

Signed-off-by: Paul Meyer <[email protected]>
(cherry picked from commit 75dfe81)
@github-actions
Merge release-24.11 into staging-next-24.11
3f3e3eb
@github-actions
Merge staging-next-24.11 into staging-24.11
70fe63f
@katexochen
[backport staging-24.11] buildGoModule: fix GO_NO_VENDOR_CHECKS for v…
0f7b83c 
…1.23+ (#373194)
@jtojnar
sysprof: 47.0 → 47.2
5efb657 
https://gitlab.gnome.org/GNOME/sysprof/-/compare/47.0...47.2
(cherry picked from commit 51853c0)
@jtojnar
gtk4: 4.16.3 → 4.16.7
63e6f2f 
https://gitlab.gnome.org/GNOME/gtk/-/compare/4.16.3...4.16.7
(cherry picked from commit 8efc701)
mweinelt and others added 11 commits January 18, 2025 23:55
@mweinelt
[Backport staging-24.11] python313Packages.django_4: 4.2.17 -> 4.2.18 (
a71464a 
…#374067)

python313Packages.django_4: 4.2.17 -> 4.2.18

https://docs.djangoproject.com/en/4.2/releases/4.2.18/
https://www.djangoproject.com/weblog/2025/jan/14/security-releases/

Fixes: CVE-2024-56374
(cherry picked from commit d8c10f0)

Co-authored-by: Martin Weinelt <[email protected]>
@nixpkgs-ci
Merge release-24.11 into staging-next-24.11
b85dd4b
@nixpkgs-ci
Merge staging-next-24.11 into staging-24.11
4a4919d
@LeSuisse @github-actions
redis: 7.2.6 -> 7.2.7
7b0d7bd 
Fixes CVE-2024-46981 and CVE-2024-51741.

https://github.com/redis/redis/releases/tag/7.2.7
(cherry picked from commit 63c7793)
@nixpkgs-ci
Merge release-24.11 into staging-next-24.11
f2b7f6b
@nixpkgs-ci
Merge staging-next-24.11 into staging-24.11
9d02e8d
@nixpkgs-ci
Merge release-24.11 into staging-next-24.11
689420d
@nixpkgs-ci
Merge staging-next-24.11 into staging-24.11
8f3fe7e
@LeSuisse @vcunat
openjpeg: apply patches for CVE-2024-56826
747171b 
Preferred to apply patches instead of bumping to 2.5.3
until the upgrade can be dealt with, see #370072
for the last attempt.

(cherry picked from commit b851789)
Backport of PR #373709
@vcunat
redis: 7.2.6 -> 7.2.7 (#375028)
282d773
@vcunat
Merge branch 'staging-24.11' into staging-next-24.11
fd2e35d
@vcunat vcunat added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Jan 20, 2025
@vcunat vcunat mentioned this pull request Jan 20, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalbasit kalbasit Awaiting requested review from kalbasit

@winterqt winterqt Awaiting requested review from winterqt

@Mic92 Mic92 Awaiting requested review from Mic92

@katexochen katexochen Awaiting requested review from katexochen

@figsoda figsoda Awaiting requested review from figsoda

@zowoq zowoq Awaiting requested review from zowoq

@ttuegel ttuegel Awaiting requested review from ttuegel

@K900 K900 Awaiting requested review from K900

@SuperSandro2000 SuperSandro2000 Awaiting requested review from SuperSandro2000

@NickCao NickCao Awaiting requested review from NickCao

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: golang 6.topic: python 6.topic: rust 10.rebuild-darwin: 5001+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.