New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport teams workaround fix for 20.09 #105225
Conversation
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html This update includes 2 security fixes. Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild. CVEs: CVE-2020-16013 CVE-2020-16017 (cherry picked from commit b91153f) Backport of NixOS#103595.
[20.09] chromium, llvm_11: Backport additional patches
(cherry picked from commit 4117c0b)
(cherry picked from commit 9e8f4ff)
Fixes two heap overflows in the raptor2 rdf parsing library. https://www.openwall.com/lists/oss-security/2017/06/07/1 (cherry picked from commit 22140b2)
Release notes: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201110 Security advisories: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html Fixes: CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (cherry picked from commit a79902f)
Update to Pentium Silver N/J5xxx, Celeron N/J4xxx https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html Fixes: CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (cherry picked from commit eaf889a)
…abashka_clj-kondo [20.09] backport of graalvm{8,11}-ce, babashka clj kondo
kubernetes: 1.19.3 -> 1.19.4
[20.09] microcodeIntel: 20200616 -> 20201112
(cherry picked from commit d34dafc)
(cherry picked from commit 0e6477d)
(cherry picked from commit 234f8fb)
(cherry picked from commit 0d4b52a)
(cherry picked from commit 3303b8a)
(cherry picked from commit c29e980)
(cherry picked from commit ffb7a61)
(cherry picked from commit d8d1dc1)
(cherry picked from commit 55fc82d)
(cherry picked from commit bca0c78)
(cherry picked from commit aa9a29c)
(cherry picked from commit 4f282b1)
(cherry picked from commit 6084c2e)
(cherry picked from commit ffb658f)
(cherry picked from commit d1febbe)
(cherry picked from commit 1692a8a)
(cherry picked from commit a259136)
Libreoffice-qt is not wrapped, thus does not launch. Notice that wrapQtQAppsHook is used manually since all executables are shell scripts which are not wrapped automatically. (cherry picked from commit ea12d88)
f8c3b2a
to
e09ae4c
Compare
e09ae4c
to
e6c277f
Compare
Pushed 5d382be. |
@FredeEB how should I send backport request? |
@otavio I am not sure what you mean, i haven't had anything to do with nixpkgs in a long time as far as i remember |
When backporting changes, please follow https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#backporting-changes. Namely, you should be doing |
Motivation for this change
This is a backport of a fix from unstable which I've been using for some days.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)