Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 346200 to release 24.05 #346433

Closed
wants to merge 5,461 commits into from
Closed

Backport 346200 to release 24.05 #346433

wants to merge 5,461 commits into from

Conversation

MarcelCoding
Copy link
Member

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

JohnRTitor and others added 30 commits September 19, 2024 04:23
@JohnRTitor @github-actions
linuxPackages_latest.nct6687d: 0-unstable-2024-02-23 -> 0-unstable-20…
f92d957 
…24-09-02

(cherry picked from commit f8a752f)
@r-ryantm @github-actions
discord-ptb: 0.0.103 -> 0.0.105
33e1969 
(cherry picked from commit a597aac)
@JulienMalka
[Backport release-24.05] nixos/systemd-boot: Fix regression in builde…
2198681 
…r script (NixOS#342234)
@AMDmi3 @bobby285271
gnome.sushi: use actual upstream url as homepage
b768cf7 
(cherry picked from commit 9f3c106)
@bobby285271
[24.05] gnome.sushi: use actual upstream url as homepage (NixOS#343030)
94b8a9f
@Artturin
[Backport release-24.05] discord-ptb: 0.0.103 -> 0.0.105 (NixOS#343008)
039b7f6
@RafaelKr @github-actions
unit: fix php82 module argument
0a944de 
(cherry picked from commit f24fd1b)
@JohnRTitor
[Backport release-24.05] linuxPackages_latest.nct6687d: 0-unstable-20…
01c9cdd 
…24-02-23 -> 0-unstable-2024-09-02 (NixOS#342958)
@bjornfor @github-actions
nixos/prometheus-smartctl-exporter: fix NVMe scanning
04ba303 
smartctl_exporter already runs with SupplementaryGroups "disk", which
gives full access to SATA drives, but NVMe devices are owned by
root:root, resulting in no access:

  [...] msg="Smartctl open device: /dev/nvme0 failed: Permission denied"

This patch introduces a "smartctl-exporter-access" supplementary
group, and an udev rule with setfacl to give the exporter access to NVMe
drives, without changing the base root:root ownership.

Fixes NixOS#210041

(cherry picked from commit 86a6ef5)
@Shawn8901
linux_xanmod: 6.6.50 -> 6.6.51
a5b75d9 
(cherry picked from commit cf71c1d)
@Shawn8901
linux_xanmod_latest: 6.10.9 -> 6.10.10
436f3e0 
(cherry picked from commit 14dec03)
@r-ryantm @github-actions
dendrite: 0.13.7 -> 0.13.8
3fbb64e 
(cherry picked from commit 1389dc9)
@grahamc @github-actions
amazon-ssm-agent: add the system's software to the path
e6fb8a4 
Follow up to NixOS#342584.

Similarly to that PR, it is surprising that software which was installed by the user isn't available to a script run over ssm by default.

When executing commands with ssm, users will now have more predictable access to baked-in software instead of an extremely bare-minimum set currently there.

(cherry picked from commit 7547a1f)
@grahamc @github-actions
amazon-init: include the general system's software and wrappers in PATH
b1d27e1 
It is surprising that software which was installed by the user at AMI
generation time isn't available to a script run over user data by
default.

When authoring user data to execute at startup, users will now have
more predictable access to baked-in software instead of an extremely
bare-minimum set currently there.

(cherry picked from commit 76b614b)
@felschr @github-actions
tor-browser: 13.5.3 -> 13.5.4
3093d8e 
https://blog.torproject.org/new-release-tor-browser-1354/
(cherry picked from commit 9366f2b)
@adamcstephens
patroni: 3.3.2 -> 3.3.3
85eeb64 
https://github.com/patroni/patroni/blob/v3.3.3/docs/releases.rst#version-333
@adamcstephens
envoy: 1.30.5 -> 1.30.6
a219f9f 
https://github.com/envoyproxy/envoy/releases/tag/v1.30.6

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client
@adamcstephens
[release-24.05] patroni: 3.3.2 -> 3.3.3 (NixOS#343067)
7c1857a
@Raroh73 @github-actions
xone: fix kernel 6.11 compatibility
c34f195 
(cherry picked from commit ff4117b)
@fabianhjr
[Backport release-24.05] lowdown: patch to fix macOS and UTF-8 bugs (N…
bef6c7b 
…ixOS#342917)
@JohnRTitor
[Backport release-24.05] xone: fix kernel 6.11 compatibility (NixOS#3…
37a2371 
…43160)
@jnsgruk
[Backport release-24.05] lxd-unwrapped-lts: 5.21.1 -> 5.21.2 (NixOS#3…
b42d73b 
…28892)
@LeSuisse
[Backport release-24.05] unit: fix php82 module argument (NixOS#343040)
7af147e
@felschr
[Backport release-24.05] tor-browser: 13.5.3 -> 13.5.4 (NixOS#343119)
5a77153
@Aleksanaa @github-actions
nixVersions.nix_2_24: 2.24.6 -> 2.24.7
e8d65bf 
Diff: NixOS/nix@2.24.6...2.24.7
(cherry picked from commit 1517e22)
@Aleksanaa @github-actions
nixVersions.nix_2_18: 2.18.5 -> 2.18.7
c592dd0 
Diff: NixOS/nix@2.18.5...2.18.7
(cherry picked from commit 9d6e0fc)
@Aleksanaa @github-actions
nixVersions.git: 2.25.0pre20240910 -> 2.25.0pre20240920
d636676 
Diff: NixOS/nix@b9d3cdf...ca3fc16
(cherry picked from commit 4976e15)
@ghpzin @OPNA2608
rcu: disable build on hydra
d6475d2 
- rcu uses requireFile as src, so it cannot be built on Hydra

(cherry picked from commit fe0a550)
@Rutherther @github-actions
mautrix-meta: 0.3.2 -> 0.4.0
0c123ba 
This update cannot be done by the nixpkgs bot, as
the structure of the project has been changed, so why wait.

The mautrix-meta project has been moved under "cmd/mautrix-meta"
There is also "cmd/lscli", but since this package is mainly
about mautrix-meta, I think we can stay with this specific cmd.
If we wanted, we could switch to both of them by removing this
`subPackages` attribute.

(cherry picked from commit 9ef2c90)
@OPNA2608
rcu: Convert hash to SRI format
57729df 
Based on 2641d97, to allow easier backporting.
@github-actions github-actions bot added 6.topic: emacs 6.topic: printing 6.topic: rust 6.topic: policy discussion 6.topic: golang 6.topic: ruby 6.topic: vim 6.topic: ocaml 6.topic: fetch 6.topic: steam 6.topic: stdenv Standard environment 6.topic: nodejs 6.topic: pantheon The Pantheon desktop environment 6.topic: TeX Issues regarding texlive and TeX in general 6.topic: lua 6.topic: testing Tooling for automated testing of packages and modules 6.topic: systemd 6.topic: LXQt The Lightweight Qt Desktop Environment 6.topic: vscode 6.topic: flakes The experimental Nix feature 6.topic: lib The Nixpkgs function library 6.topic: jupyter Interactive computing tooling: kernels, notebook, jupyterlab 6.topic: julia 6.topic: php 8.has: maintainer-list (update) 6.topic: k3s 6.topic: llvm/clang Issues related to llvmPackages, clangStdenv and related 6.topic: dotnet Language: .NET labels Oct 4, 2024
@RossComputerGuy
Copy link
Member

Mass ping

@NixOS NixOS locked and limited conversation to collaborators Oct 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@adamcstephens adamcstephens Awaiting requested review from adamcstephens adamcstephens is a code owner

@mweinelt mweinelt Awaiting requested review from mweinelt mweinelt is a code owner

@RaitoBezarius RaitoBezarius Awaiting requested review from RaitoBezarius RaitoBezarius is a code owner

@ulrikstrid ulrikstrid Awaiting requested review from ulrikstrid ulrikstrid is a code owner

@winterqt winterqt Awaiting requested review from winterqt winterqt is a code owner

@corngood corngood Awaiting requested review from corngood corngood is a code owner

@bendlas bendlas Awaiting requested review from bendlas bendlas is a code owner

@emilylange emilylange Awaiting requested review from emilylange emilylange is a code owner

@jtojnar jtojnar Awaiting requested review from jtojnar jtojnar is a code owner

@kalbasit kalbasit Awaiting requested review from kalbasit kalbasit is a code owner

@katexochen katexochen Awaiting requested review from katexochen katexochen is a code owner

@Mic92 Mic92 Awaiting requested review from Mic92 Mic92 is a code owner

@zowoq zowoq Awaiting requested review from zowoq zowoq is a code owner

@mmahut mmahut Awaiting requested review from mmahut mmahut is a code owner

@RaghavSood RaghavSood Awaiting requested review from RaghavSood RaghavSood is a code owner

@aanderse aanderse Awaiting requested review from aanderse aanderse is a code owner

@drupol drupol Awaiting requested review from drupol drupol is a code owner

@globin globin Awaiting requested review from globin globin is a code owner

@Ma27 Ma27 Awaiting requested review from Ma27 Ma27 is a code owner

@talyz talyz Awaiting requested review from talyz talyz is a code owner

@figsoda figsoda Awaiting requested review from figsoda figsoda is a code owner

@adisbladis adisbladis Awaiting requested review from adisbladis adisbladis is a code owner

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice thoughtpolice is a code owner

@K900 K900 Awaiting requested review from K900 K900 is a code owner

@NickCao NickCao Awaiting requested review from NickCao NickCao is a code owner

@SuperSandro2000 SuperSandro2000 Awaiting requested review from SuperSandro2000 SuperSandro2000 is a code owner

@ttuegel ttuegel Awaiting requested review from ttuegel ttuegel is a code owner

@alyssais alyssais Awaiting requested review from alyssais alyssais is a code owner

@edwtjo edwtjo Awaiting requested review from edwtjo edwtjo is a code owner

@ajs124 ajs124 Awaiting requested review from ajs124 ajs124 is a code owner

@lukegb lukegb Awaiting requested review from lukegb lukegb is a code owner

@RossComputerGuy RossComputerGuy Awaiting requested review from RossComputerGuy RossComputerGuy is a code owner

@jbedo jbedo Awaiting requested review from jbedo jbedo is a code owner

@stigtsp stigtsp Awaiting requested review from stigtsp stigtsp is a code owner

@zakame zakame Awaiting requested review from zakame zakame is a code owner

@marcusramberg marcusramberg Awaiting requested review from marcusramberg marcusramberg is a code owner

@sternenseemann sternenseemann Awaiting requested review from sternenseemann sternenseemann is a code owner

@maralorn maralorn Awaiting requested review from maralorn maralorn is a code owner

@natsukium natsukium Awaiting requested review from natsukium natsukium is a code owner

@ElvishJerricco ElvishJerricco Awaiting requested review from ElvishJerricco ElvishJerricco is a code owner

@JulienMalka JulienMalka Awaiting requested review from JulienMalka JulienMalka is a code owner

@arianvp arianvp Awaiting requested review from arianvp arianvp is a code owner

@flokli flokli Awaiting requested review from flokli flokli is a code owner

@emilazy emilazy Awaiting requested review from emilazy emilazy is a code owner

@infinisil infinisil Awaiting requested review from infinisil infinisil is a code owner

@h7x4 h7x4 Awaiting requested review from h7x4 h7x4 is a code owner

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

@philiptaron philiptaron Awaiting requested review from philiptaron philiptaron is a code owner

Assignees
No one assigned
Labels
6.topic: dotnet Language: .NET 6.topic: emacs 6.topic: fetch 6.topic: flakes The experimental Nix feature 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: golang 6.topic: haskell 6.topic: julia 6.topic: jupyter Interactive computing tooling: kernels, notebook, jupyterlab 6.topic: k3s 6.topic: kernel 6.topic: lib The Nixpkgs function library 6.topic: llvm/clang Issues related to llvmPackages, clangStdenv and related 6.topic: lua 6.topic: LXQt The Lightweight Qt Desktop Environment 6.topic: nixos 6.topic: nodejs 6.topic: ocaml 6.topic: pantheon The Pantheon desktop environment 6.topic: php 6.topic: policy discussion 6.topic: printing 6.topic: python 6.topic: qt/kde 6.topic: ruby 6.topic: rust 6.topic: stdenv Standard environment 6.topic: steam 6.topic: systemd 6.topic: testing Tooling for automated testing of packages and modules 6.topic: TeX Issues regarding texlive and TeX in general 6.topic: vim 6.topic: vscode 8.has: changelog 8.has: documentation 8.has: maintainer-list (update) 8.has: module (update)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.