Release 17.09 #31585
Closed
Release 17.09 #31585
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tialization required anymore) (cherry picked from commit 61089dd)
See http://lists.gnu.org/archive/html/info-gnu/2017-10/msg00006.html for release information (cherry picked from commit 131b7c2)
…s-upgrade ghcjsHEAD: bump ghcjs shims
(cherry picked from commit e2e5979)
(cherry picked from commit 6af0de6)
(cherry picked from commit bb49391)
(cherry picked from commit 1f2d1ac)
(cherry picked from commit 4b756e4)
(cherry picked from commit 9bd9305) Security update: https://curl.haxx.se/docs/adv_20171023.html
(cherry picked from commit b752a9e)
Added the Italian language to the list of supported languages for Nix. (cherry picked from commit 3ee70f6)
(cherry picked from commit 5072f47)
Fixes CVE-2017-9410, CVE-2017-9411, CVE-2017-9412. (cherry picked from commit f269f31)
(cherry picked from commit 658335d)
See https://webkitgtk.org/security/WSA-2017-0008.html (cherry picked from commit aebae6c)
(cherry picked from commit 8262588)
(cherry picked from commit 8e5a590)
(cherry picked from commit de91732)
(cherry picked from commit 422fd6a)
(cherry picked from commit a203fd2)
(cherry picked from commit 2f50385)
(cherry picked from commit acc8d16)
(cherry picked from commit d72ae07)
(cherry picked from commit a502a95)
Fixes CVE-2017-15192, CVE-2017-15193, CVE-2017-15191, CVE-2017-15190, CVE-2017-15189. See https://www.wireshark.org/docs/relnotes/wireshark-2.4.2.html. (cherry picked from commit 322fa6b)
(cherry picked from commit 4d92b5f)
(cherry picked from commit 0bb7a1b)
(cherry picked from commit dc240d2) They're relatively simple patches, used by Debian.
(cherry picked from commit bee61a0)
This is required by the new c5.* instance types. Note that this changes disk names from /dev/xvd* to /dev/nvme0n*. Amazon Linux has a udev rule that calls a Python script named "ec2nvme-nsid" to create compatibility symlinks. We could use that, but it would mean adding Python to the AMI closure... (cherry picked from commit 54da9cc)
This fixes #28768 because during an image build, Nix sees bad store timestamps and attempts to fix them, but can't fix them on a running system (due to being inside a builder). Since timestamps on the store are supposed to be 1 anyway, if we fix this, that fixes image building inside booted images made this way. Note that this adds quite a bit of noise to the output, because running `cptofs` under `faketime` causes a bunch of seemingly spurious error messages and my attempts to suppress them all failed. We'll fix it when `cptofs` gets a native timestamp preservation feature.
(cherry picked from commit ea40b0c)
Currently we wrap ssh so it can find the config file passed in by
<ssh-config-file>. If one however uses ProxyCommand ssh, then ssh that
is on PATH is taken (which is also unavailable when using nix-shell
--pure), which is the plain ${openssh}/bin/ssh.
This commit makes sure our wrapped ssh is available on PATH.
(cherry picked from commit f8eed5f)
(cherry picked from commit a6f62cf)
(cherry picked from commit 76dac3c)
make-disk-image: use faketime to get a consistent timestamp
(cherry picked from commit e62e4c1)
Also switch to downloading tarball from official source URL to allows verification of digital signature. (cherry picked from commit ba7c23e)
Includes security fixes for CVE-2017-15398 and CVE-2017-15399. Also fixes builds for beta and dev branches: - backport https://webrtc-review.googlesource.com/9384 to fix build for new webrtc revision - for dev branch fix gn bootstrap, see https://chromium-review.googlesource.com/758584 - for 63+ manpage now is not generated during ninja build, it is processed with sed using packagers tools included in sources (cherry picked from commit 7105bb6)
The desktop file must be name "chromium-browser.desktop" because it is used as-is when setting chromium as the default browser. See https://cs.chromium.org/chromium/src/chrome/browser/shell_integration_linux.cc?l=657&rcl=34b92857a547538555be6a38e95f7e95ab9b6842 fixes #23518 (cherry picked from commit c7f00e3)
(cherry picked from commit ee0c629)
(cherry picked from commit 1806559)
(cherry picked from commit e19434b)
Adds support for nix1.12 and various improvements. (cherry picked from commit 6949cfa)
(cherry picked from commit f218ef6)
Based on linux 4.13 (cherry picked from commit a8a38fe)
(cherry picked from commit b8cc69b)
Since lkl/linux#394 cptofs preserves the source time, which is 1970-01-01T00:00:01Z for /nix/store and recent for other files. This reverts commit f5b3f2c. (cherry picked from commit a84ce72)
jascase901
requested review from
edolstra,
edwtjo,
FRidh,
nbp,
peti and
zimbatm
as code owners
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
Godot will occasionally crash without this build option
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)