Commit graph

1,006,199 commits

Author SHA1 Message Date
Jhonas Wernery
e2264a950e
[Backport release-26.05] docker: 29.5.2 -> 29.5.3 (#530037) 2026-06-11 13:16:14 +00:00
K900
14b5973c79
[Backport release-26.05] bootspec: honor boot.kernel.enable (#530724) 2026-06-11 13:07:38 +00:00
Fernando Rodrigues
be5d77056f
[Backport release-26.05] xen: patch with XSAs 490 through 494 (#530419) 2026-06-11 13:07:08 +00:00
K900
1041fb01e5 bootspec: honor boot.kernel.enable
WSL and other container-brained-but-not-really systems may not want a kernel,
and now that bootspec is no longer optional, this pulls one in anyway.

(cherry picked from commit 1fdf8fd586)
2026-06-11 13:02:51 +00:00
Yt
1ffcb565f7
[Backport release-26.05] beamPackages.buildMix: fix install hooks not running (#530578) 2026-06-11 11:49:34 +00:00
Marie Ramlow
88a9d48c8a
[Backport release-26.05] transmission_4: 4.1.1 -> 4.1.2 (#530686) 2026-06-11 11:23:03 +00:00
nixpkgs-ci[bot]
d7c966b18f
[Backport release-26.05] kdash: fix source hash (#530653) 2026-06-11 10:48:13 +00:00
nixpkgs-ci[bot]
c1c3833eba
[Backport release-26.05] jenkins: 2.555.2 -> 2.555.3 (#530650) 2026-06-11 10:48:09 +00:00
Michele Guerini Rocco
abe0c15399
[Backport release-26.05] doc: clarify how 26.05's wpa_supplicant changes affect the ctrl_interface (#530612) 2026-06-11 10:47:12 +00:00
Marie Ramlow
ff2ec7b73e transmission_4: 4.1.1 -> 4.1.2
Changelog: https://github.com/transmission/transmission/releases/tag/4.1.2
(cherry picked from commit da363d534f)
2026-06-11 10:16:40 +00:00
Yueh-Shun Li
7d39410a52
[Backport release-26.05] python3Packages.plover_{4,5}: install desktop entry (#530547) 2026-06-11 09:42:37 +00:00
Tom Hunze
928b5ea408 kdash: add meta.changelog
(cherry picked from commit d2784e8ba7)
2026-06-11 09:12:35 +00:00
Tom Hunze
bde96dbfc1 kdash: fix source hash
Diff: 1d03bb1915...ca137f9513
(cherry picked from commit c517dbed55)
2026-06-11 09:12:35 +00:00
Felix Singer
4fb969d2ad jenkins: 2.555.2 -> 2.555.3
Changelog: https://www.jenkins.io/changelog-stable/#v2.555.3

Signed-off-by: Felix Singer <felixsinger@posteo.net>
(cherry picked from commit 9a56cf4b86)
2026-06-11 09:01:52 +00:00
Markus Kowalewski
6c8827d7b5
[Backport release-26.05] zenoh: 1.4.0 -> 1.9.0 (#530057) 2026-06-11 07:54:06 +00:00
nixpkgs-ci[bot]
77c2ae302d
[Backport release-26.05] jasterix: fix tests (#530604) 2026-06-11 07:29:52 +00:00
Heman Gandhi
5ee5ac1341 doc: clarify how 26.05's wpa_supplicant changes affect the ctrl_interface
Closes #528867

(cherry picked from commit b8f80210b1)
2026-06-11 06:22:41 +00:00
Volker Diels-Grabsch
f55d4205a5 jasterix: fix tests
(cherry picked from commit 38248076ac)
2026-06-11 06:02:22 +00:00
Sizhe Zhao
bec07d8d93
[Backport release-26.05] python3Packages.helium: 7.0.1 -> 7.0.2 (#529430) 2026-06-11 05:55:00 +00:00
K900
dbe9187c9a
[Backport release-26.05] jasterix: init at 0.1.4 (#530046) 2026-06-11 05:53:35 +00:00
Kristoffer Søholm
a9e14abfd3 beamPackages.buildMix: fix install hooks not running
(cherry picked from commit 8d4f99eeca)
2026-06-11 03:04:14 +00:00
Ryan Burns
4cf32c804c
[Backport release-26.05] python3Packages.uefi-firmware-parser: add setuptools-scm to build dependencies (#530558) 2026-06-11 01:03:46 +00:00
Aaron Honeycutt
2838c6f7c4 python3Packages.uefi-firmware-parser: add setuptools-scm and remove wheel to build dependencies
(cherry picked from commit b6415185d2)
2026-06-11 00:58:51 +00:00
whispers
1a7e918dcd python3Packages.plover_{4,5}: install desktop entry
as is, plover has a desktop entry in the source tree but it is not
actually shipped in nixpkgs. we place it in the standard
$out/share/applications directory so it can be found by e.g. launchers.

(cherry picked from commit 7097b20ea1)
2026-06-10 23:42:44 +00:00
Gergő Gutyina
2781891821
[Backport release-26.05] gmic: 3.6.3 -> 3.7.6 (#527502) 2026-06-10 23:07:25 +00:00
Sandro
52b22ecc47
[Backport release-26.05] python314Packages.oslo-metrics: 0.14.0 -> 0.16.0, fetch from github (#529159) 2026-06-10 22:06:22 +00:00
Thomas Gerbet
3895b9377f
[Backport release-26.05] python3Packages.pypdf: 6.12.2 -> 6.13.2 (#530445) 2026-06-10 19:56:48 +00:00
nixpkgs-ci[bot]
fefb252c9b
[Backport release-26.05] localsend: set meta.donationPage (#530481) 2026-06-10 19:20:34 +00:00
Jost Alemann
1eff69b7f0 localsend: set meta.donationPage
(cherry picked from commit c88305b485)
2026-06-10 19:15:00 +00:00
Niklas Korz
64d91be6c2
[Backport release-26.05] librechat: 0.8.5 -> 0.8.6 (#528465) 2026-06-10 18:40:06 +00:00
Bjørn Forsman
4742b307fe
[Backport release-26.05] zigbee2mqtt: 2.11.0 -> 2.12.0 (#530461) 2026-06-10 18:38:26 +00:00
Martin Weinelt
9895960ce2 zigbee2mqtt: 2.11.0 -> 2.12.0
https://github.com/Koenkk/zigbee2mqtt/releases/tag/2.12.0
(cherry picked from commit 3342fa2e8f)
2026-06-10 18:27:27 +00:00
Bjørn Forsman
ac70601127
[Backport release-26.05] zigbee2mqtt: use pnpm_10 (#530444) 2026-06-10 18:06:56 +00:00
Robert Schütz
97a83e04f0 python3Packages.pypdf: 6.12.2 -> 6.13.2
Diff: https://github.com/py-pdf/pypdf/compare/6.12.2...6.13.2

Changelog: https://github.com/py-pdf/pypdf/blob/6.13.2/CHANGELOG.md
(cherry picked from commit 3d067b05b9)
2026-06-10 18:00:32 +00:00
Robert Schütz
8de9c7b85c zigbee2mqtt: use pnpm_10
(cherry picked from commit 7bed4ad810)
2026-06-10 18:00:16 +00:00
Bjørn Forsman
0d3b4b3214
[Backport release-26.05] zigbee2mqtt: 2.10.1 -> 2.11.0 (#530408) 2026-06-10 17:52:31 +00:00
Sandro
4af499d841
[Backport release-26.05] yt-dlp: 2026.03.17 -> 2026.06.09 (#530362) 2026-06-10 17:24:12 +00:00
Felix Bargfeldt
9cef74aabf
[26.05] ifstate: 2.3.0 -> 2.4.1 (#530418) 2026-06-10 16:47:26 +00:00
nixpkgs-ci[bot]
33ec505548
[Backport release-26.05] gridcoin-research: 5.5.0.0 -> 5.5.1.0 (#530147) 2026-06-10 16:42:57 +00:00
nixpkgs-ci[bot]
6875bc2952
[Backport release-26.05] digikam: 9.0.0 -> 9.1.0 (#530128) 2026-06-10 16:42:54 +00:00
Adam Rizkalla
834f739fc5 nixosTests.zenohd: fix test flakiness by adding QoS1 to mqtt pub
Signed-off-by: Adam Rizkalla <ajarizzo@gmail.com>
(cherry picked from commit 7aec908348)
2026-06-10 11:25:19 -05:00
Marcel
f3ca6e1101 ifstate: 2.3.0 -> 2.4.1
Diff: https://codeberg.org/routerkit/ifstate/compare/2.3.0...2.4.1

Changelog: https://codeberg.org/liske/ifstate/src/tag/2.4.1/CHANGELOG.md
(cherry picked from commit cce0ea2329)
2026-06-10 15:55:25 +00:00
Martin Weinelt
b00ba754a2 zigbee2mqtt: 2.10.1 -> 2.11.0
https://github.com/Koenkk/zigbee2mqtt/releases/tag/2.11.0
(cherry picked from commit 4dfe429dfd)
2026-06-10 15:44:48 +00:00
nixpkgs-ci[bot]
374fa933f5
[Backport release-26.05] talosctl: 1.13.3 -> 1.13.4 (#530375) 2026-06-10 15:19:30 +00:00
Fernando Rodrigues
96d850eec3 xen: patch with XSA-494
Xen Security Advisory CVE-2026-42488 / XSA-494
                               version 3

                   x86: mismatched mapcache metadata

Some shadow paging errors paths will switch the page-tables without
updating the currently running vCPU reference.  This causes a mismatch
between the loaded page-tables and the mapcache metadata which can lead
to corruption of the mapcache.

Privilege escalation, Denial of Service (DoS) affecting the entire host,
and information leaks.

https://xenbits.xen.org/xsa/advisory-494.html

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit c8ec62ac39)
2026-06-10 15:13:47 +00:00
Fernando Rodrigues
aa7b6244ec xen: patch with XSA-493
ARM-only issue. Despite us not supporting Aarch64 Xen on NixOS, it costs us
nothing to add the patches.

              Xen Security Advisory CVE-2025-10263 / XSA-493
                                 version 2

 Arm: Completion of memory accesses not guaranteed by completion of a TLBI

A hardware issue has been identified in certain Arm CPU designs.  A
broadcast TLBI on one PE may complete before affected memory accesses
on another PE are globally observed.  This may permit bypass of Stage 1
translation, Stage 2 translation, or GPT protection.

The erratum occurs when all of the following conditions are met:

 - A PE (PEx) executes a store.
 - Another PE (PEy) executes a TLBI instruction which applies to
   Stage 1 only information, Stage 1 and 2 information, or GPT
   information (but not Stage 2 only information), applies to the
   Inner Shareable or Outer Shareable domain containing PEx, and
   affects at least one of the bytes accessed by PEx's store.
 - PEy executes a DSB instruction which is sufficient to complete the
   TLBI instruction.
 - Complex micro-architectural conditions occur.

When all conditions are met, PEy's DSB may complete before the global
observation of a portion of PEx's store which was affected by the TLB
invalidation.  This store may complete at a later time, after memory
accesses which are ordered after the DSB.

The relevant TLB entries are invalidated correctly before the
completion of the DSB.  This erratum does not affect reads.

For more details, please refer to the Arm Security Center:
  https://developer.arm.com/Arm%20Security%20Center

A malicious guest may be able to write to memory it no longer has
permission to write to, after Xen has modified Stage 2 translation to
forbid writes to that location.  This could allow a guest to escalate
its privileges to that of the hypervisor.

https://xenbits.xen.org/xsa/advisory-493.html

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit 542f4fed39)
2026-06-10 15:13:46 +00:00
Fernando Rodrigues
0081a61996 xen: patch with XSA-492
Xen Security Advisory CVE-2026-42489,CVE-2026-42490 / XSA-492
                               version 3

                       domctl lock open to abuse

To create and manage guests, domctl operations are used by the control
domain, a possible Xenstore domain, or by a domain controlling a
particular guest.  Some of these operations may not be executed in
parallel, so a system-wide lock is used.  The way that lock is acquired
is, however, not providing any fairness.  This is CVE-2026-42489.

Furthermore, with XSM/Flask in use, the lock acquire will, for some
operations, occur ahead of any permission checking.  This is
CVE-2026-42490.

A less privileged entity may stall an equally or more privileged entity,
potentially leading to a Denial od Service (DoS) of up to the entire
host.

https://xenbits.xen.org/xsa/advisory-492.html

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit 3d1d9bee16)
2026-06-10 15:13:46 +00:00
Fernando Rodrigues
df50bc3950 xen: patch with XSA-491
Xen Security Advisory CVE-2026-42487 / XSA-491
                               version 2

                    x86 HVM I/O port list traversal

HVM guest I/O port accesses are subject to either emulation or at least
translation.  Translations are managed by the device model (via
XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed
at any time.  Traversal of those lists (while handling guest I/O port
accesses) therefore needs synchronizing with updates, which was missing
so far.

A device model of a HVM guest can cause a hypervisor crash, causing a
Denial of Service (DoS) of the entire host.  Privilege escalation and
information leaks cannot be ruled out.

https://xenbits.xen.org/xsa/advisory-491.html

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit 1629ccf012)
2026-06-10 15:13:46 +00:00
Fernando Rodrigues
c5efc36baa xen: patch with XSA-490
Released a while ago. We had difficulties adding it to Nixpkgs at the time as
our Xen needed to be updated to the .3 release.

            Xen Security Advisory CVE-2025-54518 / XSA-490

                   x86: CPU Opcode Cache corruption

AMD have disclosed a potential vulnerability in certain CPUs which can
cause instructions to execute at a higher privilege.

For more information, see:
  https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html

Code of any privilege could escalate to a higher privilege, including
userspace to kernel, and guest to host.

https://xenbits.xen.org/xsa/advisory-490.html

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit a343770e93)
2026-06-10 15:13:46 +00:00
Peder Bergebakken Sundt
e50b2e0799
[Backport release-26.05] mcp-nixos: fix darwin build (#530152) 2026-06-10 14:58:44 +00:00