Skip to content

staging-next-23.11 iteration 2 - 2024-01-06#279139

Merged
vcunat merged 267 commits intorelease-23.11from
staging-next-23.11
Jan 18, 2024
Merged

staging-next-23.11 iteration 2 - 2024-01-06#279139
vcunat merged 267 commits intorelease-23.11from
staging-next-23.11

Conversation

github-actions bot and others added 30 commits November 30, 2023 00:14
[Backport staging-23.11] python3Packages.numpy: fix cross compilation
[Backport staging-23.11] libgit2, http-parser: Fix Windows Build
Since 4056c43 a Make not Gyp build
system has been in use.

(cherry picked from commit fa58b67)
Co-Authored-By: John Ericson <[email protected]>
(cherry picked from commit 33f464b)
(cherry picked from commit a18b35a)
(cherry picked from commit 8aac6da)
(cherry picked from commit 9625705)
[Backport staging-23.11] http-parser: fix copying outputs for static build
[Backport staging-23.11] python311Packages.werkzeug: 2.3.7 -> 2.3.8
I was using a 23.11 package on a NixOS 23.05 system and this caused the
python that was used in gunicorn to differ from the python the postgres
lib was linked against.

(cherry picked from commit 018175e)
Fixes CVE-2023-43887 and other security issues.

(cherry picked from commit 87ebba1)
This is a similar issue to #234868,
but it crashes instead of failing to link. The same fix applies (using
`-S` instead of `-x` with `llvm-strip`).

(cherry picked from commit 0f0b89f)
[23.11] libde265: 1.0.12 -> 1.0.14
[Backport staging-23.11] gtk4: 4.12.3 → 4.12.4
@github-actions github-actions bot added 6.topic: stdenv Standard environment 6.topic: module system About "NixOS" module system internals 6.topic: lib The Nixpkgs function library labels Jan 6, 2024
@ofborg ofborg bot added 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. 8.has: clean-up This PR removes packages or removes other cruft 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jan 6, 2024
github-actions bot and others added 15 commits January 7, 2024 00:16
Changes:
```
* Noteworthy changes in release 2.4 (2022-10-25) [stable]

** ifconfig

*** Support specifying prefix netmask lengths in -A.
Patch by Samuel Thibault <[email protected]>.

** Hurd: tell pfinet translator interfaces to configure
Patch by Samuel Thibault <[email protected]>.

** ftp

*** Avoid crash caused by signed integer overflow resulting in
out-of-bounds buffer access.  Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00003.html>.

*** Avoid crash caused by heap buffer overflow.  Reported by ZFeiXQ in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html>.

*** Avoid crash caused by NULL pointer dereference.  Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html>.

*** Avoid crash caused by infinite macro recursion.  Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html>.

** telnetd

*** Avoid crash on 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).  CVE-2022-39028
https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html

** telnet

*** Fix a buffer overflow problem.  CVE-2019-0053
https://cgit.freebsd.org/src/commit/?id=14aab889f4e50072a6b914eb95ebbfa939539dad

** tftp

*** Avoid crashing when given unexpected or invalid commands from tty.
Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html>.

** Various bugs fixes, internal improvements and clean ups.
Update of gnulib and build fixes for C23.

```

(cherry picked from commit 448dd9f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: emacs Text editor 6.topic: golang Go is a high-level general purpose programming language that is statically typed and compiled. 6.topic: lib The Nixpkgs function library 6.topic: module system About "NixOS" module system internals 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: python Python is a high-level, general-purpose programming language. 6.topic: qt/kde Object-oriented framework for GUI creation 6.topic: stdenv Standard environment 6.topic: vim Advanced text editor 8.has: clean-up This PR removes packages or removes other cruft 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Development

Successfully merging this pull request may close these issues.