Vladimír Čunát
c89d27cd4f
[Backport staging-26.05] krb5: 1.22.1 -> 1.22.2 ( #528358 )
2026-06-05 18:24:00 +00:00
Vladimír Čunát
da38d3003c
[Backport staging-26.05] libpng: 1.6.56 -> 1.6.58 ( #528367 )
2026-06-05 18:21:12 +00:00
Vladimír Čunát
3fbfc3a7d4
[Backport staging-26.05] libxml2: 2.15.2 -> 2.15.3 ( #528361 )
2026-06-05 18:20:54 +00:00
Vladimír Čunát
9b87df5e52
[Backport staging-26.05] libde265: 1.0.19 -> 1.1.0 ( #528156 )
2026-06-05 12:49:32 +00:00
Vladimír Čunát
034f2a4018
[Backport staging-26.05] ghostscript: 10.07.0 -> 10.07.1 ( #527846 )
2026-06-05 12:47:47 +00:00
Vladimír Čunát
5f3aa3eb8a
[Backport staging-26.05] python3Packages.pyjwt: 2.12.1 -> 2.13.0 ( #527722 )
2026-06-05 12:46:41 +00:00
Vladimír Čunát
511702cf1d
[staging-26.05] nodejs: pin icu to newer version ( #525241 )
2026-06-05 12:43:34 +00:00
Vladimír Čunát
b0ef0762f7
[Backport staging-26.05] openapv: 0.2.1.2 -> 0.2.1.3 ( #521852 )
2026-06-05 12:40:44 +00:00
Marcus Ramberg
2c3e109910
[Backport staging-26.05] perl: backport security fixes ( #528366 )
2026-06-05 11:47:50 +00:00
Vladimír Čunát
2d355d1aba
libpng: 1.6.56 -> 1.6.58
...
Fixes: CVE-2026-34757 and CVE-2026-40930 (#528286 )
(cherry picked from commit 316db7c96c
2026-06-05 11:40:13 +00:00
Stig Palmquist
5613fd0d41
perl: backport security fixes
...
Perl ships with some CPAN modules vendored as "dual-life", this commit
inject updated versions certain modules directly from CPAN rather than
applying patches from upstream, as they can be tricky to maintain.
It also includes a patch for CVE-2026-8376 which affects 32-bit
platforms.
- perl: CVE-2026-8376
5e7f119eb2https://metacpan.org/release/HAARG/HTTP-Tiny-0.094/changes
- Compress-Raw-Zlib 2.222: CVE-2026-3381, CVE-2026-4176
https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.222/changes
- Compress-Raw-Bzip2 2.218
https://metacpan.org/release/PMQS/Compress-Raw-Bzip2-2.218/changes
- IO-Compress 2.220: CVE-2026-48959, CVE-2026-48961, CVE-2026-48962
https://metacpan.org/release/PMQS/IO-Compress-2.220/changes
- Archive-Tar 3.12: CVE-2026-42496, CVE-2026-42497, CVE-2026-9538
https://metacpan.org/release/BINGOS/Archive-Tar-3.12/changes
Assisted-by: Codex (OpenAI)
Signed-off-by: Stig Palmquist <git@stig.io >
(cherry picked from commit d59aeb80e5
2026-06-05 11:40:01 +00:00
Grimmauld
2c2c8a3587
libxml2: 2.15.2 -> 2.15.3
...
Changelog: https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.15.3/NEWS
Fixes CVE-2026-6732
Other security issues fixed here seem to not have CVEs assigned (yet)
(cherry picked from commit efef7d2661
2026-06-05 11:36:26 +00:00
Robert Schütz
3cff9ef0a7
krb5: patch CVE-2026-40355 and CVE-2026-40356
...
(cherry picked from commit a42608a7a8
2026-06-05 11:34:26 +00:00
Robert Schütz
b3a92ec281
krb5: 1.22.1 -> 1.22.2
...
Changelog: https://web.mit.edu/Kerberos/krb5-1.22/
(cherry picked from commit 5a91325042
2026-06-05 11:34:26 +00:00
Vladimír Čunát
d8418ebb92
[Backport staging-26.05] libgcrypt: 1.11.2 -> 1.12.2 ( #527415 )
2026-06-05 11:28:18 +00:00
Vladimír Čunát
3a952ad561
[Backport staging-26.05] bzip2: patch CVE-2026-42250 ( #527237 )
2026-06-05 11:25:25 +00:00
Vladimír Čunát
8161a9155d
[Backport staging-26.05] publicsuffix-list: 0-unstable-2026-03-26 -> 0-unstable-2026-05-13 ( #525559 )
2026-06-05 11:20:38 +00:00
Vladimír Čunát
fe54ac146d
[Backport staging-26.05] freetype: 2.14.2 -> 2.14.3 ( #524002 )
2026-06-05 11:14:54 +00:00
Vladimír Čunát
8b50e17d3b
[Backport staging-26.05] libcaca: apply patch for CVE-2026-42046 ( #524000 )
2026-06-05 11:13:33 +00:00
Vladimír Čunát
55cf3e5a10
[Backport staging-26.05] assimp: 6.0.4 -> 6.0.5 ( #523879 )
2026-06-05 11:12:31 +00:00
Vladimír Čunát
fbec72d1b0
[Backport staging-26.05] simdjson: 4.6.0 -> 4.6.4 ( #523704 )
2026-06-05 11:10:40 +00:00
Vladimír Čunát
b5c07ef6a7
[Backport staging-26.05] openexr: 3.4.10 -> 3.4.11 ( #521437 )
2026-06-05 11:08:37 +00:00
Vladimír Čunát
32bd001eda
[Backport staging-26.05] expat: 2.8.0 -> 2.8.1 ( #519179 )
2026-06-05 11:08:00 +00:00
Arian van Putten
1e9e31c450
[Backport staging-26.05] systemd: 260.1 -> 260.2 ( #528146 )
2026-06-05 11:06:51 +00:00
nixpkgs-ci[bot]
c796d1c729
Merge staging-next-26.05 into staging-26.05
2026-06-05 00:53:39 +00:00
nixpkgs-ci[bot]
835b2cc652
Merge release-26.05 into staging-next-26.05
2026-06-05 00:53:01 +00:00
Adam C. Stephens
cc598dfd09
[Backport release-26.05] dexter: 0.6.0 -> 0.7.0 ( #528130 )
2026-06-04 23:13:20 +00:00
Martin Weinelt
5bd4198393
[Backport release-26.05] python3Packages.django_6: 6.0.5 -> 6.0.6] ( #528045 )
2026-06-04 23:05:52 +00:00
nixpkgs-ci[bot]
d3c462ac49
[Backport release-26.05] redis: 8.6.3 -> 8.8.0 ( #524824 )
2026-06-04 22:48:17 +00:00
Robert Schütz
ca8d5775de
libde265: 1.0.19 -> 1.1.0
...
Diff: https://github.com/strukturag/libde265/compare/v1.0.19...v1.1.0
Changelog: https://github.com/strukturag/libde265/releases/tag/v1.1.0
(cherry picked from commit eb64ffdbce
2026-06-04 22:45:27 +00:00
Martin Weinelt
ec3a9fca7c
pretix: relax diango-formtools constraint
2026-06-05 00:37:26 +02:00
dotlambda
7b984d24d6
[Backport staging-26.05] libde265: 1.0.18 -> 1.0.19 ( #524348 )
2026-06-04 22:36:28 +00:00
r-vdp
9bcbc7814a
systemd: drop upstreamed tmpfiles noatime patch
...
(cherry picked from commit 3dbcb86c1f
2026-06-04 21:48:10 +00:00
R. Ryantm
8981bd36a7
systemd: 260.1 -> 260.2
...
(cherry picked from commit d08a97a026
2026-06-04 21:48:10 +00:00
Michele Guerini Rocco
fa9f5ebead
[Backport release-26.05] nixos/wireless: restrict chown /etc/wpa_supplicant scope ( #528087 )
2026-06-04 21:34:53 +00:00
Adam C. Stephens
bfff353b19
dexter: 0.6.0 -> 0.7.0
...
Diff: https://github.com/remoteoss/dexter/compare/v0.6.0...v0.7.0
Changelog: https://github.com/remoteoss/dexter/blob/refs/tags/v0.7.0/CHANGELOG.md
(cherry picked from commit c5ebd4868c
2026-06-04 20:55:46 +00:00
Emily
0fb5349b52
[Backport release-26.05] ungoogled-chromium: 148.0.7778.215-1 -> 149.0.7827.53-1 ( #528125 )
2026-06-04 20:53:23 +00:00
emilylange
ee250790b6
ungoogled-chromium: 148.0.7778.215-1 -> 149.0.7827.53-1
...
https://developer.chrome.com/blog/new-in-chrome-149
https://developer.chrome.com/release-notes/149
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
(cherry picked from commit 193479f2bb
2026-06-04 20:45:41 +00:00
Adam C. Stephens
07970dac16
[Backport release-26.05] beamMinimal27Packages.erlang: use upstream doc target patch ( #527837 )
2026-06-04 20:30:23 +00:00
Leona Maroni
631eaabe38
[Backport release-26.05] keycloak: 26.6.2 -> 26.6.3 ( #528084 )
2026-06-04 20:08:30 +00:00
nixpkgs-ci[bot]
c267482b1b
[Backport release-26.05] kimai: 2.57.0 -> 2.58.0 ( #528082 )
2026-06-04 19:59:21 +00:00
Felix Bargfeldt
54514c3bb9
[Backport release-26.05] glance: 0.8.4 -> 0.8.5 ( #528090 )
2026-06-04 19:33:18 +00:00
Marcin Serwin
d8c71d9bad
[Backport release-26.05] polyml: move to by-name and various fixes ( #527988 )
2026-06-04 19:27:09 +00:00
jaredmontoya
bd0cdc7b33
glance: 0.8.4 -> 0.8.5
...
(cherry picked from commit 397879d831
2026-06-04 19:25:36 +00:00
rnhmjoj
1459fad584
nixos/wireless: restrict chown /etc/wpa_supplicant scope
...
Otherwise the recursive chown can fail, hence wpa_supplicant doesn't
start, if some read-only file has been bind-mounted into
/etc/wpa_supplicant.
This can happen if one uses `extraConfigFile` to add a file that is
under /etc/wpa_supplicant.
(cherry picked from commit 197a055a02
2026-06-04 19:23:36 +00:00
transcaffeine
a010a9b728
keycloak: 26.6.2 -> 26.6.3
...
Release notes: https://github.com/keycloak/keycloak/releases/tag/26.6.3
Full changelog: https://github.com/keycloak/keycloak/compare/26.6.2...26.6.3
(cherry picked from commit 8e6c666e62
2026-06-04 19:19:57 +00:00
R. Ryantm
284fa832b1
kimai: 2.57.0 -> 2.58.0
...
(cherry picked from commit a8b0f5bbe8
2026-06-04 19:13:53 +00:00
Nick Cao
20042a1ebc
[Backport release-26.05] python3Packages.stanza: 1.12.0 -> 1.12.1 ( #527485 )
2026-06-04 18:42:51 +00:00
Marcus Ramberg
d030f73856
[Backport release-26.05] vivaldi: 8.0.4033.34 -> 8.0.4033.42 ( #528025 )
2026-06-04 18:36:25 +00:00
Felix Bargfeldt
202285dc76
[Backport release-26.05] zipline: 4.6.1 -> 4.6.2 ( #528040 )
2026-06-04 17:41:42 +00:00
